Cyber Threat Intelligence Analyst Services

**Location**:
Brussels, Belgium

**Security Clearance**:
NATO Secret

**Reference No**:
OCIO-0004 / Brussels

**Introduction**:
The NATO Office of the Chief Information Officer (OCIO) is responsible for Cyber Defence for the NATO Enterprise. The OCIO has been tasked to increase NATO’s Cyber Defence posture. As part of this initiative, the OCIO plans to enhance the ability of NATO’s Cyber Threat Analysis Branch (CTAB) to provide the quality and quality of cyber intelligence products required by the NATO Enterprise. The contractor will work for the OCIO, however, the CTAB has tasking authority.

The Cyber Threat Analysis Branch is responsible for providing evidence-based assessments of the cyber threat landscape to empower NATO stakeholders to make risk-informed decisions. The multidisciplinary team combines all-source data with cutting edge technologies to support and enhance the Alliance leaderships’ understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis, cyber threat intelligence, and threat hunting..

**Skills, knowledge, experience required**:

- Experience in analysing and synthesizing threat intelligence in a high-speed environment;
- Experience producing actionable threat intelligence on targeted and advanced persistent adversaries enabling network and host defences in external organizations with demonstrable impact;
- Tracked at least two distinct cyber threat actors over a period of at least one year ascertaining and characterizing various TTPs, capabilities, infrastructure, and campaigns;
- Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets;
- Strategic and doctrinal geo-political knowledge of specific regions;
- Experience with threat hunting, including mandatory knowledge of operating systems and windows internals.

**Desirable**:

- Applied knowledge across all critical elements and common data types used in threat intelligence analysis, including malware used in targeted adversary campaigns; windows and Linux system internals and experience threat hunting in Enterprise environments; and network forensics including common protocols and how those are used in adversary operations;
- Applied knowledge of a variety of adversary command and control methods and protocols;
- Experience supporting incident response and deeply familiar with common incident response procedures, processes, and tools;
- Strong knowledge of malware families and network attack vectors;
- Ability to analyse attack vectors against a particular system to determine attack surface;
- Ability to produce contextual attack models applied to a scenario;
- Hands on experience on monitoring cloud services.

**Duties/role**:

- Supporting the work of the OCIO and Cyber Threat Analysis Branch and helping the development of cyber assessments and threating hunting playbooks of interest to the Alliance;
- Developing cyber threat profiles on targeted and advanced persistent threats through the use of open source and internal data;
- Producing threat hunting packages for internal network defenders to identify patterns of malicious cyber activity;
- Using external commercial threat intelligence sources (internet scan data, passive DNS, domain registrant information, malware repositories) to track and model malicious cyber activity;
- Assessing, clustering and linking disparate activity into related intrusions & campaigns in internal threat analytics platform;
- Being responsible for identifying and tracking sophisticated cyber threat actors across a geo-political region.

VECTOR SYNERGY sp. z o.o., ul. Marcelińska 90, 60-324 Poznań, NIP PL7811857270, REGON 301575740, KRS: 0000369575

Rejestr Przedsiębiorców KRS prowadzony przez Sąd Rejonowy Poznań - Nowe Miasto i Wilda w Poznaniu, VIII Wydział Gospodarczy KRS,