Jump to content

Digital Forensic/Malware Analyst

afotakel
 Share

Recommended Posts

afotakel Enterprise Admin!

afotakel

Posted
Posted

https://nato.taleo.net/careersection/2/jobdetail.ftl

 

Closing Date 29th  May 2015

 

Digital Forensic/Malware Analyst (COMPUSEC)-150152
 
Primary Location Belgium-Mons
 
Organizational Element INFRASTRUCTURE SERVICES DIRECTORATE
Schedule Full-time
 
Salary (Pay Basis) : 6,153.80Euro (EUR) Monthly
Grade A.3
 
 
Description
:  

 

Are you a subject matter expert for digital forensics and malware analysis with provable leadership experience? Did you have experience in organising deployment teams?

NCI Agency is looking for a Digital Forensic/Malware Analyst (COMPUSEC) capable to act as a team leader for a deployable Rapid Reaction Team (RRT) comprised of technical experts drawn from the NATO civilian and military staff; industry and from academia. In addition, when not engaged in activities linked to RRT duties, you will be required to carry out tasks as directed by the Incident Management Section Head or Forensics Cell Head in support of other activities, primarily focusing on management of the preparatory, training and exercise aspects of the RRT Capability.

 

Role responsibilities:

 

The NCI Agency Cyber Security Service Line (CS SL) is responsible for planning and executing all lifecycle management activities for cyber security. In executing this responsibility, CS SL provides specialist cyber security-related services covering the spectrum of scientific, technical, acquisition, operations, maintenance, and sustainment support, throughout the lifecycle of NATO Information Communications and Technology (ICT).

Security Incident Management Section monitors, detects, reports and coordinates response to cyber security incidents across NATO’s ICT infrastructure and provides technical support to any subsequent investigations. The Forensics Cell is responsible for advanced digital forensics and malware analysis capabilities being maintained to support all phases of security incident detection and response, and to support post-incident analysis.

Under the direction of Cell Head (Forensics Cell), you will perform duties such as the following:

 

  • When appointed as the CD RRT Mission Coordinator, manages, coordinates and leads the execution of the CD RRT mission as an all and provides general technical direction.
  • Maintain the operational readiness of the CD RRT through training, exercise and preparatory activities.
  • When appointed as RRT Team leader, coordinates and leads the execution of the approved CDMB assistance to a NATO or Partner Nation for that element.
  • When appointed as RRT Team leader, acts as the senior technical lead in Digital Forensic and Malware Analysis matters.
  • As team leader, to lead and supervise an RRT comprised of multi-disciplined technical experts drawn from NATO civilian/military staff, national military/civilian staff, industry and academia whose grades would be expected to vary between B5-A3 and equivalent.
  • When not deployed on RRT mission the incumbent is expected to carry out CD RRT capability development, staff work, long term planning of the IMS program of work.
  • As technical member of the RRT responsible for the planning, preparation, exercising and execution of Digital Forensics and Malware Analysis services within the NCIRC TC Rapid Reaction Team (RRT).
  • The identification of tactics, techniques and procedures employed against the target to assist in the detection, containment and recovery of incidents.
  • Assists in recommendation for containment and recovery processes and the prevention of further incidents based on experience from past incidents and other sources.
  • Identifies indicators supporting the attribution of malicious activities.
  • Develops and maintains the NCIRC Advanced Persistent Threat database containing the intelligence on cyber-attacks and cyber espionage activities launched against NATO and member nations.
  • Develops and maintains the NCIRC Automated Malware Analysis capability and conducts research in the area of expertise when needed.
  • Executes the CSSL and Cyber Defence Program of Work.
  • Ensures the provisioning of digital forensic and malware analysis services for NCIRC TC when not involved in CD RRT activities.
  • Maintains links with major digital forensics and malware analysis tools vendors in order to have the opportunity to influence development of their products to meet NATO cyber defence needs
  • Provides security expert assistance by conducting analysis of security incident and planning and directing the post incident recovery activities.
  • Monitors developments in area of expertise with a view to optimising RRT practice to meet current best practice.
  • Chooses, evaluates and maintains an up-to-date software library to best meet NCIRC’s forensic and malware analysis requirements.
  • Maintains security (SecOPs) and operational documentation (SOPs) related to NCIRC digital forensic and malware analysis capability
  • Prepares detailed technical reports on new trends and tactics used by attackers, to be shared with NATO partners and member nations.
  • Supervises maintenance of the deployable and laboratory environment needed to perform CD RRT missions, digital forensic and malware analysis activities.
  • Performs other duties as may be required.

 

Person specification

Qualification required:

You will hold in a relevant discipline, preferably equivalent to a Master’s, and supplemented by relevant postgraduate qualifications. Exceptionally, the lack of a university degree may be compensated by the demonstration of particular abilities or experience of interest to the Agency.

 

Experience required:

You will be required to demonstrate at least 5 years’ relevant experience, with emphasis on the management of incident/crisis response element and/or team of technical experts. In addition, you need to prove:

  • Excellent communication skills and reporting experience with capability to communicate to different types of audience (senior executive, middle management, technical and non-technical).
  • Leadership skills with knowledge of organising a team deployment.
  • Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications.
  • Proven experience in:
    • Analysis of risk and in the implementation and integration of Information Assurance protective measures.
    • Use of run-time execution monitors to analyse security events in a black-box fashion.
    • Behavioural analysis and static code analysis of malware, including skills in reading and analysing x86 assembly language and web site contents (HTML, Java Script, Adobe Flash, etc.)
    • Computer forensic and malware analysis techniques, methodologies and tools such as Encase, Helix, FTK, Wireshark, IDA Pro, OllyDbg, WinDBG.
    • Network traffic analysis as it relates to covert channels and malware’s communication with command and control systems.
    • File system analysis, including NTFS, FAT, EXT and UFS.
  • Thorough knowledge of the broadest concepts and goals of security.
  • Demonstrable knowledge of malware infection techniques and associated protection technologies and countermeasures.
  • Extensive work experience and expert knowledge of the suite of Microsoft Operating Systems as it relates to forensics.
  • Demonstrable skills in using common programming and scripting languages. 

 

Preferably you should be also able to demonstrate:

  • Professional qualifications: GCFA ENCE GREM CISSP GCIH.
  • Experience in crisis management and computer incident handling activities, processes and procedures.
  • Experience in:
    • Digital forensics of mobile devices, PDAs and handsets.
    • Memory analysis as it relates to digital forensics and malware analysis.
    • Providing CIS support to diverse range of customers including troubleshooting.
    • VMware virtualization technologies.
    • Electronic mail and web technologies.
  • Expert knowledge of network protocols (including TCP/IPv4 and IPv6 family, VoIP and wireless protocols) and architectures.
  • Knowledge of cryptographic techniques and concepts.
  • Proficiency in making security assessment of network designs, architectures and their vulnerabilities.
  • Prior experience of working in an international environment comprising both military and civilian elements;
  • Knowledge of NATO responsibilities and organization, including ACO and ACT.

 

Competencies required:

Drive for Result - Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results.

Planning - Accurately scopes out length and difficulty of tasks and projects; sets objectives and goals; breaks down work into the process steps; develops schedules and task/people assignments; anticipates and adjusts for problems and roadblocks; measures performance against goals; evaluates results.

Problem Solving - Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers.

Customer Focus - Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.

Process Management - Good at figuring out the processes necessary to get things done; knows how to organize people and activities; understands how to separate and combine tasks into efficient work flow; knows what to measure and how to measure it; can see opportunities for synergy and integration where others can't; can simplify complex processes; gets more out of fewer resources.

 

Language skills:

 

Most of the work of the NCI Agency is conducted in the English language, and therefore a thorough knowledge of English, both written and spoken, is essential and some knowledge of French is desirable.

 

Travel:

 

Digital Forensic/Malware Analyst (COMPUSEC) may be required to undertake duty travel to operational theatres inside and outside NATO boundaries.

 

What do we offer?

  • Excellent tax-free salary, including (where eligible) expatriation household and children's allowances and additional privileges for expatriate staff.
  • Education allowance for children (where appropriate) and an excellent private health insurance scheme;
  • Generous annual leave and home leave (if eligible);
  • Retirement Pension Plan.

 

To learn more about NCI Agency and our work, please visit our website.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...