EMW, Inc.

SC2023-003069 Cyber Security Data Engineer - MISP (NS) - FRI 22 Sep

Sep 14, 2023

Mons, Wallonia, Belgium

Deadline Date: Friday 22 September 2023

Requirement: Cyber Security Data Engineer – MISP

Location: Mons, BE

Full time on-site: Yes

Time On-Site: 100%

Not to Exceed Rate: 106 EUR

Total Scope of the request (hours): 350

Required Start Date: 6 November 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

Duties and Role:

Main responsibilities:

  • Install, deploy, monitor, maintain, configure and keep in operational conditions the Malware Information Sharing Platform (MISP) systems.
  • Act as the Subject Matter Expert for MISP.
  • Troubleshoot identified issues, liaise with other stakeholders and co-ordinate resolution of those issues.
  • Identify any upgrade requirements and implement new versions following relevant testing and internal change management process.
  • Proactively propose system and service improvements to provide effective and efficient service operations.
  • Implement approved changes following extensive tests in pre- production environment
  • Deliver new and improve existing documentation on MISP service related processes, setup, integrations and customized scripting in the environment.
  • Collaborate with other stakeholders supporting project related activities (new implementations, system upgrades/changes, etc.).
  • Ensure the level of security (Confidentiality, Integrity, and Availability) meets or exceeds the minimum-security requirements defined by NATO security authorities.
  • Help in the organization of the MISP User Group (MUG) whenever required, supporting the internal MISP engineer.
  • Actively participate in the wider MISP community discussions to propose and review change proposals.
  • Support the MISP Lead engineer and Service Delivery Manager (SDM)in providing the metrics to be integrated into wider NCSC or NCIA products , delivering second and third line support for MISP users and supporting any Root Cause Analysis (RCA) requested.
  • Occasionally provide support to the rest of the section with the maintenance of other specialized tools such as Security Incident and Event Management, Vulnerability Assessment and Computer Forensic.
  • Perform technical co-ordination as required with NATO CIS authorities.
  • Produce metrics to be integrated into wider NCSC or NCI Agency products that are being delivered up to NATO executive management level.
  • Maintain awareness of new technologies and developments, industry standards and best practices within the wider IA community and provide support for the selection of new cyber tools.
  • Produce technical reports and support the production of executive level reports.
  • Review security documentation and provide technical advice.
  • When required work autonomously and proactively.

Expected outcomes

Under the direction of the STMS Section Head, MISP Lead Engineer or delegated authority, the incumbent shall deliver the following:


  • Work in close collaboration with the MISP Service Delivery Manager (SDM) and the MISP Lead Engineer on assigned tasks and upcoming deliverables
  • Report on system status, results of the health checks and details on any issues identified.
  • In case of any issues, preparation of a resolution plan and any applicable mitigations. The initial plan has to be prepared within 1 working day.
  • Manage the ticket queue related to the tools under incumbent's responsibility. The incumbent will respond to all Critical within the same day. High tickets require a response the next day the latest. All other tickets shall be updated at least once a week.


  • A brief summary of current situation with ongoing tickets. It shall include: any critical as well as system affecting high tickets; any identified issues, already present or expected in the future.

Performance Standards

  • Timely delivery of the reports and briefs.
  • The section head, SDM and/or team lead will regularly assess quality of the deliverables.
  • The reports shall contain key elements such as date and time of system checks, expected outcome, observed situation.
  • In case of reported issues provide details on 5W: who (is affected), what (happened), when (day/time), where (which systems), why (any supporting details, potential hypothesis).


Skill, Knowledge & Experience:

  • The candidate must have a currently active NATO SECRET security clearance
  • Essential to have a Bachelor's Degree in Computer Science combined with a minimum of 2 years' experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience.


  • Excellent abilities in software development/programming and code review;
  • Excellent abilities in writing and reviewing scripts, mostly in Python language;
  • 2 year's demonstrable experience solely in web development in PHP and/or Python;
  • Very good technical understanding of the cyber threats to web-based products;
  • Demonstrated experience in using API for data ingestion and tools integration;
  • Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat;
  • Demonstrated experience in the management and administration of SQL databases;
  • Demonstrated experience in the use of APIs for data ingestion and integration;
  • Understanding of service delivery management and service lifecycle.
  • Working knowledge of automation technologies (Ansible)
  • Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
  • Good communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
  • Ability to investigate and analyse complex scenarios and solve problems in innovative ways
  • Demonstrable ability to work autonomously and proactively


  • Prior experience in the use and administration of MISP (Malware Information Sharing Platform);
  • Code contributions to MISP as open source project;
  • Previous experience in working in a Cyber Security field (CERTs, security office,…)
  • Prior experience of working in an international environment comprising both military and civilian elements;
  • Experience with the technical management of Splunk as Enterprise SIEM

Join 27215+ Machine Learning Engineers, receiving daily job alerts.