Description
CYBER SECURITY SYSTEM ENGINEER (Brussel's/Luxembourg)
Nature of Services
This service involves the management (implementation, integration, configuration and administration) of cyber security components to support operational security services.
Service providers are expected to take direct action on all or part of a cyber defence infrastructure and to act as the main interface between business and technical units, and they are recognized as ICT technical security expert by peers.
Cyber Security System Engineers provide expert support to other profiles (such as security analysts and incident handlers) and carry out fine-tuned configuration and customization of cyber defence components to maximize their efficiency and performance whilst minimizing the amount of false positive detection ratio. They also manage the security of the cyber security components they manage.
Reference Tasks
The following list of tasks applies to this reference profile.
This list is not exhaustive and may evolve in time, also depending on the type of assignment:
- ITIL process implementation and improvementr
- Installs, configures, maintains and upgrades cyber security components
- Monitor managed components and manage incidents and problems (ITIL definitions)
- Tune performances
Perform day-to-day system management such as
- user access management
- patch management
- Harden system and network components
- Develop, maintain and roll-out reference configurations (ITIL release and deployment management)
- Implement and follow security policies
- Elaborate and maintain system inventory/CMDB, system documentation, operating procedures
- Ensure appropriate testing before applying changes (change evaluation)
- Manage changes through a structured change management process (ITIL Change management)
- Report on service performances and availability, produce dashboards
- Design, develop, install, configure, test, monitor, maintain, troubleshoot and upgrade cyber security infrastructure
- Provide expertise, guidance, recommendations and documented security configurations for implementation of security tools and processes
- Produce detailed engineering specifications
- Evaluate and recommend secure configurations
- Identify security requirements, based upon need or translate high-level security requirements into detailed technical requirements
- Support various technical and non-technical stakeholders to specify and negotiate security requirements
- Interact with network and system engineering teams to effectively communicate and develop security solutions
- Drafts documentation and standard operational procedures to support security systems operations
- Ensures the technical design and contributes to implementation of new components and/or enhancements in coordination with other team members in particular project managers, security architects and engineers.
- Ensure DRP through appropriate back-ups methods to ensure RTO are met.
- Ensure service continuity for the managed components to defined SLAs.
- Ensure capacity planning
- Support security monitoring use-case engineering
- Security events collection technical design. Integration of log sources into a SIEM solution.
- Elaboration and translation of the security monitoring policy into monitoring rules
- Investigate, diagnose and solve system related problems
- Schedule installation work, liaising with all concerned to ensure that installation priorities are met and disruption to the organization is minimized.
- Diagnose and solve problems and faults occurring in the operation of cyber security components
SPECIFIC REQUIREMENTS
Specific Practice
- Network security engineering
- System security engineering
- Network security administration
- System security administration
- Security testing (functional and non-functional)
- Cryptography
Certifications
At least 1 certification among:
- GSEC (GIAC Certified Security Essentials)
- GCWN (GIAC Certified Windows Security Administrator)
- GCED (GIAC Certified Enterprise Defender)
- GCUX (GIAC Certified UNIX Security Administrator)
- ENSA (EC-Council Certified Network Administrator)
- Microsoft Certified System Center Configuration Manager
- MCSA (Microsoft Certified Solutions Associate)
- or an equivalent certification recognized internationally (subject to acceptance as a valid credential by the Contracting EU-I)
At least 1 certification among:
- GCIH (GIAC Certified Incident Handler)
- EC-Council Certified Disaster Recovery Professional
- MCSE (Microsoft Certified Solutions Expert)
- or an equivalent certification recognized internationally (subject to acceptance as a valid credential by the Contracting EU-I)
Methodologies
- SABSA (Sherwood Applied Business Security Architecture)
STIX (Structured Threat Information Expression) with a particular focus on the following related standards:
- CybOX (Cyber Observables)
- CAPEC (Attack Patterns)
- MAEC (Malware)
- TAXII (Threat Information Exchange)
Specific Skills
- ITIL implementation
- Ability to design, develop, install, configure, test, monitor, maintain, troubleshoot and upgrade at least one of the products mentioned in Annex 2 (Cyber Security supporting systems and applications at EU-I)
- Network Protocols (including IP, TCP, UDP, DNS, SMTP, Syslog-ng, HTTP, IP routing and fail-over protocols, IEEE 802.1x)
- Cryptographic solutions (including common standards and ciphers, symmetric and asymmetric encryption, PKI, HSM, Smartcards)
- Security protocols (including SSL/TLS, IPsec, VPN)
- Ability to write comprehensive documentation.
- Authentication, authorisation and accounting (including
- RADIUS, TACACS+, Kerberos)
- D 2 M 3
- Enterprise Active Directory and GPO development D 2 D 3 Auditing systems and networks for configuration weaknesses and vulnerabilities
- Hardening/Securing of Windows Servers and Desktops M 3 M 5
- Hardening/Securing of Unix-like systems (such as System V, Linux, BSD)
- Administration and task automation using Scripting and/or programming languages (eg Python, PowerShell, Perl, Java)