Engineer (Security Testing)-190062
Primary Location Belgium-Mons
NATO Body NATO Communications and Information Agency (NCI Agency)
Salary (Pay Basis) : 5,467.45Euro (EUR) Monthly
We are the NATO's IT Agency serving 29 nations by defending its networks, and providing real life support to its operations and missions. We are working around the clock safeguarding the freedom and security of nearly 1 billion citizens.
Do you have recent practical, hands-on experience with web application, infrastructure and application level penetration testing? Do you love the thrill of discovering new vulnerabilities, pivoting into networks and exploring new hacking techniques? Can you prove excellent experience with network security architecture design? Can you demonstrate excellent abilities ability to communicate effectively orally and in writing displaying professional briefing skills and ability to report to various audience levels? If the answer is yes, this position is ideal for you.
The NCI Agency is currently seeking an Engineer (Security Testing) to provide Web, infrastructure and application level penetration testing, as well as to provide security consultancy and advice to projects, plans.
The CS SL is responsible for providing the broad spectrum of services in the following specialist security areas: CIS Security, Cyber Defence, Information Assurance, and Computer Security & Communications Security.
The NCI Agency Cyber Security Service Line (CS SL) is responsible for planning and executing all lifecycle management activities for cyber security. In executing this responsibility, CS SL provides specialist cyber security-related services covering the spectrum of scientific, technical, acquisition, operations, maintenance, and sustainment support, throughout the lifecycle of NATO Information Communications and Technology (ICT).
Under the direction of Head Cyber Capability Validation Cell, and largely on your own initiative, you will perform duties such as the following:
Provide web & infrastructure penetration testing;
Provide security design reviews to ensure compliance with NATO policies and directives;
Provide security consultancy and advice to projects, plans, and other entities;
Lead and/or be part of the Red/Blue Team during NATO military exercises;
Represent the CS SL at the NATO Security Accreditation Board from a security testing perspective;
Build and sustain effective communications with different stakeholders; specifically, the NCIA Configuration Control Board, Security Accreditation Boards, NATO Security Accreditation Authorities, and NCI Agency organization units supporting accreditation processes;
Brief at both executive and technical levels on security reports and testing outcome, including at flag officer level;
Represent the Agency on security testing matters;
Stay abreast of technological developments relevant to the area of work;
Perform any other duties as may be required.
You will be required to have Master of Science (MSc) degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content with at least two years post related experience; or a Bachelor of Science (BSc) degree at a nationally recognised/certified university in a related discipline, with at least four years post related experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that are of interest to the NCI Agency; namely, at least 10 years of extensive and progressive experience in the duties related to the functions of this post.
It is highly desirable for you to hold professional qualifications like: GPEN, CREST Certified Web Application Tester, GXPEN, GWAPT or equivalent.
In addition to at least 2 years’ relevant experience, you will need to prove extensive knowledge and experience in the following areas:
Web application penetration testing;
IT infrastructure penetration testing;
Network security architecture design;
Assessing security vulnerabilities within OS, software, protocols & networks;
Researching and evaluating security products & technologies;
System and network administration;
Use of penetration testing tools, techniques, and recognized testing methodologies;
Scripting skills in at least one of the following: Perl, Python, Ruby, shell (bash, ksh, csh).
You will be asked to prove:
Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies;
Ability to evaluate risks and formulate mitigation plans;
Proven ability to communicate effectively orally and in writing displaying professional briefing skills and ability to report to various audience levels.
It is considered highly desirable if you can demonstrate familiarity with risk analysis methodologies.
Persuading and Influencing - Gains clear agreement and commitment from others by persuading, convincing and negotiating; makes effective use of political processes to influence and persuade others; promotes ideas on behalf of oneself or others; makes a strong personal impact on others; takes care to manage one’s impression on others.
Working with People - Shows respect for the views and contributions of other team members; shows empathy; listens, supports and cares for others; consults others and shares information and expertise with them; builds team spirit and reconciles conflict; adapts to the team and fits in well.
Applying Expertise and Technology - Applies specialist and detailed technical expertise; uses technology to achieve work objectives; develops job knowledge and expertise (theoretical and practical) through continual professional development; demonstrates an understanding of different organisational departments and functions.
Adapting and Responding to Change - Adapts to changing circumstances; tolerates ambiguity; accepts new ideas and change initiatives; adapts interpersonal style to suit different people or situations; shows an interest in new experiences.
Coping with Pressures and Setbacks - Maintains a positive outlook at work; works productively in a pressurised environment; keeps emotions under control during difficult situations; handles criticism well and learns from it; balances the demands of a work life and a personal life.
Most of the work of the NCI Agency is conducted in the English language, and therefore a thorough knowledge of English, both written and spoken, is essential and some knowledge of French is desirable.
Business travel to NATO and national (NATO and non-NATO) facilities as well as frequent travel between the NCI AGENCY offices;
May be required to undertake duty travel to operational theatres inside and outside NATO boundaries.
NCI Agency normally offers contracts of employment of a definite duration, not exceeding three years. Contracts may be for less than three years as required to support short-term projects, meet uncertainty with respect to the business outlook, staff performance and other factors.
Definite duration contracts may be extended for further periods. When extending contracts, the following is taken into consideration:
Renewal is in the interest of the Agency.
Staff member's desire to remain with the Agency.
The financial situation provides sufficient funding for the post held.
The skills, competencies and behaviours, potential and work experience of the staff, versus the requirements of the Agency's work and/or availability of funding.
Staff member has served the Agency with performance to the required standard as defined by the Agency,
Staff member's deployability to operational theatre.
Serving civilian members of NATO will be offered a contract in accordance with the NATO Civilian Personnel Regulations.
The first six months of definite duration contracts are a probationary period. During this period the staff member's work is assessed to ensure that he/she has the ability to carry out the duties of the post. At or before the end of the probationary period, the staff member will be notified in writing that the appointment is confirmed or terminated or, in exceptional cases, that the probationary period is extended.
What do we offer?
Excellent tax-free salary, including (where eligible) expatriation household and children's allowances and additional privileges for expatriate staff.
Education allowance for children (where appropriate) and an excellent private health insurance scheme.
Generous annual leave and home leave (if eligible).
Retirement Pension Plan.
To learn more about NCI Agency and our work, please visit our website.
Please note that due to the Agency’s transition into a new structure in the near future, this post may be subject to transfer to one of our other locations, as well as to a change of reporting lines. The final decision will be made at the time of a firm offer.
The Agency’s recruitment team advises you that due to the large volume of applications it receives the screening process may take up to 2 months after closing date. We appreciate your patience.