Digital Forensics Tools Specialist

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID – C004289

Role Duties and Responsibilities

As part of a small team of technical experts, your main duties will be to:

• Design, set up, and manage a suite of digital forensics acquisition tools (ex.: F-Response, Velociraptor, X-Ways, Axiom) ensuring seamless integration with other technologies present on the network.
• Ensure that the deployment and operation of forensic and XDR tools (ex.: Fidelis, CrowdStrike, Cortex, Defender XDR) meet strict security requirements and comply with IT Service Management policies governing the network environment.
• Apply best practices in forensic workflow automation by leveraging tools and technologies like N8N, Ansible and Magnet Automate to enhance efficiency and reliability.
• Ensure that forensic tools are properly configured with the necessary routing and network rules, enabling secure and reliable access across different segments of the network.
• Lead or contribute to the creation and ongoing maintenance of comprehensive documentation and Standard Operating Procedures (SOPs) to support operational continuity and compliance.
• Collaborate closely with team members and end users to incorporate feedback, continuously improving the quality and effectiveness of the delivered digital forensics capabilities.
• They provider shall deploy, configure, and maintain the suite of digital forensics and XDR tools, ensuring all systems are kept up to date in accordance with IT Service Management (ITSM) processes. They are expected to integrate user feedback and implement enhancements to improve usability and effectiveness, which may include developing automation scripts or custom configurations to meet operational requirements.

Essential Skills and Experience

• Strong knowledge and experience in deploying, managing and maintaining forensics and XDR tools in complex environments;
• Solid understanding of digital forensic methodologies and principles;
• Have an in-depth understanding of infrastructure concepts related to Hosting, Networks, IP address Management, firewalls, certificates, Load balancing and Proxy;
• Knowledge and demonstrable experience with scripting languages and integration tools including PowerShell, Python, Bash, Batch and Ansible;
• Good understanding of cyber security concepts;
• Good understanding of network communication protocols;
• Good verbal and written communication skills in English;
• Strong team-spirit attitude;
• Ability to produce detailed technical documentation and follow change management processes.

Desirable Skills and Experience

• Professional experience in digital forensic analysis;
• Past experience working for NATO or in an international organization;
• Experience with Microsoft Azure, Microsoft Defender for Endpoint

Education

• Essential to have a Bachelor's Degree in Computer Science (or similar) combined with a minimum of 2 years' experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience.
• Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCI Agency; that is, at least 8 years extensive and progressive expertise in the duties related to the function of the post.

Working Location

• Mons, Belgium

Working Policy

• On-Site
• Secure environment with standard working hours, with the exception of working non-standard working hours up to 360 hours annually.

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.