C003869 Cloud Security and Automation Analyst (NS) - FRI 13 Dec

Deadline Date: Friday 13 December 2024

Requirement: Cloud Security and Automation Analyst

Location: Mons, BE

Full Time On-Site: Yes

Time On-Site: 100%

Total Scope of the request (hours): 1254

Required Start Date: 3 February 2025

End Contract Date: 31 December 2025

Required Security Clearance: NATO SECRET

Duties and Role:  

As a Cloud Security and Automation analyst, you will provide detailed analysis of logs and network traffic and technical subject matter of expertise for automation on cloud infrastructure. As part of your main responsibilities in this role, you will:

• Analyse and respond to alerts originating from complex cloud infrastructure deployments and on-premise network and security devices.
• Identify security gaps in NATO cloud security infrastructure and develop custom detection content within cloud environments.
• Develop and maintain cloud-specific use cases in our on-premise SIEM solution (Splunk Enterprise Security).
• Develop processes, create and maintain supporting documentation.
• Work towards automating repetitive tasks using our SOAR solution.
• Create automated detection and response capabilities using SIEM, SOAR and other available toolset.
• Create dashboards and reports for situational awareness purposes.
• Create technical reports for business and performance reporting
• Develop and maintain SOAR playbooks.
• Mentor less experienced members of the team.
• Be flexible and support your colleagues in securing NATO networks through ad hoc tasks.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 3 years of specific experience.
• Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCI Agency; that is, at least 5 years extensive and progressive expertise in the duties related to the function of the post.
• At least two years of demonstrable experience in security monitoring and analysis of enterprise level cloud environments (AWS and/or Azure).
• Detailed knowledge of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures.
• Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications.

Expertise in at least three of the following areas and a high level of experience in several of the other areas:

• Security monitoring and analysis using a variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, EDR and AV).
• Cloud architectures and technologies (AWS and/or Azure).
• Managing security operations in public cloud services (AWS and/or Azure).
• Microsoft Sentinel.
• AWS cloud security tools.
• Splunk ES suite and Splunk Seach Processing Language (SPL).
• Phantom SOAR playbook development.
• Security use case development aligned to the MITRE ATT&CK Framework.

Desirable

• Industry leading certification in the area of Cybersecurity, such as GCIA, GPCS, GCLD, GNFA, GCIH, CCSP, GSFE, GCFA, GCED, OSCP.
• A solid understanding of Information Security Practices relating to the Confidentiality, Integrity and Availability of information (CIA triad).
• Experience working with Full Packet Capture Systems e.g Niksun, RSA/NetWitness.
• Experience working with Host Based Intrusion Detection systems (HIDS).
• Experience with Network Based Intrusion Detection Systems (NIDS) e.g SourceFire, Palo Alto Netork Threat Prevention.
• Strong knowledge of malware families and network attack vectors.
• Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), in-depth analysis of threats across enterprise environments by combining security rules, content, policy and relevant datasets.
• Ability to analyse attack vectors against a particular system to determine attack surface.