M

2024-0240 IT Analysis - External Attack Surface Management (cloud based)

McBride
Full-time
On-site
Mons, Wallonie, Belgium
Attack Surface Management

You will be responsible for the following: 

Under the direction of the NCSC Operational Tooling Management (OTM) Head the incumbent shall deliver the following:  

  • Daily: Maintain a comprehensive list of all vulnerabilities being taken care of, along with their remediation or mitigation status. The dataset shall be updated no later than 2 working days after the notification of a change is received.  
  • Weekly: Deliver a comprehensive vulnerability report to the Service Delivery Manager (SDM) and Service Owner (SAO), taking into account all vulnerabilities posing a security risk to the monitored organization, recommendation of remedial actions recommended to the system/application owners and the status of the recommended actions. 
  • The weekly report is expected to be delivered each first working day of a calendar week, before Close of Business. No weekly report is due if that week does not include any working day (for instance: long official holidays such as Christmas break).  
  • Monthly: Monthly: delivery of vulnerability report to the SDM and SAO, with an overview of the critical/high vulnerabilities identified, the status of the recommended actions to show in a graphical way plus the trend of the security posture of internet facing services. The monthly report is expected to be delivered within 5 working days after the last working day of the past month.   
  • Yearly: Deliver a report to the SDM and SAO, with a summary of all events and actions that occurred during the year. The yearly report is expected to be delivered within 15 working days after the last working day of the past year. 

 



Requirements

Qualifications:  

  • 3+ years of experience in IT security, with a focus on Security Audit and / or Security Assessment of large organisation  
  • Strong understanding of security best practices and experience with cloud-based infrastructure  
  • Strong understanding of the assessment of internet–facing assets for vulnerabilities and anomalies  
  • Knowledge of relevant NATO standards and regulations  
  • Strong analytical and problem-solving skills  
  • Excellent communication and collaboration skills  
  • The incumbent shall be able to understand and interpret the outcomes of security audit reports (NATO high side network).  
  • Experience with threat intelligence, incident response and remediation a plus  
  • Knowledge of NATO organization and its IT infrastructure is a plus  
  • Certifications such as CISSP, CISM, or CISA is a plus  

 

DESIRABLE Qualifications  

  • The candidate should also ideally have knowledge and experience in the following areas:  

  • Experience in working with NATO.  
  • Experience of working with NATO Communications and Information Agency.  
  • Experience of working with national Defence or Government entities.  

 

Education and Clearance 

  • NATO Cosmic Top Secret Clearance 
  • Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience