Security Operations Engineer (Splunk)

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID – 2024-0272

Role Background

The NATO Communications and Information Agency (NCI Agency) is dedicated to acquiring, deploying, and defending communication systems for NATO’s political decision-makers and Commands. It operates on the frontlines against cyber-attacks, collaborating closely with governments and industry to prevent future debilitating attacks. The NCI Agency plays a crucial role in maintaining NATO’s technological edge and ensuring the collective defence and crisis management capabilities of the Alliance. In pursuit of our mission, we require specialized advisory services to enhance our interim workforce capacity.

The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.

As part of NCI Agency, the NATO Cyber Security Centre (NCSC) represents one of the largest fully integrated global Cyber Defence capabilities in the world. This capability requires a combined international team of 250+ NATO and Industry analysts as well as engineers, to operate and maintain the wide range of Cyber Security services and the complex infrastructure on which they run, installed at over 100 sites in all 30 NATO member countries

Role Duties and Responsibilities

Log collection

• Manage log collection of new data log sources in SIEM which includes, but is not limited to, log ingestion process from various data sources located on premise or in the cloud, data mapping to Splunk Common Information Model, integration with existing Splunk data models, testing log ingestion, validating log ingestion quality with stakeholders.
• Document all relevant information in Confluence in accordance with CSDE standards
• Coordinate such activity with CSDE team and T3 customers

Service availability and monitoring

• Act as one of the engineers and Subject Matter Expert (SME) for SIEM and Log Collection services within the Cyber Security Data team
• Monitoring the availability and performance of the SIEM environment including log collection
• Detecting and reporting to SDM any service degradation
• Taking appropriate actions to restore the environment to a fully operational state when a problem is detected.
• Following best practices for maintaining the Splunk environment in a stable and reliable state with the objective of preventing any service degradation
• Ensure that data security systems are installed, configured, and operating correctly and in line with dependencies with others systems or applications required
• Ensure that data security systems operate within any KPI’s, as defined in Service Level Agreements with NCSC customers

Change management

• Implement changes to the SIEM environment including but not limited to: software upgrades, new applications deployment, deploying new servers, modifying existing configuration of the SIEM environment, collecting new data sources, deploying new software.
• Follow NCSC Change management process to get approval before implementing changes. This includes, but is not limited to, creating the change request, ensure all necessary information is provided in due diligence, following up the change request to ensure quick approval, attending to CAB meeting when necessary, providing impact assessment when required.
• Coordinate all these changes with CSDE and external teams.
• Develop and maintain documentation guidelines, standard operating procedures, system and service design documents and other relevant documentation that support management of the data security systems.

Reporting and advisory role

• Attending meeting when there is a need for representing the cell, for providing technical advice or for reporting relevant information to the team or other stakeholders.
• Reporting any relevant information to the cell head, the SDM or other team members.

Providing support to customers

• Provide support to customers (mainly security analysts but not limited to them) facing issues or needing technical assistance

Essential Skills and Experience

• A good understanding of IT Security
• At least 2 years of relevant experience and strong technical skills in administering, deploying, installing, configuring and maintaining large distributed Splunk Enterprise environment
• Good programming skills in at least one of these languages: Ansible.python or bash
• A good understanding of networking and various protocols such as TCP/IP, HTTP(S), DNS.
• Very good knowledge and proven experience of Linux system and application administration and troubleshooting
• Ability to work autonomously
• Accuracy and attention to detail
• Each team member shall be dressed suitably for meetings with high ranked officials
• Strong reporting skills to various levels of seniority
• Responsible for complying will all applicable local employment laws, inaddition to following all SHAPE & NCIA on boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.

Language Proficiency

• Business English

Working Location

• Mons, Belgium

Working Policy

• On-Site

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.