##NC25CS001 - Threat Hunting Analyst - Closed
(Flexible) Deadline: January 6, 2025
Requester: NATO
Location: Mons, Belgium.
Job type: Contractor
Start date: February 24, 2025 (Flexible)
Security clearance: NATO Secret
SCOPE OF WORK / DUTIES / ROLES
-
Under the guidance of the Section Head and Team Leader, the incumbent will carry out the following duties:
-
Prioritize, plan and execute threat hunts;
-
Can work independently, as well as part of the team;
-
Highlight improvements on the detection and prevention methods (IDS, SIEM content for correlation, modification of security settings, etc…);
-
Pro-active engagement with the Cyber Community internal to NATO;
-
Monthly reporting on approved KPIs;
-
Creation/maintenance of Standard Operating Procedures (SOPs) to support all aspects of their role;
-
Monthly reporting to both the Customer and Business stakeholders;
-
Assist NCSC, when required, in support of Cyber Incident Analysis and Response;
-
Production of high-quality hypotheses and detection use cases documented in the centralized knowledge base of NCSC;
-
Advise on, test and implement Data Analysis, Artificial Intelligence and Machine Learning technologies to augment and improve existing processes;
-
Improvement of processes for receiving, searching, analysing, and storing cyber threat data;
-
Regular, at least monthly, Knowledge Transfer meetings with appropriate stakeholders, focusing on;
-
Successes and setbacks;
-
Lessons identified/learned;
-
improvements to the Cyber Security processes currently in use within the organisation.
REQUIRED SKILLS, KNOWLEDGE AND EXPERIENCE
-
Significant demonstrable experience in Cyber Security related environments;
-
Excellent analytical and hypothetical thinking;
-
Experience in liaising at both the technical and managerial level, the incumbent must have excellent written and spoken communication skills;
-
Experience in producing accurate and meaningful reports, both technical and managerial, on activities related to Cyber Security;
-
Able to organize and lead;
-
Able to work as part of a team and under the direction of a higher authority;
-
Strong collaboration and interpersonal skills;
-
Pattern Recognition/Deductive Reasoning;
-
Highly Desirable to have one or more advanced professional SANS (500/600/700) certifications (e.g., GCIA, GCFA, GNFA, GREM,…) or with the same level of quality;
-
Demonstrable self-learning capability on complex technical subjects;
-
Knowledge and practice of Data Analytics, Data Mining, Data Enrichment, Artificial Intelligence and connected concepts such as Large Language Models, Retrieval Augmented Generation, and Machine Learning;
-
A good understanding in at least three of these areas:
Network-based Intrusion detection systems (NIDS), host-based intrusion detection systems (HIDS), network security appliances and networking devices, and associated management software. A variety of Security Event generating sources at network and host levels (e.g. Firewalls, IDS, Routers, Security Appliances, …);
-
Computer Forensics Tools (stand-alone, online and network);
-
Computer Security Tools (Vulnerability Assessment, Anti-Virus, Anti-Spyware; etc.),
-
Network protocols;
-
Scripting languages (PowerShell/Python/…);
-
Ability to effectively manage own workload in a high tempo environment to Time, Quality and Standards;
-
Ability to effectively communicate technical solutions to various audiences, both technical and non-technical;
-
Be self-motivated and driven;
-
Ability to work in an International environment embedded in the Customer's location in mainland Europe (Belgium).
This position is now closed.
We regularly add new positions. We suggest exploring other available opportunities and staying updated by following our LinkedIn page.
If you don’t find any suitable opportunities, you can send us your CV, as an open application. However, we will not submit you to any vacancies without your written consent.