C003950 Threat Hunting Analyst (NS) FRI 1 May RELAUNCH

Deadline Date: Friday 1 May 2026

Requirement: Threat Hunting Analyst

Location: Mons BE

Full Time On-Site: Yes

Time On-Site: 100%

Total Scope of the request (hours): 482

Required Start Date: 8 June 2026

End Contract Date: 31 December 2026

Required Security Clearance: NATO SECRET

Duties and Role:

• Prioritize plan and execute threat hunts.
• Can work independently as well as part of the team.
• Highlight improvements on the detection and prevention methods (IDS SIEM content for correlation modification of security settings etc).
• Pro-active engagement with the Cyber Community internal to NATO.
• Monthly reporting on approved KPIs.
• Creation/maintenance of Standard Operating Procedures (SOPs) to support all aspects of their role.
• Monthly reporting to both the Customer and Business Stake Holders.
• Assist NCSC when required in support to Cyber Incident Analysis and Response.
• Production of high quality hypotheses and detection use cases documented in the centralized knowledge base of NCSC.
• Advise on test and implement Data Analysis Artificial Intelligence and Machine Learning technologies to augment and improve existing NCSC process
• Improvement of NCSC processes for receiving searching analysing and storing cyber threat data.
• Regular at least monthly Knowledge Transfer meetings with appropriate stakeholders focusing on:
• Successes and setbacks
• Lessons identified/learned
• Improvements to the Cyber Security processes currently in use within NCSC.

Skill Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Significant demonstrable experience in Cyber Security related environment.
• Excellent analytical and hypothetical thinking.
• Experience in liaising at both the technical and managerial level the incumbent must have excellent written and spoken communication skills.
• Experience in producing accurate and meaningful reports both technical and managerial on activities related to Cyber Security.
• Able to organize and lead.
• Able to work as part of a team and under direction of a higher authority.
• Strong collaboration and interpersonal skills.
• Pattern Recognition/Deductive Reasoning
• Highly Desirable to have one or more advanced professional SANS (500/600/700) certifications (e.g. GCIA GCFA GNFA GREM) or with the same level of quality.
• Demonstrable self-learning capability on complex technical subjects.
• Knowledge and practice of Data Analytics Data Mining Data Enrichment Artificial Intelligence and connected concepts such as Large Language Models Retrieval Augmented Generation Machine Learning;
• A good understanding in at least three of these areas: Network Based Intrusion Detection Systems (NIDS) Host Based Intrusion Detection Systems (HIDS) Network security appliances and networking devices and associated management software. A variety of Security Event generating sources at network and host level (e.g. Firewalls IDS Routers Security Appliances ) Computer Forensics Tools (stand alone online and network) Computer Security Tools (Vulnerability Assessment Anti-Virus Anti-Spyware etc.) Network protocols Scripting languages (PowerShell/Python/).
• Ability to effectively manage own workload in a high tempo environment to Time Quality and Standards.
• Ability to effectively communicate technical solutions to various audiences both technical and non-technical.
• Be self-motivated and driven.
• Ability to work in an International environment embedded in the Customers location in mainland Europe (Belgium).

Required Experience:

IC