Overview
Provide guidance on security controls and perform technical assessments for information systems. Design and implement tools for vulnerability identification and assess vulnerabilities in various NATO systems.
Tasks Summary
- Provide guidance on the application and operation of elementary physical, procedural and technical security controls
- Perform technical assessments in support of accreditation of complex or higher-risk information systems
- Design and implement customized tools/scripts for vulnerability identification
- Collate and analyse catalogues of information and technology assets for vulnerability assessment
- Perform vulnerability assessments for NATO on-premise, hybrid or cloud CIS (communication and information systems), and also weapons platforms and ICS/SCADA systems
Experience Requirements
- At least 3 years practical and recent experience working in the field of cyber security assessments
- Comprehensive understanding of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience
- Demonstrated expertise in applying and assessing the security hardening of Windows and Linux operating systems, including a thorough understanding of system policies, patch management, privilege management, and mitigation of common vulnerabilities
- Extensive knowledge of Active Directory security configuration and associated vulnerabilities
- Comprehensive understanding of cloud-native security frameworks across AWS, Azure, and GCP, with the ability to assess and report on specific vulnerabilities
- Comprehensive knowledge of the deployment, configuration, and security management of border protection devices, including firewalls, intrusion detection and prevention systems (IDS/IPS), and secure gateways
- Proficiency in the automation of data processing workflows through the application of scripting languages such as PowerShell, Python, and Bash, enabling efficiency, accuracy, and scalability in security operations
- Proven capacity to present complex security findings, technical reports, and testing outcomes at the executive level, translating technical detail into actionable strategic insight for senior decision‑makers
- Established expertise in authoring precise and well‑structured technical documentation, including executive summaries, detailed findings, and remediation plans, tailored to audiences ranging from technical specialists to senior leadership
- Proven leadership experience in directing and coordinating technical Vulnerability Assessment teams within large organizations, preferably in an international or multinational context, ensuring operational excellence and fostering collaborative performance
Qualification Requirements
• Bachelor’s degree at a nationally recognised/certified University in a related discipline and 3 years of experience. Or exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCIA, that is, at least 10 years extensive and progressive expertise in duties related to the function of the post
