C003333 First Line Security Event Analyst - Mons, België - EMW, Inc.

    EMW, Inc.
    EMW, Inc. Mons, België

    1 week geleden

    Default job background
    Beschrijving

    Deadline Date: 03 May 2024

    Requirement Title: First Line Security Event Analyst (FLSEA) 3

    Location: Mons, Belgium

    Full time on-site: Yes

    Total Scope of the request (hours): 1370.5

    Required Start Date: 16-JUN-2024

    End Contract Date: 31-DEC-2024

    Required Security Clearance: NATO Secret

    Duties and Role

    • As a First Line Security Event Analyst (FLSEA), the incumbent will perform initial analysis of logs and network traffic, determine alert severity and escalate when required.
    • The analyst will collate information and present findings in a clear, structured format, providing remediation recommendations and first line response where applicable.
    • Conduct research and assessments of security events within NATO Cyber Security Centre (NCSC)team-
    • Provide analysis of firewall, IDS, anti-virus and other network sensor produced events and present findings-
    • Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc.) for enhancing investigations-
    • Support the end-to-end Incident Handling process-
    • Propose optimisations and enhancements which help to both maintain and improve NATO's Cyber Security posture

    Requirements

    • NATO Secret security clearance
    • A university degree in a technical subject with a focus on Information Technology (IT), obtained from a nationally recognised/certified institution in addition to a minimum of 1 year experience in the field of cyber security analysis. The lack of a degree may be compensated by at least 3 years of relevant experience in field of cyber security analysis. Similarly, candidate's lacking experience can compensate by demonstrating a high level of knowledge in the field of cybersecurity.
    • Comprehensive knowledge of the principles of computer and communications security including knowledge of TCP/IP networking, Windows and Linux operating systems-
    • Broad understanding of common network security threats and mitigation techniques-
    • Experience in the following:- Security Information and Event Management products (SIEM) – e.g. ArcSight, Splunk- Analysis of Network Based Intrusion Detection Systems (NIDS) events– e.g. SourceFire, Palo Alto Network Threat Prevention-
    • Log analysis from a variety of sources (e.g. Firewalls, Proxies, Routers, DNS and other security appliances)-
    • Network traffic capture analysis using Wireshark-
    • Logical approach to analysis and ability to perform structured security investigations using large, complex data sets- Good written and spoken communication skills-
    • Ability to work independently and as part of a team

    Desirable

    • Holding industry leading certification in the area of cyber security such as GCIA, GNFA, GCIH-
    • Computer Incident Response Centre (CIRT), Computer Emergency Response Team (CERT)-
    • Proficiency in Intrusion/Incident Detection and Handling-
    • Experience in the following areas: Full Packet Capture systems – e.g. Niksun, RSA/NetWitness Host Based Intrusion Detection Systems (HIDS) Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc.) Computer forensics tools (stand alone, online and network) Military communication systems and networks