The NATO CIS Group is looking for an Engineer (Incident Response) to serve as the primary point of contact and subject matter expert on the issues related to Cyber Defence Incident Response; that is, the immediate and long-term actions related to a cyber-attack on the deployed network. The post requires frequent travel and lengthy participations in out-of-area deployments for operations and exercises.
The NATO CIS Group conducts CIS operational planning and provides deployed/deployable CIS services and support in support of NATO military operations and exercises. The NATO CIS Group is located at the Supreme Headquarters Allied Powers Europe (SHAPE) the Headquarters of Allied Command Operations (ACO), one of the two major military commands of the North Atlantic Treaty Organization (NATO).
Location: Casteau/Mons, 60 Km south of Brussels (Belgium)
Division: J2/J6 Division
POST CONTEXT/POST SUMMARY
The J2/6 Division is the technical coordination authority for Deployable Communication Information Systems and is responsible for the operational integration, coordination, direction and provision of required technical services for the NATO Communications Information Systems Group and NATO Signal Battalions.
The Information Assurance and Cyber Defence (IACD) Branch is responsible for all aspects of NATO Communications Information Systems Group organizational security and Deployable Communications Information Systems Information Assurance, to include the planning, coordination and operational integration of Defensive Cyberspace Operations and Cyberspace Intelligence.
The Defensive Cyberspace Operations (DCO) Section is responsible for planning, preparing, and executing all lifecycle management activities of Deployable Communication Information Systems (DCIS) Cyberspace Defence, and providing guidance and coordinating Defensive Cyberspace Operations (DCO) operational integration to the NATO Signal Battalions.
The incumbent's duties are:
Responsible to the NCISG J2/6 IACD Branch DCO Section Head for functional subject matter expertise, engineering, and management of DCIS Incident Response.
NCISG CD Subject Matter Expert of DCIS network monitoring, intrusion detection, incident response and consequence management.
Develops and maintains NCISG processes and procedures in functional areas of expertise and coordinates within the HQ and subordinate units to ensure compliance.
Interfaces with NCIA and NCISG subordinate units to ensure resilience of the DCIS CD capabilities in accordance to the Minimum Military and FMN requirements.
Assists in translating the ACO Operational Requirements into CD related directives and guidance documents and develop internal NCISG procedures.
Supports the provision of CD services to operations and exercises.
Provides engineering support to CD Situational Awareness and Consequence Management for NATO operations and exercises.
Engineers and recommends CD architectural & procedural modifications to assist in mitigating risks & vulnerabilities identified during Threat Modelling, Penetration Testing, and in support of Incident and Vulnerability Management findings.
Manages DCIS security incident responses in coordination with other partner organizations to counteract malicious activities detected on federated networks, and responds to security incidents when required.
May be required to perform as the Incident Response Engineer within the Signal Support Group (SSG) Deployed Network Operations Centre (DNOC) at deployed locations.
SPECIAL REQUIREMENTS AND ADDITIONAL DUTIES
Mandatory Deployment Post. The incumbent may be required to undertake deployments in support of military operations and exercises, and/or TDY assignments, both within and outside NATO boundaries. Such operational deployment may exceed 30 days duration up to 183 days in any period of 547 days and may be on short notice. For NATO International Civilian Staff, acceptance of an employment contract linked to this post constitutes agreement to deploy in excess of 30 days if required.
May be required to participate in NATO policy and publication maintenance and contribute to capability development processes in functional areas of expertise.
May be required to augment the NCISG DCC or SSG DNOC in support of NATO operations and exercises.
The work is normally performed in a Normal NATO office working environment.
Normal Working Conditions apply.
The risk of injury is categorized as: No Risk.
At least 2 years of recent experience in incident response, intrusion analysis, network and endpoint security.
Minimum 2 years of experience in the operation and integration of CD capabilities including intrusion detection and prevention systems (IDS/IPS), boundary protection systems (BPS) and security information and event management systems (SIEM).
Minimum 2 years of experience in the engineering and implementation of distributed Cyber Defence (CD) solutions.
Minimum 2 years of experience in correlating different types of events in order to identify a wide variety of cyberspace attacks.
Proven experience in the development of CIS Security Standard Operating Procedures and technical guidance.
Proven experience of leading small teams and influencing others.
University Degree in computer science, engineering disciplines, statistics or similar numerate discipline, operations research., information security or related discipline and 2 years function related experience, or Higher Secondary education and completed advanced vocational training in that discipline leading to a professional qualification or professional accreditation with 4 years post related experience.
Advanced certification in Incident Response (GCIA, GCIH or equivalent from another organization).
English - SLP 3333 (Listening, Speaking, Reading and Writing)
NOTE: The work both oral and written in this post and in this Headquarters is conducted mainly in English.
A. Professional Experience
Knowledge of NATO CIS concepts, security policies and architectures.
Experience in secure network architecture design.
Proven experience administering and securing Microsoft Windows-based client and server systems.
Extensive experience administering Unix and Linux-based systems.
Experience in virtualization technologies, preferably from VMWare.
Work experience in Security Operations Centers.
Experience with enterprise endpoint protection management suites, preferably from McAfee.
Experience with industry standard SIEM solutions, preferably Splunk Enterprise Security.
Experience of mentoring junior analysts/technicians.
University Degree in Information Technology or related discipline at a nationally recognized university and 2 years of function-related experience (Cyber Defense Incident Response).
Advanced certification in Cyberspace Operations (GMON, GCED or equivalent).
Cyber Defence NATO CIS Security Officer (INFOSEC Version 2.0) (CCC-ET-32256) provided by NATO - Communications and Information Systems School (NCISS).
Cyber Defence NATO COMPUSEC Level 1 (CCC-ET-32285) provided by NATO - Communications and Information Systems School (NCISS).
A. Personal Attributes
The incumbent will need to display a high degree of initiative, professionalism and engineering expertise in performance of his/her duties. The rapidly changing NATO environment and increasingly constrained resource situation creates a requirement to solve numerous complex problems and challenges, which shall require the incumbent to draw upon a comprehensive ability to quickly reason, analyze, act with persuasion and diplomacy. Requires a high degree of tact and perseverance to ensure that technically sound decisions are made in a timely manner in reaction to current events. The incumbent must be able to use own initiative with minimal supervision and be able to lead a small functional team, both physical and virtual, in order to implement and manage effective and timely responses to DCIS cyber-attacks.
The incumbent will be required to maintain an adequate degree of physical fitness to comply with NATO deployability requirements.
He/she needs a high level of organizational, coordination and communication skills.
B. Managerial Responsibilities
The incumbent serves as the primary point of contact and subject matter expert on the issues related to Cyber Defense Incident Response; that is, the immediate and long-term actions related to a cyber-attack on the deployed network. As such, the incumbent develops and implements cyber-attack response strategies and procedures and is responsible for the coordination, immediate implementation and maintenance of these strategies and procedures by the NATO Signal Battalion Cyber Defence technicians.
May be required to fill the position of Signals Support Group / Deployed Network Operations Center (SSG DNOC) CD Cell Head.
C. Professional Contacts
Regular professional contacts with others inside and/or outside immediate organization on functional matters. Solicits/provides information and assessments/advice in functional area of expertise within the organization. Present and support coordinated NCISG viewpoints and decisions regarding their functional area of expertise to others outside the organization.
D. Contribution to Objectives
Work involves the provision of information, analysis, and engineering technical solutions in response to cyber-attacks on the DCIS network provided by the organization, compelling others within the organization to action within the Signal Support Group / Deployed Network Operations Center (SSG/DNOC). The incumbent is the lead in responding to a cyber-attack on the deployed network and will commit the Cyber Defence functional area of NCISG to numerous courses of action in defense of the network, affecting NCISG’s mission accomplishment in DCIS provision.
This post reports to OCG CXOD 0010 - Section Head (Defensive Cyberspace Operations) - A-3.
E. Supervisory Responsibilities
There are no reporting responsibilities.
This job is advertised for recruitment purposes in anticipation of formal authorization to offer a contract to the selected candidate. If authorization to offer a contract is not obtained, the selection process will be cancelled with no further obligation to the applicants.
The candidature of NICs who are redundant / unplaced from NCS-A will be given priority consideration provided their CHRM notifies SHAPE Recruitment Section by not later than the vacancy’s closing date.
Test and interviews for this post are expected to be held at SHAPE, Belgium on 16 and 17 Sept 2019.
Duration of contract: Serving staff members will be offered a contract according to the NATO Civilian Personnel Regulations (NCPR). Newly recruited staff will be offered a definite duration contract of three years normally followed by an indefinite duration contract.
HOW TO APPLY FOR A NATO CIVILIAN POST AT SHAPE:
Applications are to be submitted using NATO Talent Acquisition Platform (NTAP) (https://nato.taleo.n...rch.ftl?lang-en). Applications submitted by other means (e.g. mail, e-mail, fax, etc.) are not accepted.
NTAP allows adding attachments. A copy of the qualification/certificate covering the highest level of education required by the job description must be provided as an attachment.
Essential information must be included in the application form. Particular attention should be given to Education and Experience section of the application form. Each question should be answered completely. Expressions such as “please see attached CV, please see annex / enclosed document” or invitations to follow links to personal webpages are not acceptable and will be disregarded. All answers should be in English (preferably) or in French.
Shortlisted candidates will be requested to provide original documentary evidence and a set of copies supporting statements in their applications.
Current and past civilians working for NATO or any Coordinated Organization, shall indicate their last grade and step held (next to job title), and specify the name of employing NATO body or Coordinated Organization.
A) Only nationals from the 29 NATO member states can apply for vacancies at SHAPE.
Applications are automatically acknowledged within one working day after submission. In the absence of an acknowledgement please make sure the submission process is completed, or, re-submit the application.
C) Qualified redundant staff of the same grade interested in this post should inform this office, via their HR/Personnel Office by not later than vacancy’s closing date.
D) Candidates’ individual telephone, e-mail or telefax enquiries cannot be dealt with. All candidates will receive an answer indicating the outcome of their application.