Cyber Threat Hunter (SOC Detection Engineering) for NATO with security clearance

Would you like to join the leading international intergovernmental organization

The Threat Hunting Analyst will be responsible for proactively identifying analyzing and mitigating cyber threats within the NATO Cyber Security Centre (NCSC) environment. The role requires a blend of independent initiative and collaborative teamwork with a focus on enhancing detection prevention and response capabilities through continuous improvement technical innovation and stakeholder engagement.

Responsibilities:

• Prioritize plan and execute threat hunts.

Can work independently as well as part of the team.

Highlight improvements on the detection and prevention methods (IDS SIEM content for correlation modification of security settings etc).

Pro -active engagement with the Cyber Community internal to NATO.

Monthly reporting on approved KPIs.

Creation/maintenance of Standard Operating Procedures (SOPs) to support all aspects of their role.

Monthly reporting to both the Customer and Business Stake Holders.

Assist NCSC when required in support to Cyber Incident Analysis and Response.

Production of high quality hypotheses and detection use cases documented in the centralized knowledge base of NCSC.

Advise on test and implement Data Analysis Artificial Intelligence and Machine Learning technologies to augment and improve existing NCSC process

Improvement of NCSC processes for receiving searching analysing and storing cyber threat data.

Regular at least monthly Knowledge Transfer meetings with appropriate stakeholders focusing on:

Successes and setbacks

Lessons identified/learned

Improvements to the Cyber Security processes currently in use within NCSC.

Essential Qualifications & Experience:

• Significant demonstrable experience in Cyber Security related

• environment.

Excellent analytical and hypothetical thinking.

Experience in liaising at both the technical and managerial level the incumbent must have excellent written and spoken communication skills.

Experience in producing accurate and meaningful reports both technical and managerial on activities related to Cyber Security.

Able to organize and lead.

Able to work as part of a team and under direction of a higher authority.

Strong collaboration and interpersonal skills.

Pattern Recognition/Deductive Reasoning

Highly Desirable to have one or more advanced professional SANS (500/600/700) certifications (e.g. GCIA GCFA GNFA GREM) or with the same level of quality.

Demonstrable self-learning capability on complex technical subjects.

Knowledge and practice of Data Analytics Data Mining Data Enrichment Artificial Intelligence and connected concepts such as Large Language Models Retrieval Augmented Generation Machine Learning;

A good understanding in at least three of these areas:

Network Based Intrusion Detection Systems (NIDS) Host Based Intrusion Detection Systems (HIDS) Network security appliances and networking devices and associated management software. A variety of Security Event generating sources at network and host level (e.g. Firewalls IDS Routers Security Appliances )

Computer Forensics Tools (stand alone online and network)

Computer Security Tools (Vulnerability Assessment Anti-Virus Anti-Spyware etc.)

Network protocols

Scripting languages (PowerShell/Python/).

Ability to effectively manage own workload in a high tempo environment to Time Quality and Standards.

Ability to effectively communicate technical solutions to various audiences both technical and non-technical.

Be self-motivated and driven.

Ability to work in an International environment embedded in the Customers location in mainland Europe (Belgium).

If youve read the description and feel this role is a great match wed love to hear from you! Click Apply for this job to be directed to a brief questionnaire. It should only take a few moments to complete and well be in touch promptly if your experience aligns with our needs.