Second Line Security Event Analyst

DESCRIPTIF DE POSTE

As Second Line Security Event Analyst (SLSEA), the incumbent will provide detailed analysis of logs and network traffic. The role will involve determining the severity of security alerts through investigative analysis in addition to the following main responsibilities:

• Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team.
• Analyse firewall, IDS, anti-virus and other sensor-produced system security events and present findings.
• Provide detailed technical reports in support of incidents and capability improvements.
• Share security event/incident information with stakeholders via presentations and technical reports.
• Appropriately leverage the comprehensive extended toolset (e.g.Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc.) to identify malicious activity. Be able to recommend improvements to enable enhancing investigations.
• Propose possible optimisations and enhancements which help to maintain and improve NATO’s Cyber Security posture.
• Implement and support threat hunting activities; create use cases and technical reports when requested.
• Analyse intelligence information gathered from internal and external threat intelligence resources.
• Identify security gaps in NATO infrastructure and develop custom content utilising available toolset.
• Provide expert investigative support of large scale and complex security incidents.
• Develop and maintain SOAR playbooks.

PROFIL RECHERCHÉ

A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience.
Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 7 years extensive and progressive expertise in the duties related to the function of the post.

Mandatory

• Expert level in at least three of the following areas and a high level of experience in several of the other areas:
• Security Incidents Event Management products (SIEM) – e.g.Splunk. Skill, Knowledge & Experience:
• Network Based Intrusion Detection Systems (NIDS) – e.g.SourceFire, Palo Alto Network Threat Prevention.
• Host Based Intrusion Detection Systems (HIDS).
• Full Packet Capture systems – e.g. Niksun, RSA/NetWitness.
• A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances).
• Computer incident response centre (CIRT), computer emergency response team (CERT).
• Cloud-specific security tools. Splunk ES suite and Phantom SOAR.
• Proficiency in Intrusion/Incident Detection and Handling.
• Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications.
• Solid knowledge and experience in Splunk Enterprise Securitysuite. Exceptionally this requirement can be compensated with proven level of expertise in network analysis and threat hunting.

INFORMATIONS COMPLÉMENTAIRES

DESIRABLE:

• Industry leading certification in the area of Cybersecurity, such as GCIA, GNFA, GCIH.
• A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures.
• A solid understanding of Information Security Practices relating to the Confidentiality, Integrity and Availability of information (CIA triad).
• Solid knowledge and experience in threat hunting incorporate/government level environment.
• Strong knowledge of malware families and network attack vectors.
• Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets.
• Ability to analyze attack vectors against a particular system to determine attack surface.
• Ability to produce contextual attack models applied to a scenario.
• Hands on experience on monitoring cloud services.

informations

Contractor
1 year renewable
Mons, Belgique

VOIR NOS AUTRES OFFRES D'EMPLOI

Ingénieur Avant-Vente Télécom/SATCOM H/F

Suite à notre intégration au Groupe GLOBAL Technologies et pour poursuivre notre croissance soutenue tournée vers l’international, nous recherchons un Ingénieur Avant-Vente Télécom/SATCOM H/F. Sous la responsabilité hiérarchique du Responsable Avant-Vente et en étroite collaboration avec l’équipe commerciale, vous garantissez la production de propositions validées, dans les temps imposés par le client et au meilleur niveau de qualité possible. La taille des affaires dont vous aurez la charge pourra atteindre jusqu’à 30 M€/an.

Ingénieur Avant-Vente Télécom/SATCOM

Indéterminée

Jouy-en-Josas et Clichy

Administrateur Systèmes et Réseaux H/F

Sous la responsabilité du Directeur Technique du Groupe, vous êtes chargé d'assurer le bon fonctionnement de notre infrastructure informatique : poste de travail (fixes et mobiles), des serveurs, des réseaux et de la téléphonie.

Administrateur Systèmes et Réseaux

Indéterminée

CLICHY, France

Ingénieur Commercial Services et Support Client H/F

Rattaché(e) directement à la Direction Commerciale, vous aurez la charge de la gestion, de la défense et de l’agrandissement de notre portefeuille client, que vous devrez fidéliser en relation avec notre structure d’Avant-Vente.

Indéterminé

CDI

Clichy, FRANCE