RFQ C004774 Integration Security Engineer

Under the direction of C2SS, NCSC, the Integration Security Engineer will perform the following activities:

• Ensure that all project activities are compliant with NATO Security Policy or Security Authority approved deviations.
• Support C2SS technical leads with design and implementation of security infrastructure in order to integrate centralized security services in the supported projects.
• Support production of security accreditation templates and documentation for tasked products.
• In coordination with C2SS technical leads, liaise with relevant NCSC technical teams to troubleshoot integration of centralized security services with respect to C2SS-supported products and sites.
• Where no centralized security integration is possible, ensure (in coordination with C2SS technical leads) that site systems and network devices are configured to communicate with local security monitoring systems.
• Maintain currency in NATO Security Policy requirements relating to security monitoring and security service integration.
• Participate in meetings with stakeholders and technical points of contact to ensure appropriate integration of supported systems and sites into centralized security infrastructure.
• Stay abreast of technological developments relevant to the area of work.
• Perform any other security-related duties as may be required.

Requirements :

• The service contractor will be required to have a Bachelor of Science (BSc) degree at a nationally recognised/certified university in a technical subject with substantial Information Technology (IT) content and 3 years post-related experience. As an exception, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that are of interest to the NCI Agency; namely, at least 5 years of extensive and progressive experience in the duties related to the functions of this post.
• Extensive knowledge and experience (at least 3 years) in the following areas:
  • Security monitoring, PKI, network forensics and network discovery.
  • Network security architecture design
  • Researching and evaluating security products & technologies
  • Knowledge in system and network administration of UNIX and Windows systems
  • Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies.
• Ability to evaluate risks and formulate mitigation plans.
• Proven ability to write clear and structured technical reports (in English) including executive summary, technical findings and remediation plan for several different audiences.

Desirables:

• Prior experience of working in an international environment comprising both military and civilian elements.
• Knowledge of NATO organization, internal structure and resultant relationships.