Cyber Threat Intelligence Engineer for NATO with security clearance

We are seeking a MISP Platform Engineer & Cyber Threat Intelligence Specialist to join a multi-disciplinary team supporting the NATO Cyber Security Centre (NCSC). You will be part of a team responsible for the full lifecycle of MISP-based threat intelligence platforms - from system administration and DevOps to data curation, community management, and dissemination., 1. MISP Platform Engineering & DevOps

• System Administration: Proactively manage and maintain multiple MISP environments (test, production, training) running MISP, MISP-guard, and Cerebrate software, ensuring confidentiality, integrity, and availability in line with NATO security policies.
• Deployments & Patching: Regularly update MISP software to the latest version (typically monthly releases deployed within 1-4 weeks), including routine vulnerability patching and change management support.
• Infrastructure Scaling: Stand up, configure, and manage additional MISP, MISP-guard, and Cerebrate infrastructure as required, including temporary infrastructure for missions, exercises, or training.
• Monitoring: Configure and extend system monitoring for MISP and MISP-guard instances.
• Incident Handling: Remediate operational issues with 24/7 on-call support; treat critical vulnerability reports as cyber security incidents.
• Documentation: Maintain installation/configuration guides, technical architecture documentation, and runbooks compliant with NATO policies.

2. Software Testing & Quality Assurance

• Test Strategy: Define a test strategy for the MISP platform covering manual GUI testing (org/user management, CRUD operations, sync scenarios) and automated API testing (using pytest or Robot Framework with PyMISP).
• Test Automation: Develop automated functional tests covering 90%+ of required API endpoints (analystData, attributes, events, galaxies, organisations, roles, servers, etc.).
• Manual Testing: Create and execute manual test cases for basic MISP GUI functionality.
• Test Reporting: Produce test reports for each MISP release (typically monthly) with executive summaries, issue severity classifications, and acceptance statements.

3. MISP Community Management

• User Support: Provision organizations and users, handle password/MFA resets, refer users to documentation, and forward technical issues to relevant personnel.
• SLA Compliance: Start work on resolution within 1 hour of request receipt during NCIA NCSC business hours (Mons/SHAPE).
• Ticket Management: Process support requests via the tool defined by the CSISS Service Delivery Manager.

4. Data Curation

• Best Practices Documentation: Research and document best practices for MISP data entry, including data entry standards, external source mapping, validation guidelines, and data quality feedback loops.
• Taxonomy & Galaxy Management: Document commonly used MISP taxonomies and galaxies with clear descriptions of tags and usage examples.
• Process Definition: Define processes for:
• Incoming MISP event processing (intake, review, assignment, quality management, dashboard creation)
• Access and distribution management (distribution settings, dashboard access rules)
• Data lifecycle management (classifications, lifecycle stages, retention rules, IOC aging)
• Operational Curation: Perform daily data curation: intake, review, validation, tagging (taxonomies/galaxies), IOC lifecycle management, quality improvement, dashboard maintenance, retention/archival, and access compliance checks. Target data quality 95%.

5. Data Dissemination

• Process Definition: Define dissemination processes for MISP and other CTI products, covering communication of available products/updates/actions, user subscription mechanisms, and release calendar management.
• Operational Dissemination: Distribute intelligence products, updates, alerts, and notifications accurately, securely, and timely to appropriate stakeholders. Target dissemination accuracy 99%.

• Software Testing: 5+ years demonstrated experience in functional software testing
• LAMP Sysadmin: 5+ years as sysadmin with LAMP servers (Linux, Apache, MySQL/MariaDB, PHP)
• RedHat: 3+ years experience with RedHat
• Python: 3+ years Python scripting experience
• MVC & Code Review: 3+ years experience in MVC software development and code review of web applications (PHP + SQL)
• Data Analysis: 3+ years experience in data analysis
• Business Process: 3+ years experience defining and documenting business processes
• Cyber Threats: Very good technical understanding of cyber threats to web-based products
• Cyber Security Principles: Good understanding of cyber security principles, best practices, concepts, and technology
• Soft Skills: Ability to work independently and in teams; monitor and support a team; support high-intensity military exercises for multiple weeks; excellent organising and communication skills
• Language: Good communications and writing skills in English