Description
Do you have significant experience with web, infrastructure and application level penetration testing? Do you love the thrill of discovering new vulnerabilities, pivoting into networks and exploring new hacking techniques? Can you demonstrate experience in providing security consultancy and advice to projects, plans, and other entities? Do you have experience to evaluate risks and formulate mitigation plans?
If the answer is yes, this position is ideal for you.
The NCI Agency is currently seeking a Senior Engineer (Security Testing) to perform penetration tests, security audits and assess the security posture of critical NATO applications and networks which are employed in support of NATO missions. You will provide security consultancy and advice, represent the Cyber Security Service Line and, sustain effective communications with different stakeholders, from a security testing perspective.
Role Responsibilities
This is a position within the NATO Communications and Information (NCI) Agency, an organization of the North Atlantic Treaty Organization (NATO).
The NCI Agency has been established with a view to advantageously meeting the collective requirements of NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control, as well as Communications and Information / Cyber Defence functions; thereby, facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
Director of Infrastructure Services (DIS) is accountable for the effective and efficient provision of CIS Infrastructures, and associated Enterprise-wide ICT Services through lifecycle support delivered to the Customer within time, cost and quality parameters and the requirements specified in SLAs. DIS is also accountable for the provision of Information Assurance Operations services, technical support and enterprise security management at the Strategic, Operational and Tactical levels. Infrastructure Services are delivered and managed in coordination with the Operations Centre and the CIS Support Units (CSUs).
DIS comprises the following four service lines: Network Services and IT Infrastructure; Core Enterprise Services; Service Management and Control; and Cyber Security Services.
This post is assigned to the Cyber Security (CS) Service Line (SL) which provides governance, scientific, technical, acquisition, and sustainment support in the area of cyber security throughout the lifecycle of NATO Communications Information Systems (CIS). The CS SL enables secure conduct of the Alliance’s operations and business activities in the NATO Network Enterprise environment and in the context of NATO’s C4ISR.
Under the direction of the Head Cyber Capability Validation Cell, and largely on your own initiative, you will perform duties such as the following:
- Provide Web, infrastructure and application level penetration testing;
- Provide security design reviews to ensure compliance with NATO policies and directives;
- Provide security consultancy and advice to projects, plans, and other entities;
- Lead and/or be part of the Red/Blue Team during NATO military exercises;
- Represent the CS SL at the NATO Security Accreditation Board from a security testing perspective;
- Build and sustain effective communications with different stakeholders; specifically, the NCIA Configuration Control Board, Security Accreditation Boards, NATO Security Accreditation Authorities, and NCI Agency organization units supporting accreditation processes;
- Brief at both executive and technical levels on security reports and testing outcome, including at flag officer level;
- In co-ordination with the Head Cyber Capability Validation Cell, you will ensure proactive collaboration and coordination with internal and external stakeholders;
- Stay abreast of technological developments relevant to the area of work;
- Deputize the Head of Cyber Capability Validation Cell, if required;
- Performs other duties as may be required.
Person Specification
Qualifications Required
You need to hold a Master of Science (MSc) degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content, with 5 years post related experience or a Bachelor of Science (BSc) degree at a nationally recognised/certified University in a related subject with 7 years post related experience. Exceptionally, the lack of a university/college degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency, that is, at least 12 years extensive and progressive expertise in the duties related to the functions of the post.
It will be considered an asset if you hold professional qualifications: GPEN, CREST Certified Web Application Tester, GXPN, GWAPT or equivalent.
Experience Required
In addition to at least 5 years of relevant experience, you will be required to prove:
- Extensive knowledge and experience (at least 5 years) in the following areas;
- Web application penetration testing;
- IT infrastructure penetration testing
- Application level penetration testing;
- Network security architecture designAssessing security vulnerabilities within OS, software, protocols & networks
- Researching and evaluating security products & technologies
- System and network administration of UNIX and Windows systems
- Use of penetration testing tools, techniques, and recognized testing methodologies
- Scripting skills in at least one of the following: Perl, Python, Ruby, shell (bash, ksh, csh)
- Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies;
- Ability to evaluate risks and formulate mitigation plans.
You must demonstrate:
- Ability to brief at executive level on security findings, reports and testing outcome;
- Ability to write clear and structured technical reports including executive summary, technical findings and remediation plan for several different audiences.
It is considered desirable for you to have:
- Familiarity with risk analysis methodologies;
- Prior experience of working in an international environment comprising both military and civilian elements;
- Knowledge of NATO organization, internal structure and resultant relationships.
Competencies Required
Deciding and Initiating Action - Takes responsibility for actions, projects and people; takes initiative and works under own direction; initiates and generates activity and introduces changes into work processes; makes quick, clear decisions which may include tough choices or considered risks;
Presenting and Communicating Information - Speaks fluently; expresses opinions, information and key points of an argument clearly; makes presentations and undertakes public speaking with skill and confidence; responds quickly to the needs of an audience and to their reactions and feedback; projects credibility;
Writing and Reporting - Writes convincingly; writes clearly, succinctly and correctly; avoids the unnecessary use of jargon or complicated language; writes in a well-structured and logical way; structures information to meet the needs and understanding of the intended audience;
Applying Expertise and Technology - Applies specialist and detailed technical expertise; uses technology to achieve work objectives; develops job knowledge and expertise (theoretical and practical) through continual professional development; demonstrates an understanding of different organisational departments and functions;
Learning and Researching - Rapidly learns new tasks and commits information to memory quickly; demonstrates an immediate understanding of newly presented information; gathers comprehensive information to support decision making; encourages an organisational learning approach (i.e. learns from successes and failures and seeks staff and customer feedback).
Creating and Innovating - Produces new ideas, approaches, or insights; creates innovative products or designs; produces a range of solutions to problems.
Language Skills
Most of the work of the NCI Agency is conducted in the English language, and therefore a thorough knowledge of English, both written and spoken, is essential and some knowledge of French is desirable.
Travel
Business travel to NATO and national (NATO and non-NATO) facilities as well as frequent travel between the NCI Agency offices.
May be required to undertake duty travel to operational theatres inside and outside NATO boundaries.
Contract
NCI Agency normally offers contracts of employment of a definite duration, not exceeding three years. Contracts may be for less than three years as required to support short-term projects, meet uncertainty with respect to the business outlook, staff performance and other factors.
Definite duration contracts may be extended for further periods. When extending contracts, the following is taken into consideration:
- Renewal is in the interest of the Agency.
- Staff member's desire to remain with the Agency.
- The financial situation provides sufficient funding for the post held.
- The skills, competencies and behaviours, potential and work experience of the staff, versus the requirements of the Agency's work and/or availability of funding.
- Staff member has served the Agency with performance to the required standard as defined by the Agency.
- Staff member's deployability to operational theatre.
Serving civilian members of NATO will be offered a contract in accordance with the NATO Civilian Personnel Regulations.
The first six months of definite duration contracts are a probationary period. During this period the staff member's work is assessed to ensure that he/she has the ability to carry out the duties of the post. At or before the end of the probationary period, the staff member will be notified in writing that the appointment is confirmed or terminated or, in exceptional cases, that the probationary period is extended.
What do we offer?
- Excellent tax-free salary, including (where eligible) expatriation household and children's allowances and additional privileges for expatriate staff.
- Education allowance for children (where appropriate) and an excellent private health insurance scheme.
- Generous annual leave and home leave (if eligible).
- Retirement Pension Plan.
To learn more about NCI Agency and our work, please visit our website.
Please note that due to the Agency’s transition into a new structure in the near future, this post may be subject to transfer to one of our other locations, as well as to a change of reporting lines. The final decision will be made at the time of a firm offer.
The Agency’s recruitment team advises you that due to the large volume of applications it receives the screening process may take up to 2 months after closing date. We appreciate your patience.