SC2023-003069 Cyber Security Data Engineer - MISP (NS) - FRI 22 Sep
Sep 14, 2023
Mons, Wallonia, Belgium
Deadline Date: Friday 22 September 2023
Requirement: Cyber Security Data Engineer – MISP
Location: Mons, BE
Full time on-site: Yes
Time On-Site: 100%
Not to Exceed Rate: 106 EUR
Total Scope of the request (hours): 350
Required Start Date: 6 November 2023
End Contract Date: 31 December 2023
Required Security Clearance: NATO SECRET
Duties and Role:
- Install, deploy, monitor, maintain, configure and keep in operational conditions the Malware Information Sharing Platform (MISP) systems.
- Act as the Subject Matter Expert for MISP.
- Troubleshoot identified issues, liaise with other stakeholders and co-ordinate resolution of those issues.
- Identify any upgrade requirements and implement new versions following relevant testing and internal change management process.
- Proactively propose system and service improvements to provide effective and efficient service operations.
- Implement approved changes following extensive tests in pre- production environment
- Deliver new and improve existing documentation on MISP service related processes, setup, integrations and customized scripting in the environment.
- Collaborate with other stakeholders supporting project related activities (new implementations, system upgrades/changes, etc.).
- Ensure the level of security (Confidentiality, Integrity, and Availability) meets or exceeds the minimum-security requirements defined by NATO security authorities.
- Help in the organization of the MISP User Group (MUG) whenever required, supporting the internal MISP engineer.
- Actively participate in the wider MISP community discussions to propose and review change proposals.
- Support the MISP Lead engineer and Service Delivery Manager (SDM)in providing the metrics to be integrated into wider NCSC or NCIA products , delivering second and third line support for MISP users and supporting any Root Cause Analysis (RCA) requested.
- Occasionally provide support to the rest of the section with the maintenance of other specialized tools such as Security Incident and Event Management, Vulnerability Assessment and Computer Forensic.
- Perform technical co-ordination as required with NATO CIS authorities.
- Produce metrics to be integrated into wider NCSC or NCI Agency products that are being delivered up to NATO executive management level.
- Maintain awareness of new technologies and developments, industry standards and best practices within the wider IA community and provide support for the selection of new cyber tools.
- Produce technical reports and support the production of executive level reports.
- Review security documentation and provide technical advice.
- When required work autonomously and proactively.
Under the direction of the STMS Section Head, MISP Lead Engineer or delegated authority, the incumbent shall deliver the following:
- Work in close collaboration with the MISP Service Delivery Manager (SDM) and the MISP Lead Engineer on assigned tasks and upcoming deliverables
- Report on system status, results of the health checks and details on any issues identified.
- In case of any issues, preparation of a resolution plan and any applicable mitigations. The initial plan has to be prepared within 1 working day.
- Manage the ticket queue related to the tools under incumbent's responsibility. The incumbent will respond to all Critical within the same day. High tickets require a response the next day the latest. All other tickets shall be updated at least once a week.
- A brief summary of current situation with ongoing tickets. It shall include: any critical as well as system affecting high tickets; any identified issues, already present or expected in the future.
- Timely delivery of the reports and briefs.
- The section head, SDM and/or team lead will regularly assess quality of the deliverables.
- The reports shall contain key elements such as date and time of system checks, expected outcome, observed situation.
- In case of reported issues provide details on 5W: who (is affected), what (happened), when (day/time), where (which systems), why (any supporting details, potential hypothesis).
Skill, Knowledge & Experience:
- The candidate must have a currently active NATO SECRET security clearance
- Essential to have a Bachelor's Degree in Computer Science combined with a minimum of 2 years' experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience.
- Excellent abilities in software development/programming and code review;
- Excellent abilities in writing and reviewing scripts, mostly in Python language;
- 2 year's demonstrable experience solely in web development in PHP and/or Python;
- Very good technical understanding of the cyber threats to web-based products;
- Demonstrated experience in using API for data ingestion and tools integration;
- Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat;
- Demonstrated experience in the management and administration of SQL databases;
- Demonstrated experience in the use of APIs for data ingestion and integration;
- Understanding of service delivery management and service lifecycle.
- Working knowledge of automation technologies (Ansible)
- Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
- Good communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
- Ability to investigate and analyse complex scenarios and solve problems in innovative ways
- Demonstrable ability to work autonomously and proactively
- Prior experience in the use and administration of MISP (Malware Information Sharing Platform);
- Code contributions to MISP as open source project;
- Previous experience in working in a Cyber Security field (CERTs, security office,…)
- Prior experience of working in an international environment comprising both military and civilian elements;
- Experience with the technical management of Splunk as Enterprise SIEM