NATOIS-0027 Cyber Threat Intelligence Researcher NS - THU 13 Mar
NATOIS-0027 Cyber Threat Intelligence Researcher NS - THU 13 Mar
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Deadline Date: Thursday 13 March 2025
Requirement: Cyber Threat Intelligence Researcher
Location: Brussels BE
Full Time OnSite: No
Time OnSite: 2days onsite 3 daysoff teleworking (can be also from outside Belgium)
Total Scope of the request (hours): On basis of 38 hours per week and 42 working weeks a total of 1596 hrs
Period of Performance: 2025 BASE: As soon as possible but no later than 28th April 31 December 2025 with possibility to exercise the following options:
2026 Option 01 Jan 2026 31 Dec 2026
2027 Option 01 Jan 2026 31 Dec 2027
Required Security Clearance: NATO SECRET
Special Terms and Conditions: The contractor will be responsible for complying with the respective national requirements for working permits visas taxes social security etc. whilst working on site at NATO HQ Brussels Belgium. No special status is either conferred or implied by the host organisation NATO HQ Brussels Belgium on to the contractor whilst working on site
Profile Description Summary: The Cyber Threat Analysis Branch (CTAB) is looking for a Cyber Threat Intelligence Researcher to support in the provision of technical cyber threat intelligence to the NATO Enterprise and Alliance through researching threat actors tactics techniques and procedures.
Division: NATO Joint Intelligence and Security Division
The Joint Intelligence and Security Division (JISD) under the leadership of the Assistant Secretary General for Intelligence and Security (ASG I&S) comprises two principal pillars: Intelligence headed by the Deputy ASG for Intelligence; and the NATO Office of Security (NOS) headed by the Deputy ASG for Security. Intelligence is responsible for ensuring the situational awareness of the North Atlantic Council and the Military Committee for the analysis of the indications and warnings in support of the NATO Crisis Response System and for the development of intelligence policies and capabilities for NATO. Its functional areas address: intelligence analysis and production intelligence policy and capability development.
The joint civilian and military Intelligence Production Unit (IPU) under the JISD delivers strategic intelligencebased analysis to support North Atlantic Council (NAC) and Military Committee (MC) decision making on strategic issues of concern. The IPU produces a range of planned and tasked intelligence products on regional issues in Eurasia Africa and the Middle East and on transnational issues such as hybrid warfare terrorism instability weapons of mass destruction and energy security.
The Cyber Threat Analysis Branch (CTAB) under the IPU is responsible for providing evidencebased assessments of the cyber threat landscape to empower NATO stakeholders to make riskinformed decisions. The multidisciplinary team combines allsource data with cutting edge technologies to support and enhance the Alliance leaderships understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis cyber threat intelligence and threat hunting.
NATO POC for supervision and coordination purposes: Threat Research Team Lead
Background: The contractor (Cyber Threat Intelligence Researcher) will support the work of the Cyber Threat Analysis Branch and help conduct research into threat actors tactics techniques and procedures and will create accurate actionable and relevant technical reporting of interest to the Alliance.
Objectives:
Create scripts and queries to accurately track threat actor infrastructure and tools using commercial and opensource information and tools;
Write technical threat intelligence products including detection signatures meant for network defenders to aid network defence threat hunting and adversary emulation efforts;
Aid in translating technical cyber threat intelligence into operational and strategic intelligence products to inform decisionmakers at NATO.
Duties and Role:
Use the CTAB Cyber Threat Intelligence Platform and other sources to conduct research into prioritized cyber threat actors to discover new infrastructure and capabilities under the direction of the team lead.
Conduct pattern analysis on threat actor infrastructure to detect new malicious infrastructure and script and automate that detection to allow for threat intelligence at scale.
Find and analyse potential new cyber threats to NATO based on existing or novel techniques and scripts and correlate with all available sources to establish an adequate threat picture.
Translate threat actor tactics techniques and procedures into actionable intelligence for 1 network defenders through creating detection signatures contextualizing IoCs and writing standardized CTI products and 2 strategic cyber analysts for use in intelligence production to decision makers.
Support other threat researchers in their activities and advise and assist strategic cyber threat analysts in understanding complex technical topics.
Reporting:
Report weekly in team standups on progress Deliverables
Actionable accurate and relevant cyber threat intelligence products that contain behavioral intelligence for network defenders and other cyber threat analysts.
Constant delivery of findings mostly comprising indicators of compromise and MITRE techniques on novel threat actor infrastructure and malware based on assigned threat actors.
Scripts and methodologies that improve on current processes and tooling and enhance NATOs ability to track adversaries in cyberspace.
Requirements
REQUIRED EXPERTISE AND QUALIFICATION:
- The candidate must have a currently active NATO SECRET security clearance
- Cybersecurity oriented university degree (information technology computer science etc. or equivalent completed advanced vocational training;
- At least 2 years of experience with producing or working with cyber threat intelligence.
- Knowledge and experience in analysis of various threat actor groups attack patterns and tactics techniques and procedures (TTPs) to produce actionable threat intelligence to enable network and host defences in organizations with demonstrable impact.
- Experience with and knowledge of the intelligence lifecycle analytical tradecraft and frameworks such as MITRE ATT&CK.
- Good communication skills both orally and written. Able to translate complex technical topics into information conveyable to nondomain experts. Can easily cooperate with other threat researchers by taking and giving feedback.
- Knowledge of network and system fundamentals and experience in any of the following cybersecurity fields: network monitoring threat hunting incident response red teaming host/network forensics or reverse engineering.
- Experience with programming in scripting languages such as Python
- Possession of industry recognized cybersecurity certificates such as SANS GIAC or Offensive Security.
- Possess the following minimum levels of NATOs official languages (English): V (Advanced)
Employment Type
Contract
