Cyber Security Event Analyst

LOCATION: Mons, Belgium

CLIENT: NATO

DURATION: 1 year with possible extensions

CONTRACT: Consultant

SALARY: Negotiable daily rate

WORK HOURS: Monday to Friday, normal working hours

CLEARANCE: NATO Secret

START DATE: 01/02/2019

TASKS

• This contractor will fill the cyber security event analyst position required for RSM (Resolute Support Mission)
• Contribute to the proper configuration of Afghan Mission Network (AMN)
  • Support Level 1 Event Analysts for AMN
  • Review the tickets
  • Support for analysis of events
  • Retrieval and support in the analysis of Full Packet Captures (FPC)
• Signature creation e.g. SNORT rules,
• Test and evaluation of signatures and rules prior to deployment in the operational environment
• Evaluation and implementation of sensor tuning requests
• Assistance in the support of legacy cyber sensor products
• Creation and updating of Standard Operating Procedures (SOPs) and Security Policies
• Provide, as requested, technical support to forensics investigation
• Ad-hoc tasking from the Incident Management Section (IMS) in support to investigations
• Write scripts to automate the repetitive tasks and have knowledge to interact with APIs
• Conduct and direct technical aspects of trend and threat analysis in order to optimise sensors and to propose modifications to audit policies to NATO security authorities
• Analyse and interpret advisories from national and non-government CERTs for their relevance to NATO CIS and the development of associated signatures and event correlation,
• Conduct online research, such as developing new methods of detecting and monitoring new threats, keeping abreast of developments in the cyber arena
• Review and refine the event analysis processes in order to optimise sensor configuration and correlation capabilities

REQUIREMENTS

• Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
• Proficiency in Network (TCP/IP) Engineering and secure network design
• Expert level in at least two of the following areas and a high level of experience in several of the other areas
• Security Incidents Event Management products (SIEM) – e.g. ArcSight, Splunk
• Network Based Intrusion Detection Systems (NIDS) – e.g. SourceFire, Page 4 of 4
• Full Packet Capture systems – e.g. Niksun, RSA/NetWitness
• Host Based Intrusion Detection Systems (HIDS)
• Configuration, operation, troubleshooting and management (i.e. Tools Specialist) of security tools and appliances
• A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
• Computer forensics tools (stand alone, online and network)
• Experience in writing scripts to automate repetitive tasks
• Experience in office communication and information systems
• Proficiency in Intrusion/Incident Detection and Handling
• Have one or more professional SANS certifications