Description
Cyber Security Events Analyst - Belgium
Contract period - 100 man-days - Rate: Market rate
Security clearance NATO COSMIC TOP SECRET required
Duties/role:
As Senior Security Event Analyst working embedded within NATO Security Operations Centre (NCIRC TC),This will include utilisation of log analysis, IDS/IPS, full packet capture and forensics tools across a distributed sensor network. You will be focusing on protection of NATO Missions network.
- Analysis of security events and ticket creation and support to Level 1 Event Analysts:
- Reviewing of tickets and support for analysis of events;
- Retrieval and support in analysis of Full Packet Captures (FPC);
- Provision of in-depth analysis after ticket escalation;
- New threat analysis; online research, such as creating developing new methods of detecting and monitoring new threats, keeping abreast of developments in cyber arena;
- Liaison with Tools Analysts; ensuring security infrastructure is configured, up to date and operational;
- Signature and rule creation: NIPS (Snort), SIEM (ArcSight), Full Packet Capture (Niksun, RSA);
- Test and evaluation of signatures and rules prior to deployment in operational environment;
- Evaluation and implementation of sensor tuning requests;
- Assistance in support of legacy cyber sensor products (Juniper IDS, ScreenOS);
- Provision of On-the-Job Training (OJT) for Level 1 event analysts, including tools familiarisation;
- Creation and updating of Standard Operating Procedures (SOPs) and Security Policies;
- Creation of security reports per request and analysis of Vulnerability Assessment results;
- Periodic internal meetings and ad-hoc tasking from Incident Management Section (IMS) in support to investigations
Skills, knowledge, experience required:
- Significant demonstrable experience (5+ years) in analysis and handling of network security related events and security event management in a SOC environment
- Experience / Education Equivalence: If candidate has relevant degree (e.g. Computer Security), this counts towards equivalence for demonstrable experience, however irrespective of the candidate's education, hands on experience within equivalent role is required. University degree will count towards max 2 years equivalent experience.
- Essential to have one or more professional SANS (e.g., GSEC, GCIA) certifications. CISSP or other relevant certifications will be considered an added benefit
- Expert level of management and analysis of security events and incidents (i.e. Security Event Analyst experience
- At least two of following areas at expert level, and high level of experience in several of other areas:
- Security Incidents Event Management products (SIEM) - e.g. ArcSight
- Network Based Intrusion Detection Systems (NIDS) - e.g. SourceFire/Snort
- Full Packet Capture systems - eg. Niksun, RSA/NetWitness
- Host Based Intrusion Detection Systems (HIDS)
- Configuration, operation, troubleshooting and management (i.e. Tools Specialist) of security tools and appliances
- Variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
- Computer Incident Response Centre (CIRT), Computer Emergency Response Team (CERT)
- Computer forensics tools (stand alone, online and network)
- Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc.
- Secure web design and development
- Military communication systems and networks
- Network, system and application level troubleshooting techniques