Cybersecurity Threat Researcher

**Location**:
Brussels, Belgium

**Security Clearance**:
NATO Secret

**Reference No**:
OCIO-0003 / Brussels

**Introduction**:
The NATO Office of the Chief Information Officer (OCIO) is responsible for Cyber Defence for the NATO Enterprise. The OCIO has been tasked to increase NATO’s Cyber Defence posture. As part of this initiative, the OCIO plans to enhance the ability of NATO’s Cyber Threat Analysis Branch (CTAB) to provide the quality and quality of cyber intelligence products required by the NATO Enterprise. The contractor will work for the OCIO, however, the CTAB has tasking authority.

The Cyber Threat Analysis Branch is responsible for providing evidence-based assessments of the cyber threat landscape to empower NATO stakeholders to make risk-informed decisions. The multidisciplinary team combines all-source data with cutting edge technologies to support and enhance the Alliance leaderships’ understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis, cyber threat intelligence, and threat hunting..

**Skills, knowledge, experience required**:

- Experience in analysing and synthesizing threat intelligence in a high-speed environment;
- Experience producing actionable threat intelligence on targeted and advanced persistent adversaries enabling network and host defences in external organizations with demonstrable impact;
- Tracked multiple distinct cyber threat actors over a period of at least one year ascertaining and characterizing various TTPs, capabilities, infrastructure, and campaigns;
- Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets;
- Experience with threat hunting, including mandatory knowledge of operating systems and windows internals.

**Desirable**:

- Applied knowledge across all critical elements and common data types used in threat intelligence analysis, including malware used in targeted adversary campaigns; host and log forensics including methods of data collection and analytic techniques; and network forensics including common protocols and how those are used in adversary operations;
- Applied knowledge of a variety of adversary command and control methods and protocols;
- Experience supporting incident response and deeply familiar with common incident response procedures, processes, and tools;
- Strong knowledge of malware families and network attack vectors;
- Ability to analyse attack vectors against a particular system to determine attack surface;
- Ability to produce contextual attack models applied to a scenario;
- Hands on experience on monitoring cloud services.

**Duties/role**:

- Supporting the work of the OCIO and Cyber Threat Analysis Branch and helping the development of cyber assessments and threating hunting playbooks of interest to the Alliance;
- Writing code to automate analyst workflows, and to improve our threat intelligence systems;
- Developing signatures to detect malware or network breaches;
- Researching threat actor activity, trends, tactics, techniques and procedures (TTPs) to facilitate understanding of hostile TTPs and possible countermeasures.
- Leading teams of threat intelligence analysts to develop these reports, as necessary.
- Being responsible for supporting threat intelligence analysis by creating tools and performing net flow analysis to enable identifying and tracking sophisticated threat actors;
- Extracting, manipulating, and summarizing network data in the analysis of possible cyber incidents.

VECTOR SYNERGY sp. z o.o., ul. Marcelińska 90, 60-324 Poznań, NIP PL7811857270, REGON 301575740, KRS: 0000369575

Rejestr Przedsiębiorców KRS prowadzony przez Sąd Rejonowy Poznań - Nowe Miasto i Wilda w Poznaniu, VIII Wydział Gospodarczy KRS,