Electrical Engineer
Posted on :
18-03-2024
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Req ID : 2336518
Senior Incident Detection Analyst - Cloud Security
- Working Location: Mons, Belgium
- Security Clearance: NATO Secret
- Language: High proficiency level in English language
EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
2+ years of demonstrable experience in security monitoring and analysis of enterprise level cloud environments (AWS and/or Azure)
Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
Expertise in at least three of the following areas and a high level of experience in several of the other areas:
Security monitoring and analysis using a variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, EDR and AV)
Cloud architectures and technologies (AWS and/or Azure)
Managing security operations in public cloud services (AWS and/or Azure)
Microsoft Sentinel
AWS cloud security tools
Splunk ES suite and Splunk Search Processing Language (SPL)
Phantom SOAR playbook development
Security use case development aligned to the MITRE ATT&CK Framework
Desirable Qualifications/Experience:
Industry leading certification in the area of Cybersecurity, such as GCIA, GPCS, GCLD, GNFA, GCIH, CCSP, GSFE, GCFA, GCED, OSCP
A solid understanding of Information Security Practices relating to the Confidentiality, Integrity and Availability of information (CIA triad)
Experience working with Full Packet Capture Systems e.g. Niksun, RSA/NetWitness
Experience working with Host Based Intrusion Detection systems (HIDS)
Experience with Network Based Intrusion Detection Systems (NIDS) e.g. FirePower, Palo Alto Network Threat Prevention
Strong knowledge of malware families and network attack vectors
Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), in-depth analysis of threats across enterprise environments by combining security rules, content, policy and relevant datasets
Ability to analyse attack vectors against a particular system to determine attack surface
DUTIES/ROLE:
Provide subject matter expertise in the area of cyber security monitoring and detection within cloud infrastructure environments
Triage, analyse and respond to alerts originating from complex cloud infrastructure deployments and on-premise networks and security devices
Identify security gaps in NATO cloud security infrastructure, in addition to developing and maintaining new and existing use cases, using our on-premise SIEM solution (i.e., Splunk Enterprise Security)
Develop processes for cloud security monitoring, including documentation of all use cases
Review current log collection state for NATO cloud environments, identify gaps and suggest improvements
Analyse threat intelligence pertinent to cloud environments to identify any new and developing security risks
Propose and work towards automating repetitive tasks related to cloud security monitoring and detection
Provide training and support to other members of the organisation on the subject of cloud security best practices and incident response procedures
Be flexible and support your colleagues in securing NATO networks through ad hoc tasks
Ensure that the organisations cloud infrastructure and security practices comply with applicable laws, regulations, and industry standards
Provide an average of 139 hours/month working on-site, embedded in the NCSC Ops Branch located in SHAPE, Casteau, Belgium
Develop new alerts, searches, reports and dashboards for security monitoring and detection specific to cloud environments. Each use case must reference the MITRE attack framework
Triage, analyse and respond to alerts. All critical alerts will be responded to within three hours
The service provider is expected to take the initiative to identify detection gaps, monitor the latest threats and offer suggestions for new content to the management team. Where possible full coverage of the MITRE attack framework is required. In some cases, it may be necessary to leverage solutions provided within the cloud environment itself
Provide and maintain full documentation for all cloud use cases, detailing the purpose of the use cases, how the logic functions and the actions that should be taken during an investigation
Develop dashboards that can provide situational awareness related to the security of the organisations cloud security infrastructure. Including service KPIs and incident response metrics
Respond to ad hoc tasks given by the service delivery manager and cell head
Propose at least five security content optimisations and enhancements per week within cloud environment
The service provider is expected to provide accurate and complete deliverables in accordance with internal processes
The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on-boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled
Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period
For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarization and assessment process. Delivery of the service cannot begin until this is complete
Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
Expertise in at least three of the following areas and a high level of experience in several of the other areas:
Security monitoring and analysis using a variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, EDR and AV)
Cloud architectures and technologies (AWS and/or Azure)
Managing security operations in public cloud services (AWS and/or Azure)
Microsoft Sentinel
AWS cloud security tools
Splunk ES suite and Splunk Search Processing Language (SPL)
Phantom SOAR playbook development
Security use case development aligned to the MITRE ATT&CK Framework
Desirable Qualifications/Experience:
Industry leading certification in the area of Cybersecurity, such as GCIA, GPCS, GCLD, GNFA, GCIH, CCSP, GSFE, GCFA, GCED, OSCP
A solid understanding of Information Security Practices relating to the Confidentiality, Integrity and Availability of information (CIA triad)
Experience working with Full Packet Capture Systems e.g. Niksun, RSA/NetWitness
Experience working with Host Based Intrusion Detection systems (HIDS)
Experience with Network Based Intrusion Detection Systems (NIDS) e.g. FirePower, Palo Alto Network Threat Prevention
Strong knowledge of malware families and network attack vectors
Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), in-depth analysis of threats across enterprise environments by combining security rules, content, policy and relevant datasets
Ability to analyse attack vectors against a particular system to determine attack surface
DUTIES/ROLE:
Provide subject matter expertise in the area of cyber security monitoring and detection within cloud infrastructure environments
Triage, analyse and respond to alerts originating from complex cloud infrastructure deployments and on-premise networks and security devices
Identify security gaps in NATO cloud security infrastructure, in addition to developing and maintaining new and existing use cases, using our on-premise SIEM solution (i.e., Splunk Enterprise Security)
Develop processes for cloud security monitoring, including documentation of all use cases
Review current log collection state for NATO cloud environments, identify gaps and suggest improvements
Analyse threat intelligence pertinent to cloud environments to identify any new and developing security risks
Propose and work towards automating repetitive tasks related to cloud security monitoring and detection
Provide training and support to other members of the organisation on the subject of cloud security best practices and incident response procedures
Be flexible and support your colleagues in securing NATO networks through ad hoc tasks
Ensure that the organisations cloud infrastructure and security practices comply with applicable laws, regulations, and industry standards
Provide an average of 139 hours/month working on-site, embedded in the NCSC Ops Branch located in SHAPE, Casteau, Belgium
Develop new alerts, searches, reports and dashboards for security monitoring and detection specific to cloud environments. Each use case must reference the MITRE attack framework
Triage, analyse and respond to alerts. All critical alerts will be responded to within three hours
The service provider is expected to take the initiative to identify detection gaps, monitor the latest threats and offer suggestions for new content to the management team. Where possible full coverage of the MITRE attack framework is required. In some cases, it may be necessary to leverage solutions provided within the cloud environment itself
Provide and maintain full documentation for all cloud use cases, detailing the purpose of the use cases, how the logic functions and the actions that should be taken during an investigation
Develop dashboards that can provide situational awareness related to the security of the organisations cloud security infrastructure. Including service KPIs and incident response metrics
Respond to ad hoc tasks given by the service delivery manager and cell head
Propose at least five security content optimisations and enhancements per week within cloud environment
The service provider is expected to provide accurate and complete deliverables in accordance with internal processes
The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on-boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled
Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period
For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarization and assessment process. Delivery of the service cannot begin until this is complete
Employment Type
Full Time
Department / Functional Area
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
