C003950 Threat Hunting Analyst (NS) - MON 13 Jan

Deadline Date: Monday 13 Jan 2025

Requirement: Threat Hunting Analyst

Location: Mons, BE

Full Time On-Site: Yes

Time On-Site: 100%

Total Scope of the request (hours): 1254

Required Start Date: 24 February 2025

End Contract Date: 31 December 2025

Required Security Clearance: NATO SECRET

Duties and Role:  

• Prioritize, plan and execute threat hunts.
• Can work independently, as well as part of the team.
• Highlight improvements on the detection and prevention methods (IDS, SIEM content for correlation, modification of security settings, etc…).
• Pro-active engagement with the Cyber Community internal to NATO.
• Monthly reporting on approved KPIs.
• Creation/maintenance of Standard Operating Procedures (SOPs) to support all aspects of their role.
• Monthly reporting to both the Customer and Business Stake Holders.
• Assist NCSC, when required, in support to Cyber Incident Analysis and Response.
• Production of high quality hypotheses and detection use cases documented in the centralized knowledge base of NCSC.
• Advise on, test and implement Data Analysis, Artificial Intelligence and Machine Learning technologies to augment and improve existing NCSC process,
• Improvement of NCSC processes for receiving, searching, analysing, and storing cyber threat data.
• Regular, at least monthly, Knowledge Transfer meetings with appropriate stakeholders, focusing on:
• Successes and setbacks,
• Lessons identified/learned,
• Improvements to the Cyber Security processes currently in use within NCSC.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Significant demonstrable experience in Cyber Security related environment.
• Excellent analytical and hypothetical thinking.
• Experience in liaising at both the technical and managerial level, the incumbent must have excellent written and spoken communication skills.
• Experience in producing accurate and meaningful reports, both technical and managerial, on activities related to Cyber Security.
• Able to organize and lead.
• Able to work as part of a team and under direction of a higher authority.
• Strong collaboration and interpersonal skills.
• Pattern Recognition/Deductive Reasoning
• Highly Desirable to have one or more advanced professional SANS (500/600/700) certifications (e.g., GCIA, GCFA, GNFA, GREM,…) or with the same level of quality.
• Demonstrable self-learning capability on complex technical subjects.
• Knowledge and practice of Data Analytics, Data Mining, Data Enrichment, Artificial Intelligence and connected concepts such as Large Language Models, Retrieval Augmented Generation, Machine Learning;
• A good understanding in at least three of these areas:
• Network Based Intrusion Detection Systems (NIDS), Host Based Intrusion Detection Systems (HIDS), Network security appliances and networking devices and associated management  software. A variety of Security Event generating sources at network and host level (e.g. Firewalls, IDS, Routers, Security Appliances, …),
• Computer Forensics Tools (stand alone, online and network),
• Computer Security Tools (Vulnerability Assessment, Anti-Virus, Anti-Spyware, etc.),
• Network protocols,
• Scripting languages (PowerShell/Python/…).
• Ability to effectively manage own workload in a high tempo environment to Time, Quality and Standards.
• Ability to effectively communicate technical solutions to various audiences, both technical and non-technical.
• Be self-motivated and driven.
• Ability to work in an International environment embedded in the Customer's location in mainland Europe (Belgium).