3523 First Line Security Event Analyst

• Conduct research and assessments of security events within NATO Cyber Security Centre (NCSC) team.
• Provide analysis of firewall, IDS, anti-virus and other network sensor produced events and present findings.
• Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc.) for enhancing investigations.
• Support the end-to-end Incident Handling process.
• Support threat intelligence sharing and block list management activities.
• Propose optimizations and enhancements which help to maintain and improve NATO's Cyber Security posture.

Normal office conditions as part of a 24/7, 365-day shift rotation. This currently consists of 12-hour shifts, including day shifts (07:00-19:00) and night shifts (19:00-07:00). The rota also includes some on-call days and standard daytime shifts (08:30- 17:30). Shift patterns and durations may change in line with business needs.

Do you have experience in Windows?, * The candidate must have a currently active NATO SECRET security clearance

• A university degree in a technical subject with a focus on Information Technology (IT), obtained from a nationally recognised/certified institution in addition to a minimum of 1 year experience in the field of cyber security analysis. The lack of a degree may be compensated by at least 3 years of relevant experience in field of cyber security analysis. Similarly, candidate's lacking experience can compensate by demonstrating a high level of knowledge in the field of cybersecurity.
• Comprehensive knowledge of the principles of computer and communications security including knowledge of TCP/IP networking, Windows and Linux operating systems.
• Broad understanding of common network security threats and mitigation techniques.
• Experience in Security Information and Event Management products (SIEM) - e.g. Splunk.
• Experience in analysis of Network Based Intrusion Detection Systems (NIDS) events- e.g. FirePower, Palo Alto Network Threat Prevention.
• Experience in log analysis from a variety of sources (e.g. Firewalls, Proxies, Routers, DNS and other security appliances).
• Experience in network traffic capture analysis using Wireshark.
• Logical approach to analysis and ability to perform structured security investigations using large, complex data sets.
• Good written and spoken communication skills.
• Ability to work independently and as part of a team.

Desirable

• Holding industry leading certifications in the area of cyber security such as GCIA, GNFA, GCIH.
• Computer Incident Response Centre (CIRT), Computer Emergency Response Team (CERT).
• Proficiency in Intrusion/Incident Detection and Handling.
• Experience in Full Packet Capture systems - e.g. RSA/NetWitness.
• Experience in Endpoint Detection and Response Systems (EDR).
• Experience in computer forensics tools (stand alone, online and network).
• Experience in military communication systems and networks.