Officer, Cyber Forensics

[afotakel]

Application Deadline: 10-Sep-2015  

https://nato.taleo.net/careersection/1/jobdetail.ftl

Primary LocationBelgium-Brussels

 

Organizational Element NATO OFFICE OF SECURITY

Schedule Full-time

 

Salary (Pay Basis) : 4,987.42Euro (EUR) Monthly

Grade A.2/A.3

 

 

Description

:  

 

 

 
NOTIFICATION OF AN “A” GRADE VACANCY
NATO INTERNATIONAL STAFF

 

OPEN TO NATIONALS OF NATO MEMBER STATES ONLY

LOCATION: NATO Headquarters, Brussels, Belgium

 

DIVISION   

 

NATO OFFICE OF SECURITY
PROTECTIVE SECURITY BRANCH
INFORMATION ASSURANCE AND AWARENESS SECTION

TITLE   Officer, Cyber Forensics

GRADE  A.2/A.3

SECURITY CLEARANCE: CTS

VACANCY N°: 150310

 

1. SUMMARY

The NATO Office of Security (NOS) is responsible for the overall coordination of NATO security among member, Partner, Mediterranean Dialogue, Istanbul Cooperation Initiative, Contact nations and NATO civil and military bodies. In this connection it is responsible for ensuring the correct implementation of NATO security policy NATO wide.

 

The Protective Security Branch (PRB) is one of the three branches within the NATO Office of Security (NOS). PRB serves as the prime coordinator for all protective security measures for NATO Headquarters (HQ). It studies and analyses threats and vulnerabilities and determines and manages risk. PRB supervises the implementation of security regulations at NATO HQ and provides advice on protective security measures.

The incumbent is responsible for the identification, collection, acquisition and preservation of potential digital evidence from NATO Communication and Information Systems (CIS) resulting from CIS Security incidents and for preserving its integrity, authenticity and admissibility in accordance with relevant legal and security policy requirements. He/she performs evidence-based forensics analysis and investigations of breach indicators, working closely with the counter-intelligence staff to recover data, preserve evidence integrity and identify the root causes of cyber incidents. He/she focuses on the remediation and mitigation of the incident actor (user or function) for making them accountable and responsible for their actions and reducing the risk of similar incidents recurring.

The incumbent leads the NOS Cyber Security capabilities, oversees the operational planning and implementation of the Cyber Forensics activities and manages the HQ Forensics lab in terms of personnel, equipment, budget and training. He/she coaches and mentors staff as appropriate to improve performance. He/she contributes to the Section’s cyber situational awareness, risk management and in particular identifies and evaluates the risks to the users, projects and business and recommends safeguards to control risks. He/she works under the supervision of the Head, Information Awareness and Assurance.

2.  QUALIFICATIONS AND EXPERIENCE

 

ESSENTIAL

 

The incumbent must:

 

• possess a university degree, preferably in the field of Communications and Information Systems (CIS) engineering, technology or similar;
• possess at least 4 years’ professional working experience in Information Assurance or CIS Security or in security management dealing with Cyber Security or CIS auditing activities;
• possess at least 2 years’  recent experience performing auditing and investigation of CIS Security incidents in environments with high security requirements similar to NATO, such as International Organisations, governmental or military establishments;
• have proven ability and practical experience in conducting digital Forensics;
• have a good understanding of computer security operations, incident response technologies and methodologies and post-incident analysis;
• demonstrate advanced knowledge of common operating systems, file systems and encryption techniques;
• demonstrate familiarity in the area of computer, network and malware forensics, incident response, breach indicator and analysis, cyber intelligence, data leakage and data theft, cyber espionage, cyber incident legal matters and privacy concerns;
• have a good understanding of the current cyber threats and knowledge of hacker capabilities and techniques;
• have a good understanding of computer and network technology, digital security investigative tools and processes;
• demonstrate the ability to write clear and concise investigative reports and effectively communicating technical information;
• possess the following minimum levels of NATO’s official languages (English/French): V (“Advanced”) in one; I (“Beginner”) in the other.

 

DESIRABLE

 

The following would be an advantage:

 

• a higher university degree (master or Ph.D.) in a CIS related field, security and/or professional security certification credentials (such as EnCase(EnCE) Certified Examiner or fraud examiner or Certified Information System Security Professional (CISSP) and Certified Information System Auditor (CISA));
• hands-on experience of digital forensics tools (such as Encase or Access Data FTK);
• experience on performing digital forensics on mobile devices;
• effective interpersonal skills in performing investigative interviews;
• familiarity with the Security Policy, Directives and Regulations of NATO;
• experience on insider threat mitigation strategies and techniques;
• project management skills (i.e. PRINCE2).

 

3.  MAIN ACCOUNTABILITIES

Expertise Development
Perform cyber incident investigation and analysis activities, continuously improving the cyber incident response lifecycle by focusing on user accountability. Perform the investigation triage, manage coordination, investigate and prioritise cyber incidents to determine if they constitute security breaches. Undertake extensive and exhaustive investigations of security and cyber policy breaches. Produce cyber investigation reports, developing and coordinating recommendations for the NATO intelligence community and committees. Identify, implement and communicate relevant elements of the HQ cyber security incident programme focusing on user accountability for actions leading to damage or risk to the Organization. Expand knowledge and experience in the use and application of analytical tools relevant to cyber incident investigations such as digital forensics. Adapt to changing work methods and show an active interest in future developments in the field. Share expertise, lessons learned and best practice with others. 

 

Information Management
Develop and maintain the appropriate methodologies and procedures for cyber incident investigations. Assist in the development and updating of HQ Security Regulations and Investigation Framework related to CIS security and Cyber security.

 

Knowledge Management
Maintain an investigation database and share information on cyber incident investigations as required. Conduct and synthesise trend analysis from related information sources.

 

Project Management
Oversee and support NATO HQ Cyber Defence and Information Assurance capability developments and implementations as assigned. Lead and monitor internal and external projects related to cyber investigations. Work closely with project and programme managers to review NATO HQ projects, including the New HQ project for Cyber Defence and Information Assurance policy compliance. Provide backup support to the Section Head and contribute to the coordination of day-to-day Information Assurance issues, tasks and activities.

 

Stakeholder Management
Serve as the primary point of contact within NOS for cyber incident investigations. Ensure collaboration with NATO HQ security, counter intelligence and cyber defence staff. Assist in the management of the Section resources related to cyber monitoring and digital investigation activities, provide technical expertise and ensure their effective coordination. Establish and maintain working relations with NATO security authorities as well as with other relevant national and International Organisations such as Interpol and Europol.

 

Resources Management
Oversee the running of the NOS Information Assurance Digital Forensics Lab for the support of CIS Security Investigations. Demonstrate ability to manage personnel, equipment, budget and training to maintain the Forensics Lab, with a high degree of readiness, to carry out its primary mission of digital forensics. Demonstrate ability to coach and mentor staff as needed.

Perform any other related duty as assigned.

 

4. INTERRELATIONSHIPS

 

The incumbent reports to the Section Head, Information Assurance & Awareness. He/she will maintain regular contacts with the Section Heads and other Officers of PRB as well as the other Branches within NOS as required. He/she will work closely with Divisional Security Officers, Cyber Security and security management staff in other Divisions. He/she will contribute as an Information Assurance team member in the investigation of the CIS Security Incidents and cyber awareness material as determined by the Section Head.

Direct reports: N/a
Indirect reports: N/a.

5. COMPETENCIES

The incumbent must demonstrate:

 

• Achievement
• Analytical Thinking
• Clarity and Accuracy
• Conceptual Thinking
• Customer Service Orientation
• Objectivity
• Empathy
• Impact and Influence
• Initiative
• Teamwork

6. CONTRACT

 

Contract to be offered to the successful applicant (if non-seconded):
Definite duration contract of three years; possibility of renewal for up to three years.

 

Contract clause applicable:

 

It has been decided that for technical reasons, turnover is required in this post, and therefore, the maximum period of service in this post is six years. Accordingly, the successful applicant will be offered a 3-year definite duration contract, which may be renewed for a further period of up to 3 years.

 

If the successful applicant is seconded from the national administration of one of NATO’s member States, a 3-year definite duration contract will be offered, which may be renewed for a further period of up to 3 years subject also to the agreement of the national authority concerned.

 

Serving staff will be offered a contract in accordance with the NATO Civilian Personnel Regulations.

 

NOTE:

 

Irrespective of previous qualifications and experience, candidates for twin-graded posts will be appointed at the lower grade.

 

There are certain specific circumstances in which a serving staff member may be appointed directly to the higher grade.  These are described in the IS directive on twin-graded posts.

 

Advancement to the higher grade is not automatic and at least a minimum period of 3 years’ service (2 years for an A.1/A.2 post) is required before promotion to the higher grade can be considered.

 

7. HOW TO APPLY:

 

Applications must be submitted using one of the following links, as applicable:

• For NATO civilian staff members only: please apply via the internal recruitment portal (for more information, please contact your local Civilian HR Manager);
• For all other applications: www.nato.int/recruitment

ADDITIONAL INFORMATION:

 

Due to the broad interest in NATO and the large number of potential candidates, telephone or e-mail enquiries cannot be dealt with.

 

Appointment will be subject to receipt of a security clearance (provided by the national Authorities of the selected candidate) and approval of the candidate’s medical file by the NATO Medical Adviser.

 

Applicants who are not successful in this competition may be offered an appointment to another post of a similar nature, albeit at the same or a lower grade, provided they meet the necessary requirements.

 

Please note that we can only accept applications from nationals of NATO member countries.

 

NATO as an employer values diverse backgrounds and perspectives and is committed to recruiting and retaining a diverse and talented workforce. NATO welcomes applications of nationals from all Member States and strongly encourages women to apply.

 

Please note that the International Staff at NATO Headquarters in Brussels, Belgium is a non-smoking environment.