Cyber security events analyst





Global manager: 

  • Renske Wester


Europa / Europe

Nato clearance: 


Job description: 

DURATION: 6 months with extensions
CONTRACT: Consultant
SALARY: Negotiable daily rate
WORK HOURS: Monday to Friday, normal working hours


As Senior Security Event Analyst working embedded within NATO Security Operations Centre (NCIRC TC), you will be required to use your in-depth knowledge gained from both experience and qualifications in Cyber Defence arena to work on advanced cyber-attacks against one of largest cyber implementations. This will include utilisation of log analysis, IDS/IPS, full packet capture and forensics tools across a distributed sensor network. You will be focusing on protection of NATO Missions network.


  • Analysis of security events and ticket creation and support to Level 1 Event Analysts:
  • Reviewing of tickets and support for analysis of events;
  • Retrieval and support in analysis of Full Packet Captures (FPC);
  • Provision of in-depth analysis after ticket escalation;
  • New threat analysis; online research, such as creating developing new methods of detecting and monitoring new threats, keeping abreast of developments in cyber arena;
  • Liaison with Tools Analysts; ensuring security infrastructure is configured, up to date and operational;
  • Signature and rule creation: NIPS (Snort), SIEM (ArcSight), Full Packet Capture (Niksun, RSA);
  • Test and evaluation of signatures and rules prior to deployment in operational environment;
  • Evaluation and implementation of sensor tuning requests;
  • Assistance in support of legacy cyber sensor products (Juniper IDS, ScreenOS);
  • Provision of On-the-Job Training (OJT) for Level 1 event analysts, including tools familiarisation;
  • Creation and updating of Standard Operating Procedures (SOPs) and Security Policies;
  • Creation of security reports per request and analysis of Vulnerability Assessment results;
  • Periodic internal meetings and ad-hoc tasking from Incident Management Section (IMS) in support to investigations

Job requirements: 

  • Significant demonstrable experience (5+ years) in analysis and handling of network security related events and security event management in a SOC environment
  • Experience / Education Equivalence: If candidate has relevant degree (e.g. Computer Security), this counts towards equivalence for demonstrable experience, however irrespective of the candidate’s education, hands on experience within equivalent role is required. University degree will count towards max 2 years equivalent experience.
  • Essential to have one or more professional SANS (e.g., GSEC, GCIA) certifications. CISSP or other relevant certifications will be considered an added benefit
  • Expert level of management and analysis of security events and incidents (i.e. Security Event Analyst experience
  • At least two of following areas at expert level, and high level of experience in several of other areas:
  • Security Incidents Event Management products (SIEM) – e.g. ArcSight
  • Network Based Intrusion Detection Systems (NIDS) – e.g. SourceFire/Snort
  • Full Packet Capture systems – eg. Niksun, RSA/NetWitness
  • Host Based Intrusion Detection Systems (HIDS)
  • Configuration, operation, troubleshooting and management (i.e. Tools Specialist) of security tools and appliances
  • Variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
  • Computer Incident Response Centre (CIRT), Computer Emergency Response Team (CERT)
  • Computer forensics tools (stand alone, online and network)
  • Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc.)
  • Secure web design and development
  • Military communication systems and networks
  • Network, system and application level troubleshooting techniques