MISP Platform Engineer for NATO with security clearance

Would you like to join the leading international intergovernmental organization

We are seeking a MISP Platform Engineer & Cyber Threat Intelligence Specialist to join a multi-disciplinary team supporting the NATO Cyber Security Centre (NCSC). You will be part of a team responsible for the full lifecycle of MISP-based threat intelligence platforms from system administration and DevOps to data curation community management and dissemination.

Responsibilities:

1. MISP Platform Engineering & DevOps

• System Administration: Proactively manage and maintain multiple MISP environments (test production training) running MISP MISP-guard and Cerebrate software ensuring confidentiality integrity and availability in line with NATO security policies.

• Deployments & Patching: Regularly update MISP software to the latest version (typically monthly releases deployed within 14 weeks) including routine vulnerability patching and change management support.

• Infrastructure Scaling: Stand up configure and manage additional MISP MISP-guard and Cerebrate infrastructure as required including temporary infrastructure for missions exercises or training.

• Monitoring: Configure and extend system monitoring for MISP and MISP-guard instances.

• Incident Handling: Remediate operational issues with 24/7 on-call support; treat critical vulnerability reports as cyber security incidents.

• Documentation: Maintain installation/configuration guides technical architecture documentation and runbooks compliant with NATO policies.

2. Software Testing & Quality Assurance

• Test Strategy: Define a test strategy for the MISP platform covering manual GUI testing (org/user management CRUD operations sync scenarios) and automated API testing (using pytest or Robot Framework with PyMISP).

• Test Automation: Develop automated functional tests covering 90% of required API endpoints (analystData attributes events galaxies organisations roles servers etc.).

• Manual Testing: Create and execute manual test cases for basic MISP GUI functionality.

• Test Reporting: Produce test reports for each MISP release (typically monthly) with executive summaries issue severity classifications and acceptance statements.

3. MISP Community Management

• User Support: Provision organizations and users handle password/MFA resets refer users to documentation and forward technical issues to relevant personnel.

• SLA Compliance: Start work on resolution within 1 hour of request receipt during NCIA NCSC business hours (Mons/SHAPE).

• Ticket Management: Process support requests via the tool defined by the CSISS Service Delivery Manager.

4. Data Curation

• Best Practices Documentation: Research and document best practices for MISP data entry including data entry standards external source mapping validation guidelines and data quality feedback loops.

• Taxonomy & Galaxy Management: Document commonly used MISP taxonomies and galaxies with clear descriptions of tags and usage examples.

• Process Definition: Define processes for:

• Incoming MISP event processing (intake review assignment quality management dashboard creation)

• Access and distribution management (distribution settings dashboard access rules)

• Data lifecycle management (classifications lifecycle stages retention rules IOC aging)

• Operational Curation: Perform daily data curation: intake review validation tagging (taxonomies/galaxies) IOC lifecycle management quality improvement dashboard maintenance retention/archival and access compliance checks. Target data quality 95%.

5. Data Dissemination

• Process Definition: Define dissemination processes for MISP and other CTI products covering communication of available products/updates/actions user subscription mechanisms and release calendar management.

• Operational Dissemination: Distribute intelligence products updates alerts and notifications accurately securely and timely to appropriate stakeholders. Target dissemination accuracy 99%.

Essential Qualifications & Experience:

• Software Testing:5 years demonstrated experience in functional software testing

• LAMP Sysadmin:5 years as sysadmin with LAMP servers (Linux Apache MySQL/MariaDB PHP)

• RedHat:3 years experience with RedHat

• Python:3 years Python scripting experience

• MVC & Code Review:3 years experience in MVC software development and code review of web applications (PHP SQL)

• Data Analysis:3 years experience in data analysis

• Business Process:3 years experience defining and documenting business processes

• Cyber Threats:Very good technical understanding of cyber threats to web-based products

• Cyber Security Principles:Good understanding of cyber security principles best practices concepts and technology

• Soft Skills:Ability to work independently and in teams; monitor and support a team; support high-intensity military exercises for multiple weeks; excellent organising and communication skills

• Language:Good communications and writing skills in English

If youve read the description and feel this role is a great match wed love to hear from you! Click Apply for this job to be directed to a brief questionnaire. It should only take a few moments to complete and well be in touch promptly if your experience aligns with our needs.