Threat Hunting Analyst

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

---

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

---

Role ID – C003950

Role Duties and Responsibilities

• Prioritize, plan and execute threat hunts.
• Can work independently, as well as part of the team.
• Highlight improvements on the detection and prevention methods (IDS, SIEM content for correlation, modification of security settings, etc…).
• Pro -active engagement with the Cyber Community internal to NATO.
• Monthly reporting on approved KPIs.
• Creation/maintenance of Standard Operating Procedures (SOPs) to support all aspects of their role.
• Monthly reporting to both the Customer and Business Stake Holders.
• Assist NCSC, when required, in support to Cyber Incident Analysis and Response.
• Production of high quality hypotheses and detection use cases documented in the centralized knowledge base of NCSC.
• Advise on, test and implement Data Analysis, Artificial Intelligence and Machine Learning technologies to augment and improve existing NCSC process,
• Improvement of NCSC processes for receiving, searching, analysing, and storing cyber threat data.
• Regular, at least monthly, Knowledge Transfer meetings with appropriate stakeholders, focusing on:
• Successes and setbacks,
• Lessons identified/learned,
• Improvements to the Cyber Security processes currently in use within NCSC.

Essential Skills, Experience and Certifications

• Significant demonstrable experience in Cyber Security related environment.
• Excellent analytical and hypothetical thinking.
• Experience in liaising at both the technical and managerial level, the incumbent must have excellent written and spoken communication skills.
• Experience in producing accurate and meaningful reports, both technical and managerial, on activities related to Cyber Security.
• Able to organize and lead.
• Able to work as part of a team and under direction of a higher authority.
• Strong collaboration and interpersonal skills.• Pattern Recognition/Deductive Reasoning
• Highly Desirable to have one or more advanced professional SANS (500/600/700) certifications (e.g., GCIA, GCFA, GNFA, GREM,…) or with the same level of quality.
• Demonstrable self-learning capability on complex technical subjects.
• Knowledge and practice of Data Analytics, Data Mining, Data Enrichment, Artificial Intelligence and connected concepts such as Large Language Models, Retrieval Augmented Generation, Machine Learning;
• A good understanding in at least three of these areas:
• Network Based Intrusion Detection Systems (NIDS), Host Based Intrusion Detection Systems (HIDS), Network security appliances and networking devices and associated management software. A variety of Security Event generating sources at network and host
• level (e.g. Firewalls, IDS, Routers, Security Appliances, …),
• Computer Forensics Tools (stand alone, online and network),
• Computer Security Tools (Vulnerability Assessment, Anti-Virus, Anti-Spyware, etc.),
• Network protocols,
• Scripting languages (PowerShell/Python/…).
• Ability to effectively manage own workload in a high tempo environment to Time, Quality and Standards.
• Ability to effectively communicate technical solutions to various audiences, both technical and non-technical.
• Be self-motivated and driven.
• Ability to work in an International environment embedded in the Customer's location in mainland Europe (Belgium).

Working Location

• Mons, Belgium

Working Policy

• Onsite

Travel

• There may be travel of up to twice per month between NCIA Mons and NATO HQ in Brussels.

Security Clearance

• Valid National or NATO Secret personal security clearance