C004050 MISP Engineer (NS) - FRI 7 Feb

Deadline Date: Friday 7 February 2025

Requirement: MISP Engineer

Location: Mons, BE 

Full Time On-Site: Yes

Time On-Site: 100%

Not to Exceed Rate: 90 EUR

Total Scope of the request (hours): 836

Required Start Date: 24 March 2025

End Contract Date: 31 December 2025

Required Security Clearance: NATO SECRET

Duties and Role:  

The contracted individual must be able to perform effectively and efficiently with minimal supervision.

Within the Inform Branch and reporting to the branch head or a delegated authority, the duties of the individual mainly focus on:

System administration:

• Proactively manage and maintain the multiple servers running the MISP software ensuring the necessary confidentiality, integrity and availability of the tool and information.
• Stand up, configure and manage dedicated MISP instances in support to multiple NATO exercises.
• Regularly update the MISP software to the latest version and support the test and validation effort for change management process.
• Configure and extend the system monitoring of those MISP installations.
• Maintain the ansible playbooks related to the MISP setup and configuration.
• Maintain and improve documentation related to the MISP installations within NATO

Content Management:

• Developing (python) and maintain scripts to further automate and integrate MISP with other subsystems within NATO such as the SIEM, IDS, …
• Support the quality management effort by creating and maintaining content quality checking rules.

User and Community Management:

• Provide support to the user-community of the NATO managed MISP instances
• Provide feedback to the user-community on regular basis, and on daily-basis during exercises execution
• During exercises, lead a team of multiple MISP Operators to support information flow, quality control and user management.
• Support the streamlining and automation of user management process with a combination of IT Service Management tools (ITSM) and Identity and Access Management (IDAM) tools like Cerebrate and/or Keycloak.

MISP Training support

• Plan for, prepares and delivers a series of online MISP training Sessions to an exercise audience.
• Support the preparation of individual training packages for specific training audience to validate the training objectives have been met.

Specific Working Conditions: The work will be mainly executed on site at the NCI Agency offices in Mons, Belgium. Multiple exercices support requiring travel to other NATO countries will be required (up to 6 weeks of travel in total).

Within Belgium, travel to NCIA/NATO offices will be as follows: 1 x per quarter to Brussels; 2 x per month to Braine L'Alleud.

Weekly update to the identified authority will be required for assessing the satisfactory condition of the work delivered.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Extensive knowledge and experience (more than 5 years) in technical understanding of the cyber threats to web-based products.
• Demonstrated experience as sysadmin with LAMP servers - Linux, Apache, MySQL/MariaDB, PHP.
• Experience with RedHat is an asset.
• Excellent python scripting.
• Experience in MVC software development and code review of web applications mostly in PHP language and with SQL.
• Experience with CakePHP is an asset
• Prior experience as sysadmin of a MISP Threat Sharing platform is a very strong asset.
• Prior experience in developing code (python, PHP) for MISP is an even stronger asset
• Prior experience in multinational cyber exercises like Locked Shields, Crossed Swords, Cyber Coalition, etc is an important asset.
• Good understanding of cyber security principles, best practices, concepts and technology.
• Ability to work independently and in teams to achieve the desired goals, including the ability to monitor and support a team.
• Excellent organizing and communication skills.
• Good communications and writing skills in English.