· A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 3 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCI Agency; that is, at least 5 years extensive and progressive expertise in the duties related to the function of the post
· 2+ years of demonstrable experience in security monitoring and analysis of enterprise level cloud environments (AWS and/or Azure)
· Detailed knowledge of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures
· Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
· Expertise in at least three of the following areas and a high level of experience in several of the other areas:
ü Security monitoring and analysis using a variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, EDR and AV)
ü Cloud architectures and technologies (AWS and/or Azure)
ü Managing security operations in public cloud services (AWS and/or Azure)
ü Microsoft Sentinel
ü AWS cloud security tools
ü Splunk ES suite and Splunk Seach Processing Language (SPL)
ü Phantom SOAR playbook development
ü Security use case development aligned to the MITRE ATT&CK Framework

Desirable Qualifications/Experience:
· Industry leading certification in the area of Cybersecurity, such as GCIA, GPCS, GCLD, GNFA, GCIH, CCSP, GSFE, GCFA, GCED, OSCP
· A solid understanding of Information Security Practices relating to the Confidentiality, Integrity and Availability of information (CIA triad)
· Experience working with Full Packet Capture Systems e.g Niksun, RSA/Net Witness
· Experience working with Host Based Intrusion Detection systems (HIDS)
· Experience with Network Based Intrusion Detection Systems (NIDS) - e.g Source Fire, Palo Alto Netork Threat Prevention
· Strong knowledge of malware families and network attack vectors
· Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), in-depth analysis of threats across enterprise environments by combining security rules, content, policy and relevant datasets
· Ability to analyse attack vectors against a particular system to determine attack surface

DUTIES/ROLE:
· Analyse and respond to alerts originating from complex cloud infrastructure deployments and on-premise network and security devices
· Identify security gaps in NATO cloud security infrastructure and develop custom detection content within cloud environments
· Develop and maintain cloud-specific use cases in our on-premise SIEM solution (Splunk Enterprise Security)
· Develop processes, create and maintain supporting documentation
· Work towards automating repetitive tasks using our SOAR solution
· Create automated detection and response capabilities using SIEM, SOAR and other available toolset
· Create dashboards and reports for situational awareness purposes
· Create technical reports for business and performance reporting
· Develop and maintain SOAR playbooks
· Mentor less experienced members of the team
· Be flexible and support your colleagues in securing NATO networks through ad hoc tasks