#NC26CSG187146 - Threat Hunting Analyst
Deadline: April 30, 2026
Requester: NATO
Location: Mons, Belgium
Job type: Contractor
Start date: June, 2026
Security clearance: NATO SECRET
SCOPE OF WORK / DUTIES / ROLES
-
Prioritize, plan and execute threat hunts;
-
Can work independently, as well as part of the team;
-
Highlight improvements on the detection and prevention methods (IDS, SIEM content for correlation, modification of security settings, etc…);
-
Pro -active engagement with the Cyber Community internal to NATO;
-
Monthly reporting on approved KPIs;
-
Creation/maintenance of Standard Operating Procedures (SOPs) to support all aspects of their role;
-
Monthly reporting to both the Customer and Business Stake Holders;
-
Assist NCSC, when required, in support to Cyber Incident Analysis and Response;
-
Production of high quality hypotheses and detection use cases documented in the centralized knowledge base of NCSC;
-
Advise on, test and implement Data Analysis, Artificial Intelligence and Machine Learning technologies to augment and improve existing NCSC process;
-
Improvement of NCSC processes for receiving, searching, analysing, and storing cyber threat data;
-
Regular, at least monthly, Knowledge Transfer meetings with appropriate stakeholders, focusing on:
- Successes and setbacks;
- Lessons identified/learned;
- Improvements to the Cyber Security processes currently in use within NCSC.
REQUIRED SKILLS, KNOWLEDGE AND EXPERIENCE
- Significant demonstrable experience in Cyber Security related environment;
- Excellent analytical and hypothetical thinking;
- Experience in liaising at both the technical and managerial level, the incumbent must have excellent written and spoken communication skills;
- Experience in producing accurate and meaningful reports, both technical and managerial, on activities related to Cyber Security;
- Able to organize and lead;
- Able to work as part of a team and under direction of a higher authority;
- Strong collaboration and interpersonal skills;
- Pattern Recognition/Deductive Reasoning;
- Highly Desirable to have one or more advanced professional SANS (500/600/700) certifications (e.g., GCIA, GCFA, GNFA, GREM,…) or with the same level of quality;
- Demonstrable self-learning capability on complex technical subjects;
- Knowledge and practice of Data Analytics, Data Mining, Data Enrichment, Artificial Intelligence and connected concepts such as Large Language Models, Retrieval Augmented Generation, Machine Learning;
- A good understanding in at least three of these areas:
- Network Based Intrusion Detection Systems (NIDS), Host Based Intrusion Detection Systems (HIDS), Network security appliances and networking devices and associated management software. A variety of Security Event generating sources at network and host level (e.g. Firewalls, IDS, Routers, Security Appliances, …);
- Computer Forensics Tools (stand alone, online and network);
- Computer Security Tools (Vulnerability Assessment, Anti-Virus, Anti-Spyware, etc.);
- Network protocols;
- Scripting languages (PowerShell/Python/…).
- Ability to effectively manage own workload in a high tempo environment to Time, Quality and Standards;
- Ability to effectively communicate technical solutions to various audiences, both technical and non-technical;
- Be self-motivated and driven;
- Ability to work in an International environment embedded in the Customer's location in mainland Europe (Belgium).
APPLY TO THIS POSITION