ESS RSM Tool Manager 2 (SIEM)
LOCATION: Mons, Belgium
DURATION: End of this year with possible extensions
SALARY: Negotiable daily rate
CLEARANCE: NATO Secret
STARTING DATE: September 2019
• Install, deploy, update, maintain, configure and keep in operational conditions the Cyber Defence capabilities as deployed to protect the Resolute Support Mission Operational networks in Afghanistan.
• Provide support to RSM users accessing CD systems such as Splunk and ensure appropriate RBAC is implemented and used for these users.
• In particular, the incumbent will configure, deploy and maintain the event log collection and correlation capability based on Splunk Enterprise
• Develop and enhance the existing interfaces and remote data feeds from RSM Cyber Defence capabilities to the NCIRC Security Information and Event Management system or other centrally managed NCIA capabilities.
• Ensure the level of security (Confidentiality, Integrity, and Availability) of the Resolute Support Cyber Defence Capabilities meet or exceed the minimum security requirements defined by NATO security authorities.
• Act as the interface between the Theatre Cyber Defence personnel, the NCIA CISAF project management team and the NCIRC to ensure the provided capabilities are delivering the expected outcome to the stakeholders.
• Act as the Subject Matter Expert (SME) on Resolute Support Cyber Defence capabilities for change management and service delivery improvement proposals.
• Proactively recommend optimisations to Resolute Support Cyber Defence capabilities to provide effective and efficient service operations
• Produce metrics to be integrated into wider CSSL or NCIA products that are being delivered up to NATO executive management level and the Theatre.
• Take initiatives in his area of responsibility and support the other objectives of his line manager.
• A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 2 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 10 years extensive and progressive expertise in the duties related to the function of the post.
• Very good knowledge in managing an Enterprise-wide Security Incident and Event Management (SIEM) based on Splunk Enterprise.
• Good knowledge of virtual environment based on VMWare infrastructure.
• Demonstrated experience in using API for data ingestion and tools integration.
• Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat
• Demonstrated experience in the management and administration of SQL databases.
• Understanding of service delivery management and service lifecycle
• Demonstrated experience in scripting in PowerShell or Python
• Demonstrated experience in working with the following products: Microfocus ArcSight, RSA Netwitness, Cisco SourceFire, Opentext Encase.
• Previous experience in working in a Cyber Security field (CERTs, security office,…)
• Professional certifications on Splunk Enterprise.