Senior Information Security Specialist

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

---

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

---

Role ID – C004769

Role Background

In support of CSU Ramstein's mission, the individual is responsible to develop effective, agile and resilient cyber security solutions tailored to specific operational requirements and environmental conditions. Incumbent will consult with stakeholders to evaluate functional requirements and translate functional requirements intotechnical solutions. Will design, develop, test, and evaluate information system security throughout the systems development life cycle and are responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.

Role Duties and Responsibilities

• Applies and maintains specific security controls as required by
• organisational policy and local risk assessments.
• Communicates security risks and issues to business managers and others.
• Performs basic risk assessments for small information systems.
• Contributes to the identification of risks that arise from potential technical solution architectures.
• Suggests alternate solutions or countermeasures to mitigate risks.
• Defines secure systems configurations in compliance with intended architectures.
• Supports investigation of suspected attacks and security breaches.
• Leads a team of 3-4 Cyber Security and COMSEC personnel through day-to-day operations
• Responsible as the Cyber Security Section Head for the administration of all aspects of Cyber Security activities in coordination with the NATO Cyber Security Centre (NCSC), to include, but not limited to, boundary protection management, data loss prevention and enterprise antimalware.
• Schedule, coordinate and facilitate security audits and inspections, manage post inspection actions.
• Supervises monitoring, testing, evaluating computer security systems and the evaluation of Cyber Security aspects of CIS Accreditation.
• Plans and as necessary implements Cyber Security services in support of Agency SLs, DSO, Strat and other Agency organizational elements as applicable.
• Can support physical task requirements with the ability to lift up to 25 lbs.
• Deputise for higher grade staff as required.
• Performs other duties as required.

Essential Skills, Experience and Certifications

• At least 2 years' experience with system security, security architecture, network security engineering, security governance, and risk management.
• Detailed knowledge and working experience of security and networking technologies including IPv4, Firewalls, Virtual Private Networks, Proxy Servers, Intrusion Detection and Forensic tools.
• Experience with:
  • wireless LAN technologies and endpoint security of mobile devices including laptops, tablets and smartphones
  • security incident handling, interpretation of Cyber Security audit results and conducting risk assessments
  • identifying and mitigating security vulnerabilities.
• Previous experience supporting NATO Enterprise CIS, knowledge of NATO responsibilities and organization, including the NATO Command Structure and ACO & ACT and knowledge of NATO Security Policy and supporting directives. combined with at least 6 years extensive and progressive expertise in duties related to the function of the post.
• Ability to: work independently and manage multiple tasks simultaneously; work collaboratively in a team environment and interact positively with multiple departments; handle stressful situations with calmness ensuring the user feels supported throughout their interaction; empathetic and patient, understanding the frustrations users may feel and aiming to alleviate them. Positive attitude and a genuine desire to assist and educate users.
• Excellent written and verbal communication skills, capable of conveying complex technical information in a user-friendly manner.
• Strong analytical skills, capable of quickly identifying issues and determining the most efficient resolution.
• Knowledge and working experience of:
  • Palo Alto Enterprise firewalls
  • Public Key Infrastructure;
  • McAfee Endpoint Security Enterprise solutions
• Familiarity with ITIL or other IT service management frameworks, including incident, request fulfilment, problem, change and capacity management processes;
• Knowledge and experience with Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows 11, Windows 10 operating system environments;
• Knowledge and experience in managing centralized endpoint security (i.e. AV, DLP, Application Control, Drive encryption) solutions, (i.e. Trellix) and using Vulnerability Scanners (i.e., Nessus);
• Knowledge and experience in server, network and storage virtualization technologies (i.e. VMware vSphere, ESX, NSX and vSAN);
• Basic understanding of Disaster Recovery (DR) and Business Continuity (BC) concepts (i.e. RPO, RTO, MTTR, MTBF) and approaches (active-active, active-passive);
• Fundamental knowledge of cloud technologies;
• Prior experience of working in an international environment comprising both military and civilian elements;

Training and Certificates

• CGRC/CAP or CASP+ (or Cloud+, PenTest+, Security+, GSEC or equivalent certification)
• ITIL (v3 or v4) Foundation certified
• 0731 NATO COMPUSEC Practitioner Level 1, 0732 NATO COMPUSEC Practitioner Level 2
• 0280 NATO CIS Security Officer
• Security Professional certification: CISM or CISSP or CISSO or CPTE or CySA+ or FITSP-A or GCSA or CISA or CISSP or CISSP-ISSEP or GSLC or GSNA; (CEH, GIAC, ISC2, or other relevant certification)

Education

• Bachelor's degree at a nationally certified University in a related discipline and 2 years post-related experience. Exceptionally, demonstration of a candidate's particular abilities or experience

Language Proficiency

• Business English

Working Location

• Ramstein, Germany

Working Policy

• On-site

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance