CIS Security Systems Engineer

at  Spektrum

Spektrum have a wide range of exciting opportunities in several global locations.
We are always looking to add great new talent to our team and look forward to hearing from you.
Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

WHO WE ARE SUPPORTING

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO’s member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO’s communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO’s military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO’s mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO’s information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO’s communication and information technology capabilities.

ESSENTIAL SKILLS AND EXPERIENCE

• Good knowledge and experience (at least 2 years) with Security Accreditation of large CIS, and with security risk assessment methodologies and tools.
• Comprehensive knowledge of the principles of computer and communication security, networking, the vulnerabilities of modern operating systems and applications and top Critical Security Controls for effective cyber defence.
• Ability to investigate and analyse complex scenarios and solve problems in innovative ways
• Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams

ESSENTIAL SKILLS AND EXPERIENCE

• Knowledge of and prior experience with NATO security policies and directives, security accreditation framework and risk assessment methodology
• Holding recognized professional qualification within the CIS Security domain
• Prior experience of working in an international environment comprising both military and civilian elements
• Hand-on experience with implementation and integration of CIS Security protective measures in large CIS

EDUCATION

• Essential to have a Bachelor’s Degree in Computer Science combined with a minimum of 5 years’ experience in a CIS Security related post, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 7 years post related experience.

Under the direction of the Head of the CIS Security Risk Management Section (RMS), the Systems Engineer CIS Security:

• Produce security accreditation documents set for NISC managed CIS following a risk management methodology. This includes CIS Description, Security Accreditation Plan, Security Risk Assessment Report, Security Requirement Statements, Security Operating Procedures, Security Test and Verification Plan.
• Conduct Security Risk Assessments in support of NISC managed CIS; this includes the identification and assessment of risks in close coordination with NATO accreditation stakeholders (including technical and security authorities).
• Support the development of mitigation and remediation plans, following the identification and assessment of cybersecurity risks for NISC managed CIS, specifically assessing the residual risks after the application of cybersecurity risk mitigation measures.
• Conduct Security tests for NISC managed CIS in accordance with defined test plans and provide associate reporting.
• Assist with complex remediation activities for NISC managed CIS; conduct remediation activities in collaboration with the NCI Agency Service Delivery Managers.
• Ensure adequate level of systems/data protection is implemented for NISC managed CIS in accordance with NATO
• Security policies and directives.
• Advise NISC staff on best practice with regards to daily security tasks; develop and deliver CIS Security awareness presentations.
• Provide feedback, advice and guidance to senior management in the areas of enterprise architecture, NATO security accreditation activities, procurement as well as training and awareness programmes.
• Perform other duties as may be required.