Food Server Qatar Duty Free
Posted on :
18-03-2024
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Req ID : 2336519
Cyber Security Analyst 1
- Working Location: Mons, Belgium
- Security Clearance: NATO Secret
- Language: High proficiency level in English language
EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
Comprehensive knowledge of the principles of computer and communications security including knowledge of TCP/IP networking, Windows and Linux operating systems
Broad understanding of common network security threats and mitigation techniques
Experience in the following:
Security information and event management products (SIEM) e.g. Splunk
Analysis of network based intrusion detection systems (NIDS) events e.g. FirePower, Palo Alto Network Threat Prevention
Analysis of logs from a variety of sources (e.g. firewalls, proxies, routers, DNS and other security appliances)
Network traffic capture analysis using Wireshark
Logical approach to analysis and ability to perform structured security investigations using large, complex datasets
Knowledge of endpoint detection and analysis techniques
Desirable Qualifications/Experience:
Holding industry leading certifications in the area of cyber security such as GCIA, GNFA, GCIH
Experience working in a security operations centre (SOC), Computer Incident Response Team (CIRT) or Computer Emergency Response Team (CERT)
Hands on experience with Splunk Enterprise Security and/or Splunk SOAR
Experience in the following areas:
Full packet capture systems e.g. Niksun, RSA/NetWitness
Host based intrusion detection systems (HIDS)
DUTIES/ROLE:
Triaging and investigating security alerts in Splunk Enterprise Security
Providing in-depth analysis of firewall, IDS, anti-virus and other network sensor events to report findings clearly
Enhancing investigations by leveraging the comprehensive extended toolset (e.g. Splunk, NIDS, FPC and SOAR)
Providing analyst expertise in response to ongoing cyber security incidents
Supporting the end-to-end incident handling process
Assisting in the management of internal block lists
Proposing security content optimisations and enhancements that help maintain and improve NATOs Cyber Security posture
Assisting in on boarding and training of new team members
Assuming the role of security analyst shift lead, assisting with team management and prioritisation of analyst workload
The main deliverables as CSA will be to:
Provide an average of 139 hours/month working in office as part of a predetermined 24/7 shift rota
Triage, analyse and respond to alerts. On average 300 500 alerts per day are expected. All critical alerts will be responded to within three hours
Deliver analysis and reports in response to tasks associated with ongoing investigations and incidents
Propose no fewer than five security content optimisations and enhancements per week
Oversee the production and release of bulletins for internal block lists, on average, three times per week
Review existing block lists and add new indicators of compromise to block lists, on average 20 per day
Create an average of two MISP events per week based on provided intelligence reports
Respond to ad-hoc tasks given by the service delivery manager and cell head
The service provider is expected to provide accurate and complete deliverables in accordance with internal processes
The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on-boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled
Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period
For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarisation and assessment process. Delivery of the service cannot begin until this is complete
Broad understanding of common network security threats and mitigation techniques
Experience in the following:
Security information and event management products (SIEM) e.g. Splunk
Analysis of network based intrusion detection systems (NIDS) events e.g. FirePower, Palo Alto Network Threat Prevention
Analysis of logs from a variety of sources (e.g. firewalls, proxies, routers, DNS and other security appliances)
Network traffic capture analysis using Wireshark
Logical approach to analysis and ability to perform structured security investigations using large, complex datasets
Knowledge of endpoint detection and analysis techniques
Desirable Qualifications/Experience:
Holding industry leading certifications in the area of cyber security such as GCIA, GNFA, GCIH
Experience working in a security operations centre (SOC), Computer Incident Response Team (CIRT) or Computer Emergency Response Team (CERT)
Hands on experience with Splunk Enterprise Security and/or Splunk SOAR
Experience in the following areas:
Full packet capture systems e.g. Niksun, RSA/NetWitness
Host based intrusion detection systems (HIDS)
DUTIES/ROLE:
Triaging and investigating security alerts in Splunk Enterprise Security
Providing in-depth analysis of firewall, IDS, anti-virus and other network sensor events to report findings clearly
Enhancing investigations by leveraging the comprehensive extended toolset (e.g. Splunk, NIDS, FPC and SOAR)
Providing analyst expertise in response to ongoing cyber security incidents
Supporting the end-to-end incident handling process
Assisting in the management of internal block lists
Proposing security content optimisations and enhancements that help maintain and improve NATOs Cyber Security posture
Assisting in on boarding and training of new team members
Assuming the role of security analyst shift lead, assisting with team management and prioritisation of analyst workload
The main deliverables as CSA will be to:
Provide an average of 139 hours/month working in office as part of a predetermined 24/7 shift rota
Triage, analyse and respond to alerts. On average 300 500 alerts per day are expected. All critical alerts will be responded to within three hours
Deliver analysis and reports in response to tasks associated with ongoing investigations and incidents
Propose no fewer than five security content optimisations and enhancements per week
Oversee the production and release of bulletins for internal block lists, on average, three times per week
Review existing block lists and add new indicators of compromise to block lists, on average 20 per day
Create an average of two MISP events per week based on provided intelligence reports
Respond to ad-hoc tasks given by the service delivery manager and cell head
The service provider is expected to provide accurate and complete deliverables in accordance with internal processes
The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on-boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled
Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period
For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarisation and assessment process. Delivery of the service cannot begin until this is complete
Employment Type
Full Time
Department / Functional Area
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
