MISP Data, Engineering and DevOps Support

Duties

• The Contractor shall deliver Cyber Security Information Sharing Service (CSISS), Cyber Defence Information Sharing (CDIS) flavor outcomes, including: System administration and maintenance of MISP infrastructure, MISP community management (organization and user provisioning, user support, …), Maintenance of existing MISP integration scripts, Functional testing of the MISP platform and integrations, (MISP) data curation and dissemination.
• The contractor shall define a test strategy for MISP platform1,2 testing.
• The contractor shall define a test specification document for MISP platform1,2 testing.
• Automated functional tests for the MISP platform1,2.
• A set of manual test cases, covering basic MISP graphical user interface (GUI) functionality.
• The contractor shall define a test report template for MISP platform1,2 testing.
• The contractor shall perform software testing, as per the defined test strategy (D1), creating a test specification for each test run (using D2, D3).
• Proactively manage and maintain multiple MISP environments (test, production, …) running the MISP, MISP-guard and Cerebrate software and MISP integration scripts, ensuring the confidentiality, integrity and availability of the tools and information in accordance with the NATO Information Management Policy (NIMP), the Security within NATO Policy and their associated directives and guidelines.
• Stand up, configure and manage extra MISP infrastructure, MISP-guard and Cerebrate infrastructure as required.
• Regularly update the MISP software to the latest version, and support the test and validation effort for change management processes.
• Configure and extend the system monitoring of the MISP and MISP-guard instances.
• Maintain and improve documentation related to the MISP installations within NATO.
• Remediate operational issues with the MISP installations.
• The contractor shall perform community support tasks as per pre-defined procedures.
• The contractor shall research and document best practices, with regards to data entry in MISP.
• The contractor shall create documentation and updates of MISP taxonomies and MISP galaxy data10,11.
• The contractor shall define processes for the processing of incoming MISP events and other types of threat intelligence reports.
• The contractor shall define processes for access and distribution management of MISP data.
• The contractor shall define processes with regards to MISP data, and other cyber threat intelligence data, lifecycle management.
• The contractor shall curate MISP data as per the defined processes (see D11, D12, D13) during the period of performance.
• The contractor shall define processes for the dissemination of key MISP and other cyber threat intelligence products managed by NCSC.
• The contractor shall disseminate MISP data as per the defined processes (see D15) during the period of performance.

Requirement

• 5 years demonstrated experience in functional software testing.
• 5 years demonstrated experience as sysadmin with LAMP servers - Linux, Apache, MySQL/MariaDB, PHP.
• 3 years experience with RedHat.
• 3 years of python scripting experience.
• 3 years experience in MVC software development and code review of web applications mostly in PHP language and with SQL.
• 3 years experience in data analysis.
• 3 years experience defining and documenting business processes.
• Very good technical understanding of the cyber threats to web-based products.
• Good understanding of cyber security principles, best practices, concepts and technology.
• Ability to work independently and in teams to achieve the desired goals, including the ability to monitor and support a team.
• Ability to support high-intensity military exercises for multiple weeks.
• Excellent organizing and communication skills.
• Good communications and writing skills in English.
• Any contracted individuals of the Service Provider must be in possession of a security clearance by their National Authority of NATO SECRET.

Preferences

• experience as sysadmin of a MISP Threat Sharing platform
• Prior experience in developing code (python, PHP) for MISP
• Prior experience in multinational cyber exercises like Locked Shields, Crossed Swords, Cyber Coalition, etc
• Experience with CakePHP
• Prior experience in a cyber threat intelligence team.
• Prior experience in incident response.
• Prior experience in threat detection engineering.