- International Staff, NATO HQ
- Brussels, Belgium (Remote)
- Full-time
Analyst, Cyber Incident Response and Risk Management
- International Staff, NATO HQ
Brussels, Belgium
Full-time
Published:
Application Deadline: January 27, 2025
- International Staff, NATO HQ
Brussels, Belgium
Full-time
Published:
Application Deadline: January 27, 2025
SUMMARY:
The Joint Intelligence and Security Division (JISD), under the leadership of the Assistant Secretary General for Intelligence and Security (ASG I&S), comprises two principal pillars: Intelligence – headed by the Deputy ASG for Intelligence; and the NATO Office of Security (NOS) – headed by the Deputy ASG for Security.
The Intelligence pillar is responsible for ensuring the situational awareness of the North Atlantic Council (NAC) and the Military Committee (MC), for the analysis of the indications and warnings in support of the NATO Crisis Response System, and for the development of intelligence policies and capabilities for NATO. Its functional areas address: intelligence analysis and production, intelligence policy, and capability development. The Intelligence Production Unit (IPU), comprised of both military and civilian personnel, supports the NAC, MC and senior level decision makers on strategic issues of concern with intelligence-based analysis, briefings and other written products.
The Cyber Threat Analysis Branch (CTAB) is responsible for providing evidence-based assessments of the cyber threat landscape to empower NATO stakeholders to make risk-informed decisions. The multidisciplinary team combines all-source data with cutting edge technologies to support and enhance the Alliance leaderships’ understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis, cyber threat intelligence, and threat hunting. The Analyst is assigned to the CTAB. S/he assists in monitoring cyber-related developments, including cyber incident response and risk management, contributes to the production of cyber threat reporting and is primarily responsible for:
QUALIFICATIONS AND EXPERIENCE:
Essential
The incumbent must:
Desirable
The following would be considered an advantage:
MAIN ACCOUNTABILITIES:
Planning and Execution
Using all means available, investigate cyber threats to NATO and its Allies. Compile, draft or review reports as appropriate. Drafting of bespoke products in support of briefing requirements from all NATO HQ stakeholders. Share knowledge on cyber threats and related issues via briefings and reports in order to support decision making by the appropriate authorities. Collaborate with appropriate channels within the NATO HQ as well as with other stakeholders, such as the Office of the Chief information Officer (OCIO), NATO Communication Information Agency (NCIA), Allied Command Operations (ACO) and counterparts in NATO Nations.
Knowledge Management
Act as main aggregator for a number of sources of information, effectively manage, coordinate, align and streamline inputs from all sources of information. Support the development, review and update of NATO’s analytical products related to cyber security. Draft background briefs and presentations related to cyberspace for a variety of NATO and partner stakeholders. Contribute to information sharing with relevant NATO bodies in support of incident management and mission assurance.
Stakeholder Management
Liaise with and obtain input from security and intelligence services in NATO member countries, including through the existing mechanisms of the NATO Civilian and Military Intelligence Committees, as well as with the working-level of the Intelligence Steering Board in order to maintain and develop the flow of intelligence reporting to and within the Alliance. Establish and maintain close working relations within the NATO enterprise, including with the OCIO, ACO Cyberspace Operations Centre, and the NCIA. Establish cyber defence liaison with multiple industry partners and International Organisations in support of NATO cyber defence objectives.
Policy Development
Contribute to the development of policies, directives and guidance documents on cyber threats and related issues. Support the provisioning of incident advice and guidance to NATO Nations, NATO civil and military bodies and partner nations and international organisations.
Expertise Development
Develop and maintain technical, operational, and strategic expertise in all matters relating to cyber security, mentoring others as necessary. Provide expertise and operational support to the NATO civil and military bodies on the cyber landscape.
Project Management
Define priorities for and contribute to the development and presentation of technical and operational cyber defence requirements for NATO-wide capabilities and projects, including on aspects related to governance, finance, and delivery. Assist in development and presentation of technical and operational cyber defence requirements for NATO-wide capabilities and projects. Perform any other related duties, as assigned.
INTERRELATIONSHIPS:
The incumbent reports to the Head CTAB. They work in close coordination with other sections within JISD, as well as with other divisions in the International Staff, with the NATO Military Authorities, with national delegations as well as Allied capitals, and NATO Agencies. They also maintain good working relations in their field of competence with partner countries, other International Organisations and industry on cyber security related matters.
COMPETENCIES:
The incumbent must demonstrate:
CONTRACT:
Contract to be offered to the successful applicant (if non-seconded): Definite duration contract of three years; possibility of renewal for up to three years, during which the incumbent may apply for conversion to an indefinite duration contract.
Contract clause applicable
Note: Irrespective of previous qualifications and experience, candidates for twin-graded posts will be appointed at the lower grade. Advancement to the higher grade is not automatic, and will not normally take place during the first three years of service in the post.
Under specific circumstances, serving staff members may be appointed directly to the higher grade, and a period of three years might be reduced by up to twenty four months for external candidates. These circumstances are described in the IS directive on twin-graded posts.
USEFUL INFORMATION REGARDING APPLICATION AND RECRUITMENT PROCESS:
Please note that we can only accept applications from nationals of NATO member countries. Applications must be submitted using e-recruitment system, as applicable:
Before you apply to any position, we encourage you to click here and watch our video providing 6 tips to prepare you for your application and recruitment process.
Do you have questions on the application process in the system and not sure how to proceed? Click here for a video containing the information you need to successfully submit your application on time.
More information about the recruitment process and conditions of employment, can be found at our website.
Appointment will be subject to receipt of a security clearance (provided by the national Authorities of the selected candidate), approval of the candidate’s medical file by the NATO Medical Adviser, verification of your study(ies) and work experience, and the successful completion of the accreditation and notification process by the relevant authorities.
NATO will not accept any phase of the recruitment and selection prepared, in whole or in part, by means of generative artificial-intelligence (AI) tools, including and without limitation to chatbots, such as Chat Generative Pre-trained Transformer (Chat GPT), or other language generating tools. NATO reserves the right to screen applications to identify the use of such tools. All applications prepared, in whole or in part, by means of such generative or creative AI applications may be rejected without further consideration at NATO’s sole discretion, and NATO reserves the right to take further steps in such cases as appropriate.
ADDITIONAL INFORMATION:
For information about the NATO Single Salary Scale (Grading, Allowances, etc.) please visit our website. Detailed data is available under the Salary and Benefits tab.
The Joint Intelligence and Security Division (JISD), under the leadership of the Assistant Secretary General for Intelligence and Security (ASG I&S), comprises two principal pillars: Intelligence – headed by the Deputy ASG for Intelligence; and the NATO Office of Security (NOS) – headed by the Deputy ASG for Security.
The Intelligence pillar is responsible for ensuring the situational awareness of the North Atlantic Council (NAC) and the Military Committee (MC), for the analysis of the indications and warnings in support of the NATO Crisis Response System, and for the development of intelligence policies and capabilities for NATO. Its functional areas address: intelligence analysis and production, intelligence policy, and capability development. The Intelligence Production Unit (IPU), comprised of both military and civilian personnel, supports the NAC, MC and senior level decision makers on strategic issues of concern with intelligence-based analysis, briefings and other written products.
The Cyber Threat Analysis Branch (CTAB) is responsible for providing evidence-based assessments of the cyber threat landscape to empower NATO stakeholders to make risk-informed decisions. The multidisciplinary team combines all-source data with cutting edge technologies to support and enhance the Alliance leaderships’ understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis, cyber threat intelligence, and threat hunting. The Analyst is assigned to the CTAB. S/he assists in monitoring cyber-related developments, including cyber incident response and risk management, contributes to the production of cyber threat reporting and is primarily responsible for:
- Technical cyber threat intelligence analysis – track, pivot, and enrich data relating to malware, hosts, and networks (domain, IP, netflow, certificate etc.);
- Investigation of raw telemetry to provide intelligence insights in support of incident response activities. Maintain campaign history to prioritize security detection on high impact threats;
- Extrapolation of behavioral patterns and identifiable characteristic, including network infrastructure registration and procurement patterns, exploit chain commonalities, use of common malware or post-exploitation toolkits;
- Producing intelligence assessments related to mission assurance, risk management, and incident response. Generate written (and oral) operational and strategic reports for various stakeholders. Communicate actionable insights in support of senior-level decision-making;
- Mentoring junior analysts to ensure accuracy of cyber threat analysis driven by NATO intelligence requirements, and actionable intelligence. Perform technical data checks and editorial work before release of finished intelligence products;
- Participating in NATO cyber related exercises.
QUALIFICATIONS AND EXPERIENCE:
Essential
The incumbent must:
- Possess a university degree, preferably in the field of cyber security, information technology, security studies, statistics, data science or related studies;
- Have at least 3 years in-depth experience in the area of cyber security operations centre, defensive cyberspace operations, or cyber threat analysis;
- Have at least 2 years of recent experience in activities that derive intelligence on cyber-enabled threats (capabilities and intent of cyber threat actors) and cyber vulnerabilities to assist in developing cyber situational awareness;
- Have knowledge of open source information, collection and analysis processes, and experience working with large datasets;
- Have recent and demonstratable experience with analytical frameworks for intrusion analysis such as MITRE ATT&CK, cyber kill-chain, diamond model, and/or analysis of competing hypothesis;
- Be familiar with strategic issues and challenges facing the Alliance and NATO’s geopolitical environment;
- Have excellent drafting skills and experience in preparing alert bulletins, threat assessments, and intelligence reports;
- Possess the following minimum levels of NATO’s official languages (English/French): V (“Advanced”) in one; II (“Elementary”) in the other.
Desirable
The following would be considered an advantage:
- Experience as a serving or former member of an Allied intelligence or security service, national cyber center, or national cyber command;
- Having held cyber security responsibilities in a government of a NATO Nation or in an International Organisation such as EU, UN, OSCE or NATO;
- Experience in project management.
MAIN ACCOUNTABILITIES:
Planning and Execution
Using all means available, investigate cyber threats to NATO and its Allies. Compile, draft or review reports as appropriate. Drafting of bespoke products in support of briefing requirements from all NATO HQ stakeholders. Share knowledge on cyber threats and related issues via briefings and reports in order to support decision making by the appropriate authorities. Collaborate with appropriate channels within the NATO HQ as well as with other stakeholders, such as the Office of the Chief information Officer (OCIO), NATO Communication Information Agency (NCIA), Allied Command Operations (ACO) and counterparts in NATO Nations.
Knowledge Management
Act as main aggregator for a number of sources of information, effectively manage, coordinate, align and streamline inputs from all sources of information. Support the development, review and update of NATO’s analytical products related to cyber security. Draft background briefs and presentations related to cyberspace for a variety of NATO and partner stakeholders. Contribute to information sharing with relevant NATO bodies in support of incident management and mission assurance.
Stakeholder Management
Liaise with and obtain input from security and intelligence services in NATO member countries, including through the existing mechanisms of the NATO Civilian and Military Intelligence Committees, as well as with the working-level of the Intelligence Steering Board in order to maintain and develop the flow of intelligence reporting to and within the Alliance. Establish and maintain close working relations within the NATO enterprise, including with the OCIO, ACO Cyberspace Operations Centre, and the NCIA. Establish cyber defence liaison with multiple industry partners and International Organisations in support of NATO cyber defence objectives.
Policy Development
Contribute to the development of policies, directives and guidance documents on cyber threats and related issues. Support the provisioning of incident advice and guidance to NATO Nations, NATO civil and military bodies and partner nations and international organisations.
Expertise Development
Develop and maintain technical, operational, and strategic expertise in all matters relating to cyber security, mentoring others as necessary. Provide expertise and operational support to the NATO civil and military bodies on the cyber landscape.
Project Management
Define priorities for and contribute to the development and presentation of technical and operational cyber defence requirements for NATO-wide capabilities and projects, including on aspects related to governance, finance, and delivery. Assist in development and presentation of technical and operational cyber defence requirements for NATO-wide capabilities and projects. Perform any other related duties, as assigned.
INTERRELATIONSHIPS:
The incumbent reports to the Head CTAB. They work in close coordination with other sections within JISD, as well as with other divisions in the International Staff, with the NATO Military Authorities, with national delegations as well as Allied capitals, and NATO Agencies. They also maintain good working relations in their field of competence with partner countries, other International Organisations and industry on cyber security related matters.
- Direct reports: N/a;
- Indirect reports: N/a.
COMPETENCIES:
The incumbent must demonstrate:
- Analytical Thinking: Sees multiple relationships;
- Flexibility: Adapts to unforeseen situations;
- Impact and Influence: Takes multiple actions to persuade;
- Initiative: Is decisive in a time-sensitive situation;
- Organisational Awareness: Understands organisational climate and culture;
- Teamwork: Solicits inputs and encourages others.
CONTRACT:
Contract to be offered to the successful applicant (if non-seconded): Definite duration contract of three years; possibility of renewal for up to three years, during which the incumbent may apply for conversion to an indefinite duration contract.
Contract clause applicable
- In accordance with the contract policy, this is a post in which turnover is desirable for political reasons in order to be able to accommodate the Organisation's need to carry out its tasks as mandated by the Nations in a changing environment, for example by maintaining the flexibility necessary to shape the Organisation's skills profile, and to ensure appropriate international diversity;
- The maximum period of service foreseen in this post is 6 years. The successful applicant will be offered a 3-year definite duration contract, which may be renewed for a further period of up to 3 years. However, according to the procedure described in the contract policy the incumbent may apply for conversion to an indefinite contract during the period of renewal and no later than one year before the end of contract;
- If the successful applicant is seconded from the national administration of one of NATO’s member States, a 3-year definite duration contract will be offered, which may be renewed for a further period of up to 3 years subject also to the agreement of the national authority concerned. The maximum period of service in the post as a seconded staff member is six years;
- Serving staff will be offered a contract in accordance with the NATO Civilian Personnel Régulations.
Note: Irrespective of previous qualifications and experience, candidates for twin-graded posts will be appointed at the lower grade. Advancement to the higher grade is not automatic, and will not normally take place during the first three years of service in the post.
Under specific circumstances, serving staff members may be appointed directly to the higher grade, and a period of three years might be reduced by up to twenty four months for external candidates. These circumstances are described in the IS directive on twin-graded posts.
USEFUL INFORMATION REGARDING APPLICATION AND RECRUITMENT PROCESS:
Please note that we can only accept applications from nationals of NATO member countries. Applications must be submitted using e-recruitment system, as applicable:
- For NATO civilian staff members only: please apply via the internal recruitment portal (link);
- For all other applications: www.nato.int/recruitment.
Before you apply to any position, we encourage you to click here and watch our video providing 6 tips to prepare you for your application and recruitment process.
Do you have questions on the application process in the system and not sure how to proceed? Click here for a video containing the information you need to successfully submit your application on time.
More information about the recruitment process and conditions of employment, can be found at our website.
Appointment will be subject to receipt of a security clearance (provided by the national Authorities of the selected candidate), approval of the candidate’s medical file by the NATO Medical Adviser, verification of your study(ies) and work experience, and the successful completion of the accreditation and notification process by the relevant authorities.
NATO will not accept any phase of the recruitment and selection prepared, in whole or in part, by means of generative artificial-intelligence (AI) tools, including and without limitation to chatbots, such as Chat Generative Pre-trained Transformer (Chat GPT), or other language generating tools. NATO reserves the right to screen applications to identify the use of such tools. All applications prepared, in whole or in part, by means of such generative or creative AI applications may be rejected without further consideration at NATO’s sole discretion, and NATO reserves the right to take further steps in such cases as appropriate.
ADDITIONAL INFORMATION:
- NATO is committed to diversity and inclusion, and strives to provide equal access to employment, advancement and retention, independent of gender, age, nationality, ethnic origin, religion or belief, cultural background, sexual orientation, and disability. NATO welcomes applications of nationals from all member Nations, and strongly encourages women to apply;
- Building Integrity is a key element of NATO’s core tasks. As an employer, NATO values commitment to the principles of integrity, transparency and accountability in accordance with international norms and practices established for the defence and related security sector. Selected candidates are expected to be role models of integrity, and to promote good governance through ongoing efforts in their work;
- Due to the broad interest in NATO and the large number of potential candidates, telephone or email enquiries cannot be dealt with;
- Applicants who are not successful in this competition may be offered an appointment to another post of a similar nature, albeit at the same or a lower grade, provided they meet the necessary requirements;
- The nature of this position may require the staff member at times to be called upon to travel for work and/or to work outside normal office hours;
- The organization offers several work-life policies including Teleworking and Flexible Workingarrangements (Flexitime) subject to business requirements;
- Please note that the International Staff at NATO Headquarters in Brussels, Belgium is a nonsmoking environment;
For information about the NATO Single Salary Scale (Grading, Allowances, etc.) please visit our website. Detailed data is available under the Salary and Benefits tab.
Share
Facebook
Twitter
LinkedIn
Telegram
Tumblr
WhatsApp
Mail