Requirement: Cyber Security Engineer (SIEM/LOGS)

Location: Mons, BE

Full time on-site: Yes

Time On-Site: 100%

Total Scope of the request (hours): 836

Required Start Date: 8 January 2024

End Contract Date: 31 December 2024

Required Security Clearance: NATO SECRET

Duties and Role:

• Act as one of the main engineers and Subject Matter Expert (SME) for Security Incident Event Management (SIEM) and Log Aggregation (LogA) services (further referred as data security systems) within the Cyber Security Data team.
• As the SME, you will provide advice and technical assistance to other stakeholders, maintain technical expertise, awareness, and developments in related new technologies, and provide technical contributions to any projects related to the data security systems
• Be responsible for management and further development of the data security systems.
• Following ITIL standards, provide support to Operations and Service Delivery management covering all stages of the data security systems life cycle (eg Service Design, Transition, Operations, Change Management and Continual Service Improvement).
• Ensure that data security systems are installed, configured, and operating correctly and in line with dependencies with others systems or applications required.
• Ensure that all system components are continuously monitored and take appropriate technical and non-technical actions for solving detected issues.
• Ensure that data security systems operate within any KPI's, as defined in Service Level Agreements with NCSC customers.
• Support integration with external tools and any associated activities.
• Proactively identify and propose system improvements to ensure an up-to-date and stable environment. Justify business needs, prepare documentation and implementation plan for the Change Management Board. Implement the approved changes following co-ordination with other stakeholders.
• Coordinate with service delivery managers, end users and other stakeholders in support of related services; communicate with other NATO entities as well as industry partners where required.
• Develop and maintain documentation guidelines, standard operating procedures, system and service design documents and other relevant documentation that support management of the data security systems.
• Create technical and/or executive level reports as required; organise and deliver presentations and briefings for various audience up to NATO executive level.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• A minimum requirement of a Bachelor's degree at a nationally recognised/certified University in a related discipline and 2 years post-related experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCI Agency, that is, at least 6 years extensive and progressive expertise in duties related to the function of the post.
• At least 1 year of extensive practical experience as Splunk administrator in large enterprise environment (deployment, installation, configuration and maintenance).
• Practical experience of Splunk Enterprise security, Phantom and UBA.
• At least 2 years and expert level experience related to SIEM/LogA management activities.
• Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours.
• Practical hands-on experience in systems and tools administration, especially Linux environment.
• Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
• Practical skills in writing Bash, Python or Ansible scripts to support repetitive tasks automation.
• Linux system and application administration and troubleshooting.
• Solid understanding of regular expressions.
• Ability to develop clear and concise technical documentation, including procedures.
• Demonstrable ability to work autonomously and proactively, to understand the chain of command and to follow internal processes.
• Good communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.