Cybersecuirity Adminstrator

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

---

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

---

Role ID – C004394

Role Duties and Responsibilities

• Design, set up, and manage a suite of tools supporting threat hunting (ex.: THOR, Asgard, Sysmon, Corelight, Microsoft Defender, Splunk, Sentinel) ensuring seamless integration with other technologies present on the network.
• Ensure that the deployment and operation of those tools meet strict security requirements and comply with IT Service Management policies governing the network environment. This includes producing the required documentation and maintaining testing environments.
• Apply best practices workflow automation by leveraging tools and technologies like N8N, Ansible and Magnet Automate to enhance efficiency and reliability.
• Liaise with supporting team in other services and business areas to ensure streamlined delivery of agents, logs and configuration items.
• Lead or contribute to the creation and ongoing maintenance of comprehensive documentation and Standard Operating Procedures (SOPs) to support operational continuity and compliance.
• Collaborate closely with team members and end users to incorporate feedback, continuously improving the quality and effectiveness of the delivered digital forensics capabilities.
• Proactively identify and propose system improvements to ensure an up-to-date and stable environment. Justify business needs, prepare documentation and implementation plan for the Change Management Board. Implement the approved changes following co-ordination with other stakeholders.
• This role is not a Cyber Security analyst; utilisation of cyber tools (performing threat hunt, malware or vulnerability analysis) is not considered to be part of the standard duties.

Essential Skills, Experience and Certifications

• Essential to have a Bachelor's Degree in Computer Science (or similar) combined with a minimum of 2 years' experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCI Agency; that is, at least 8 years extensive and progressive expertise in the duties related to the function of the post.
• Strong knowledge and experience in deploying, managing and maintaining cyber security tools in complex environments;
• At least 2 years of extensive practical experience as a tool engineer/system administrator in large enterprise environments (deployment, installation, configuration and maintenance), especially in Linux environments;
• Practical skills in writing Bash, Python or Ansible scripts to support repetitive tasks automation.
• Solid understanding of cyber threat hunting methodologies and principles;
• Have an in-depth understanding of infrastructure concepts related to Hosting, Networks, IP address Management, firewalls, certificates, Load balancing and Proxy;
• Knowledge and demonstrable experience with scripting languages and integration tools including PowerShell, Python, Bash, Batch and Ansible;
• Knowledge of network based visibility tools such as Zeek and how to administrate them in an enterprise environment;
• Hands-on experience with network infrastructure and virtualised environments (preferably VMWare);
• Good understanding of cyber security concepts;
• Good understanding of network communication protocols;
• Good verbal and written communication skills in English;
• Strong team-spirit attitude;
• Ability to produce detailed technical documentation and follow change management processes.
• Practical experience with Sysmon: deployment, installation, configuration and maintenance;
• Practical experience with Nextron Asgard/THOR solutions;
• Professional experience in cyber security monitoring;
• Past experience working for NATO or in an international organization;
• Experience with Microsoft Azure, Microsoft Defender for Endpoint;
• ITIL Service Management certifications;
• Prior experience as a user of SIEM and Log aggregation systems.

 Working Location

• Mons, Belgium

Working Policy

• Onsite

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Cosmic Top Secret personal security clearance