Cyber Security Engineer for NATO with security clearance
WLG · The Hague, South Holland, Netherlands
Financial Services · 2-10 employees
About the role
The role involves developing security-compliant architectures and managing security engineering for AirC2 and mission-support areas. Responsibilities include implementing security controls, conducting risk assessments, and managing requirements for technical changes.
What they look for
Requirements
Requires a Bachelor's degree in a technical subject with 3 years of experience, or 5 years of progressive experience in lieu of a degree. Candidates must have deep expertise in Zero-Trust, PKI, and security monitoring, along with the ability to write technical reports in English.
Full description
Would you like to join the leading international intergovernmental organization?
This is a comprehensive cyber security engineering role encompassing solution architecture, security engineering, information security, information assurance, and requirements management. The position requires a professional with extensive knowledge of security monitoring, PKI, vulnerability management, and identity and access management, alongside deep technical expertise in system and network security with a particular focus on Zero-Trust and Data-Centric architectures.
Responsibilities:
Solution Architecture:
- Contributes to the development of security policy-compliant architectures in AirC2 and related mission-support areas.
- Determines and documents architecturally significant decisions.
- Produces specifications of cloud-based or on-premises components, tiers and interfaces, for translation into detailed designs using selected services and products.
- Supports projects or change initiatives through the preparation of technical plans and application of design principles.
- Aligns solutions with enterprise and solution architecture standards (including security).
Security Engineering:
- Supports the configuration, testing and trouble-shooting of security products and services within the C2SS supported products and services
- Integration of local security services with centralized security infrastructure.
- Where no integration with centralized security infrastructure is possible, ensure that local infrastructure is configured to provide an equivalent service.
Information security
- Applies and maintains specific security controls as required by organisational policy and local risk assessments.
- Communicates security risks and issues to business managers and others.
- Contributes to the identification of risks that arise from potential technical solution architectures.
- Suggests alternate solutions or countermeasures to mitigate risks.
- Defines secure systems configurations in compliance with intended architectures.
- Supports investigation of suspected attacks and security breaches.
Information assurance
- Follows standard approaches for the technical assessment of information systems against information assurance policies and business objectives.
- Supports routine accreditation advice.
- Recognises decisions that are beyond their scope and responsibility level and escalates accordingly.
- Reviews and performs risk assessments and risk treatment plans.
- Identifies typical risk indicators and explains prevention measures.
- Maintains integrity of records to support and justify decisions.
Requirements definition and management
- Defines and manages scoping, requirements definition and prioritisation activities for small-scale changes and assists with more complex change initiatives.
- Follows agreed standards and applies appropriate techniques to elicit and document detailed requirements.
- Provides constructive challenge to stakeholders as required.
- Reviews requirements for errors and omissions.
- Prioritises requirements and documents traceability to source.
- Provides input to the requirements baseline.
- Investigates, manages and applies authorised requests for changes to baselined requirements, in line with change management policy.
Essential Qualifications & Experience:
Required:
- The service contractor will be required to have a Bachelor of Science (BSc) degree at a nationally recognised/certified university in a technical subject with substantial Information Technology (IT)
content and 3 years post-related experience. As an exception, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that are of interest to the NCI Agency; namely, at least 5 years of extensive and progressive experience in the duties related to the functions of this post.
- Extensive knowledge and experience (at least 3 years) in the following areas:
- Security monitoring, PKI, vulnerability management, identity and access management.
- Researching and evaluating security products & technologies
- Knowledge in system and network administration of UNIX and Windows systems
- Technical knowledge in system and network security, with a particular focus on Zero-Trust and Data-Centric architectures.
- Ability to evaluate risks and formulate mitigation plans.
- Proven ability to write clear and structured technical reports (in English) including executive summary, technical findings and remediation plan for several different audiences.
Desired:
- Prior experience of working in an international environment comprising both military and civilian elements.
- Knowledge of NATO organization, internal structure and resultant relationships.
If you've read the description and feel this role is a great match, we'd love to hear from you! Click "Apply for this job" to be directed to a brief questionnaire. It should only take a few moments to complete, and we'll be in touch promptly if your experience aligns with our needs.