Cyber Threat Engineer

Cyber Threat Engineer

• Working Location: Brussels, Belgium
  
• Security Clearance: NATO Secret
  
• Language: High proficiency level in English language
  

EXPERIENCE AND EDUCATION:

Essential Qualifications/Experience:

A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 3 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a contractor s particular abilities or experience that is/are of interest to the OCIO; that is, at least 7 years extensive and progressive expertise in the tasks related to the function of the cyber security threat research

Expert level in at least three of the following areas and a high level of experience in the other areas:

Knowledge of best practices for the software development life cycle, including coding standards, code reviews, and testing

Proficient in python

Experience in querying and manipulating data from a RESTful API

Experience in building dashboards using Splunk, Elastic, Grafana or other tools

Solid working knowledge of Linux command line

Experience in supporting an incident response or cyber threat intelligence team

Previous experience using and managing AWS VPCs

Have the ability to quickly learn tools and data languages with a steep learning curve

Experience in managing and orchestrating Docker containers

Knowledge of Vertex Synapse and its data language

Experience with data analytics

DevOps experience with cloud CI/CD workflows implementation

Experience with graph and hypergraph databases

Extend the cyber threat analysis platform with custom code (python and storm) deployed in Docker containers.

Measurement: Create python and storm extensions to the threat analysis platform in the form of git commits, describing the code commits and with additional comments in the code. Initial scripts developed within 60 days of arrival, and thereafter milestones will be ongoing and assessed on a quarterly basis

Measurement: Write user manuals and other documentation for the scripts and post on the team s central document repository. This work is tied to the timelines of the script development: first user manual within 60 days of arrival, and thereafter milestones will be ongoing and assessed on a quarterly basis

Build data pipelines between the backend database (Cortex hypergraph), data science tools and dashboards

Measurement: Store the developed code to connect the Cortex and other tooling on a git repository. Provide code within 30 days of arrival.

Measurement: Include documentation on our central documentation repository. Provide first documentation within 30 days of arrival and provide additional documentation as required

Improve the cloud architecture and help the team in migrating its more traditional cloud infrastructure to AWS cloud-native tooling (e.g. move Docker infrastructure to AWS ECS)

Measurement: Migrated services in AWS. Documentation provided within 10 working days of tasking

Create useful trending and threat card dashboards for the cyber threat analysts, by incorporating the analysts functional requirements

Measurement: Creation of dynamic dashboards that read data on the fly directly from the hypergraph database, using a python asyncio API

Measurement: Provide training to the analyst on how to use the dashboard and present its features