Cyberspace Operations Incident Analysis

Job title:

Cyberspace Operations Incident Analysis

Company

Enterpryze Consulting

Job description

Job Description:EXPERIENCE AND EDUCATION:Essential Qualifications/Experience:· Bachelor’s degree in Computer Science, Information Technology, or related field Or equivalent experience· 3+ years of experience in IT security, with a focus on System Administration, Security Tools Management in large organisations· Strong understanding of security best practice· Expert level in at least three of the following areas and a high level of experience in several of the other areas:ü Security Incidents Event Management products (SIEM) – e.g. Splunkü Network Based Intrusion Detection Systems (NIDS) – e.g. SourceFire, Palo Alto Network Threat Preventionü Host Based Intrusion Detection Systems (HIDS)ü Full Packet Capture systems – e.g. Niksun, RSA/NetWitnessü A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances).ü Cloud-specific security toolsü Splunk ES suite and Phantom SOAR· Proficiency in Intrusion/Incident Detection and Handling· Expert knowledge of malware families, network attack vectors and threat actor tools, techniques and procedures· Experience in endpoint detection and analysis techniques· Expert knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications· Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications· Very good communications skills and reporting experience with capacity to communicate to different types of audience (senior executive, middle management, technical and non-technical)· Very good understanding of the principles of Computer and Communication Security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experienceDesirable Qualifications/Experience:· Experience in working with NATO· Experience of working with NATO Communications and Information Agency· Experience of working with national Defence or Government entitiesDUTIES/ROLE:· Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team:ü Analyse firewall, IDS, anti-virus and other sensor-produced system security events and present findingsü Leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc.) to identify malicious activityü Outcome:o Triage, analysis and response to alertso Deliver analysis and reports in response to tasks associated with ongoing investigations and incidents· Develop new Splunk alerts, searches and reports for security monitoring and detectionü Identify security gaps in NATO infrastructure, develop, update and review custom content utilising available toolsetü Outcome:o 5 new use cases per montho Propose possible optimisations and enhancements, which help to maintain and improve NATO’s Cyber Security posture· Collaborate with threat intelligence teams to incorporate threat indicators into detection systems.ü Work closely with the threat intelligence team to integrate the latest Indicators of Compromise (IOCs) and attack techniques into the detection environmentü Outcome:o Implementation of at least 3 new threat intelligence-driven detections per quarter to stay ahead of emerging threats· Develop and maintain standard operating procedures (SOPs) and playbooks for incident detection and responseü Ensure documentation is up-to-date and provides clear guidance for responding to common attack scenariosü Outcome:o Delivery of updated SOPs and playbooks quarterly, ensuring they reflect the latest threat landscape and detection capabilities· Produce briefings in Microsoft PowerPoint or Word format to provide detailed technical reports in support of incidents and capability improvementsü Outcome:o Report and/or briefing for the management team containing details on the detection capabilities, scope, and details. This may be requested in either Word, PowerPoint, or both depending on the briefing· Review reports and observables from threat hunting, red teaming, and purple teaming activities.ü Outcome:o Detection gap analysis and recommendations for solutions, subsequently leading on the development, testing and implementation· Brainstorm during weekly meetings with the rest of the Monitoring and Detection Team how to improve detection capability to increase detection coverageü Outcome:o Participation in meetings as reported and tracked in the meeting minutes which need to be prepared before the meeting and updated during the meeting (Confluence)

Expected salary

Location

Bergen, Henegouwen

Job date

Fri, 21 Mar 2025 07:05:15 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.net) you saw this job posting.