About this job

Sapienza Consulting is recruiting Tool Manager (SIEM)(RS) to join NATO-NCIA, at Mons, Belgium

Responsibilities

Under guidance from Section Head, Security Tools Management Services or delegated authority, incumbent will perform duties such as:

• Install, deploy, update, maintain, configure and keep in operational conditions Cyber Defence capabilities as deployed to protect Resolute Support Mission Operational networks in Afghanistan
• Support design of related capabilities and expansion of service
• Provide support to RSM users accessing CD systems such as Splunk and ensure appropriate RBAC is implemented and used for these users
• In particular, incumbent will configure, deploy and maintain event log collection and correlation capability based on Splunk Enterprise
• Manage and administer underlying infrastructure to support efficient operation of the Central Management of these capabilities
• Develop and enhance the existing interfaces and remote data feeds from RSM Cyber Defence capabilities to NCIRC Security Information and Event Management system or other centrally managed NCIA capabilities
• Ensure the level of security (Confidentiality, Integrity, and Availability) of Resolute Support Cyber Defence Capabilities meet or exceed the minimum security requirements defined by NATO security authorities
• Act as the interface between the Theatre Cyber Defence personnel, NCIA CISAF project management team and NCIRC to ensure provided capabilities are delivering expected outcome to the stakeholders
• Act as the Subject Matter Expert (SME) on Resolute Support Cyber Defence capabilities, especially on SIEM and log aggregation aspects
• Represent section for change management and service delivery improvement proposals
• Proactively recommend optimisations to Resolute Support Cyber Defence capabilities to provide effective and efficient service operations
• Produce metrics to be integrated into wider CSSL or NCIA products that are being delivered up to NATO executive management level and Theatre
• Take initiatives in area of responsibility and support other objectives of line manager

Profile

• Required Security Clearance: NATO Secret
• University degree at nationally recognised/certified University in technical subject with substantial Information Technology (IT) content and 2 years of specific experience. Exceptionally, lack of university degree may be compensated by the demonstration of candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 10 years extensive and progressive expertise in the duties related to the function of the post
• Expert knowledge and extensive hands-on experience in O&M and System Administration activities of Enterprise-wide Security Incident and Event Management (SIEM) based on Splunk Enterprise
• Demonstrated experience in on-boarding log sources and utilising Regular Expressions for data parsing
• Good knowledge of virtual environment based on VMWare infrastructure
• Demonstrated experience in using API for data ingestion and tools integration
• Demonstrated experience in Linux / UNIX Systems administration, preferably with RedHat
• Demonstrated experience in management and administration of SQL databases
• Understanding of service delivery management and service lifecycle
• Demonstrated experience in scripting languages
• Professional certifications on Splunk products
• Desirable Experience and Education:
• Demonstrated experience and good knowledge of Python
• Demonstrated experience in working with (O&M activities): Microfocus ArcSight,RSA Netwitness, Cisco SourceFire, Opentext Encase
• Previous experience in working in Cyber Security Professional Certification related to Cyber Security field NOTE: This role is not Threat/Malware Analyst however prior experience in such area is considered an additional benefit

Candidates must be eligible to work in the EU

For information on how we process the personal data in your application, please see the Sapienza Privacy Statement here.