SC2023-003069 Cyber Security Data Engineer - MISP (NS) - FRI 22 Sep

Deadline Date: Friday 22 September 2023

Requirement: Cyber Security Data Engineer – MISP

Location: Mons, BE

Full time on-site: Yes

Time On-Site: 100%

Not to Exceed Rate: 106 EUR

Total Scope of the request (hours): 350

Required Start Date: 6 November 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

Duties and Role:

Main responsibilities:

• Install, deploy, monitor, maintain, configure and keep in operational conditions the Malware Information Sharing Platform (MISP) systems.
• Act as the Subject Matter Expert for MISP.
• Troubleshoot identified issues, liaise with other stakeholders and co-ordinate resolution of those issues.
• Identify any upgrade requirements and implement new versions following relevant testing and internal change management process.
• Proactively propose system and service improvements to provide effective and efficient service operations.
• Implement approved changes following extensive tests in pre- production environment
• Deliver new and improve existing documentation on MISP service related processes, setup, integrations and customized scripting in the environment.
• Collaborate with other stakeholders supporting project related activities (new implementations, system upgrades/changes, etc.).
• Ensure the level of security (Confidentiality, Integrity, and Availability) meets or exceeds the minimum-security requirements defined by NATO security authorities.
• Help in the organization of the MISP User Group (MUG) whenever required, supporting the internal MISP engineer.
• Actively participate in the wider MISP community discussions to propose and review change proposals.
• Support the MISP Lead engineer and Service Delivery Manager (SDM)in providing the metrics to be integrated into wider NCSC or NCIA products , delivering second and third line support for MISP users and supporting any Root Cause Analysis (RCA) requested.
• Occasionally provide support to the rest of the section with the maintenance of other specialized tools such as Security Incident and Event Management, Vulnerability Assessment and Computer Forensic.
• Perform technical co-ordination as required with NATO CIS authorities.
• Produce metrics to be integrated into wider NCSC or NCI Agency products that are being delivered up to NATO executive management level.
• Maintain awareness of new technologies and developments, industry standards and best practices within the wider IA community and provide support for the selection of new cyber tools.
• Produce technical reports and support the production of executive level reports.
• Review security documentation and provide technical advice.
• When required work autonomously and proactively.

Expected outcomes

Under the direction of the STMS Section Head, MISP Lead Engineer or delegated authority, the incumbent shall deliver the following:

Daily:

• Work in close collaboration with the MISP Service Delivery Manager (SDM) and the MISP Lead Engineer on assigned tasks and upcoming deliverables
• Report on system status, results of the health checks and details on any issues identified.
• In case of any issues, preparation of a resolution plan and any applicable mitigations. The initial plan has to be prepared within 1 working day.
• Manage the ticket queue related to the tools under incumbent's responsibility. The incumbent will respond to all Critical within the same day. High tickets require a response the next day the latest. All other tickets shall be updated at least once a week.

Weekly:

• A brief summary of current situation with ongoing tickets. It shall include: any critical as well as system affecting high tickets; any identified issues, already present or expected in the future.

Performance Standards

• Timely delivery of the reports and briefs.
• The section head, SDM and/or team lead will regularly assess quality of the deliverables.
• The reports shall contain key elements such as date and time of system checks, expected outcome, observed situation.
• In case of reported issues provide details on 5W: who (is affected), what (happened), when (day/time), where (which systems), why (any supporting details, potential hypothesis).

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Essential to have a Bachelor's Degree in Computer Science combined with a minimum of 2 years' experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience.

Mandatory

• Excellent abilities in software development/programming and code review;
• Excellent abilities in writing and reviewing scripts, mostly in Python language;
• 2 year's demonstrable experience solely in web development in PHP and/or Python;
• Very good technical understanding of the cyber threats to web-based products;
• Demonstrated experience in using API for data ingestion and tools integration;
• Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat;
• Demonstrated experience in the management and administration of SQL databases;
• Demonstrated experience in the use of APIs for data ingestion and integration;
• Understanding of service delivery management and service lifecycle.
• Working knowledge of automation technologies (Ansible)
• Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
• Good communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
• Ability to investigate and analyse complex scenarios and solve problems in innovative ways
• Demonstrable ability to work autonomously and proactively

Desirable

• Prior experience in the use and administration of MISP (Malware Information Sharing Platform);
• Code contributions to MISP as open source project;
• Previous experience in working in a Cyber Security field (CERTs, security office,…)
• Prior experience of working in an international environment comprising both military and civilian elements;
• Experience with the technical management of Splunk as Enterprise SIEM