Forensics/Malware Analysis (MA) Tool Engineer
Posted on Mar 3, 2020 by LA International Computer Consultants Ltd
PROJECT DESCRIPTION - SUMMARY OF REQUIREMENTS
NATO Communications and Information Agency
The Agency was established on 1 July 2012 as part of a NATO reform, but its predecessors have been supporting Allied operations long before. Today, NATO is in the midst of a fundamental transformation in the way it performs its mission by more effectively exploiting information technology and reforming its business processes.
We acquire, deploy and defend communications systems for NATO's political decision-makers and Commands; we are on the frontlines against cyber-attacks, working closely with governments and industry to prevent future debilitating attacks
LA International Computer Consultants Ltd
LA International has worked directly with NATO and the majority of Systems Integrators, Defence Primes and Consultancies that work within the NATO market for over a decade. This has enabled them to support a significant percentage of NATO projects and programmes which gives them an unparalleled insight into the Sector.
LA International has been appointed as a Prime supplier to the NCI Agency through the Advisory and Assistance Services Framework (A&AS), a contract that enables them to call off Project/Programme Management, Administration & HR, Commercial, ICT, Scientific, Engineering, and Military functional expertise in order to support essential NATO operations.
Job Title:Forensics/Malware Analysis (MA) Tool Engineer
Required Security Clearance:NATO Secret
Start Date:15 April 2020
End Date:31 December 2020
As Forensics/Malware Analysis (MA) Senior Tool Engineer, the incumbent will be responsible for supporting Cyber Defence operations, maintaining, updating and improving the tool's configuration to match the threat environment, specifically for Forensics and Malware Analysis activities. The Forensics/MA Senior Tool Engineer will report to the Head, Security Tools Management Section and will collaborate with the engineers from the Incident Analysis and Response Section as the users of the tools and the staff from Platform and Infrastructure management Section for the platform support. The main duties will be to tune the security tools for optimum performance, ensuring that all NCIRC specialist applications that permit computer forensics and malware analysis are installed, configured, fully available and integrated with each other where possible.
*Install, Configure and admin Cyber Defence associated specialist tools (see below):
*Online Computer Forensics (OCF), namely Access Data Enterprise, Fidelis Endpoint and OpenText Encase Enterprise. Malware Analysis, namely Cuckoo, Opswat Metascan to ensure that all NCIRC specialist applications related to on-line computer forensics tools and malware analysis are installed, configured, monitored and running properly and in line with dependencies with others systems or applications according NCSC needs.
*Develop scripts and code to facilitate the integration of the different tools.
*Proactively recommend optimizations to capabilities to provide effective and efficient service operations.
*Work out implementation plans for new capabilities and take ownership to ensure rapid implementation of those new tools and optimizations.
*Initiate, prepare, follow and defend the specialist applications upgrades in front of the Change Management Board.
*Implement the approved changes.
*Review security documentation and provide technical advice in Forensics and MA area, when requested
*Maintain awareness of new technologies and developments, industry standards and best practices within the NCSC community for Forensics/MA tools, participating in knowledge sharing with other analysts and develop solutions efficiently
*Perform other essential duties as assigned, as technical reports and/or executive level reports production.
Skills and Experience
Essential to have a Bachelor's Degree in Computer Science combined with a minimum of 5 years' experience in as System or Security Engineer or similar position, or a Secondary education and completed advanced vocational education (loading to a professional qualification or professional accreditation) with 8 years post related experience.
*Excellent practical hands-on experience in systems and tools administration (Windows/Linux).
*Troubleshooting of Linux, Windows infrastructures and network filtering issues;
*Software engineering including programming and/or Scripting knowledge (python, Shell Scripting, PowerShell).
*Understanding of forensic processes and concepts.
*Understanding of Malware Analysis processes, tools and techniques
*Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
*In depth knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
*Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
*Experience with system instrumentation solutions such as Ansible, Chef,
*Experience with hands-on pentesting or cyber capture the flag (CTF) challenges.
*Practical experience with forensic analysis, threat hunting, malware analysis,
*Industry leading certification in the area of Cybersecurity such as CISSP, CISM, MCSE/S, CISA, GSNA, SANS GIAC.
*A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
*Prior experience of working in an international environment comprising both military and civilian elements.