- NCI Agency BE, Mons
- Mons, Belgium
- Full-time
Engineer (IdM and PKI Services)
- NCI Agency BE, Mons
Mons, Belgium
Full-time
Published:
Application Deadline: September 9, 2024
- NCI Agency BE, Mons
Mons, Belgium
Full-time
Published:
Application Deadline: September 9, 2024
This is a position within the NATO Communications and Information Agency (NCIA), an organization of the North Atlantic Treaty Organization (NATO).
To strengthen the Alliance through connecting its forces, the NCI Agency delivers secure, coherent, cost effective and interoperable communications and information systems in support of consultation, command & control and enabling intelligence, surveillance and reconnaissance apabilities, for NATO, where and when required. It includes IT support to the Alliances’ business processes (to include provision of IT shared services) to the NATO HQ, the Command Structure and NATO Agencies.
The NATO Cyber Security Centre (NCSC) is responsible for planning and executing all lifecycle management activities for cyber security. In executing this responsibility, NCSC provides specialist cyber security-related services covering the spectrum of scientific, technical, acquisition, perations, maintenance, and sustainment support, throughout the lifecycle of NATO Communications and Information Systems (CIS). The NCSC enables secure conduct of the Alliance's operations and business in the context of NATO's C4ISR. The NCSC provides cyber security services to NCI Agency customers and users, as well as to all other elements of the Agency; this includes all Service Lines, Programme Offices, CIS Support Units/Elements, and the Agency Ops Centre. The NCSC is responsible for providing the bread spectrum of services in the following specialist security areas: CIS Security, Cyber Defence, Information Assurance, Computer Security and Communications Security. In executing its responsibilities, the NCSC provides support to the development and implementation of cyber security-related policy, strategy, and provides lifecycle security risk management services for all NATO CIS. The NCSC leads in the development of new capabilities and innovation in cyber security. The NCSC incorporates and provides specialist services to prevent, detect, respond to and recover from cyber security incidents.
The Infrastructure Branch delivers a suite of enabling services in the specific areas of Cryptography, Identity Management, Technical Services (supporting CS Operations) and CIS Protection. These services include capability and validation of NATOs crypto solutions, lifecycle management of cryptographic equipment and keys, operation and logistic support for NATO-wide online and offline cryptographic equipment, identity management services, gateway services, specialized enterprise-wide CS infrastructure (including NCIRC elements), application, configuration and management of NATO Enterprise-wide endpoint security software.
The Crypto Services Section ensures lifecycle management of cryptographic equipment, keys provision for high grade Crypto, operation and logistic support for NATO-wide online and offline cryptographic equipment, Cryptographic implementation and site surveys. The section is also responsible for Crypto Compliance includes Crypto Facility/Maintenance Inspections and Crypto installations validation.
The IdM and PKI Services Cell is responsible for NATO Public Key Infrastructure (NPKI), which is a set of roles, policies, hardware, software and procedures managing the lifecycle of medium assurance asymmetric credentials. The NATO Public Key Infrastructure implements key anagement system capable of supporting a wide variety of Authentication, Integrity, Non-repudiation and Confidentiality services for the NATO Alliance.
WHO WE ARE:
For more than 70 years, NATO’s mission has been to preserve peace and security in the Alliance for nearly one billion citizens. The NATO Communications and Information Agency (NCI Agency) and its predecessors have worked tirelessly in providing the means that enable the connectedness and togetherness that keep our Alliance strong. We are the NCI Agency, a team of 3000 civilian and military staff in 29 locations throughout Europe, North America and Asia.
Our technology and cyber experts allow NATO to conduct critical operations, protect NATO’s airspace, make data-driven decisions, defend against cyber-attacks, secure NATO networks and maintain superiority in space. This is all possible because of our greatest force, our people. In order to keep this edge we aim to hire, train and retain the very best staff.
Our staff members represent both the diversity and unity of our Alliance. When you join the NCI Agency, you will be part of an organization where you can contribute authentically to the mission and purpose of NATO and help us keep our technological edge.
ABOUT THE JOB:
Based in Mons, Belgium you will join the Agency as we embark on a journey to transform our IT services to support NATO’s Digital Endeavour. You will join NATO Cyber Security Centre (NCSC), which is responsible for planning and executing all lifecycle management activities for cyber security. In executing this responsibility, NCSC provides specialist cyber security-related services covering the spectrum of scientific, technical, acquisition, operations, maintenance, and sustainment support, throughout the lifecycle of NATO Communications and Information Systems (CIS).
We are looking for driven and enthusiastic Engineers (IdM and PKI Services) who will take on the following roles and responsibilities:
DUTIES:
Under the direction of the Cell Head, the incumbent will perform duties such as the following:
ESSENTIAL EXPERIENCE AND EDUCATION:
DESIRABLE EXPERIENCE AND EDUCATION:
LANGUAGE PROFICIENCY:
COMPETENCIES OR PERSONAL ATTRIBUTES:
ABOUT YOU:
The valuable knowledge and experience that you bring to this role are:
Please note that the work is conducted fully on site in Mons, Belgium.
WHAT WE OFFER:
To learn more about NCI Agency and our work, please visit our website.
The NCI Agency prides itself on being an equal opportunity employer. We are committed to fostering an inclusive environment of mutual respect and value uniqueness and differences in gender, gender identity, race, ethnic or cultural origin, age, religion, sexual orientation and physical or neurocognitive ability.
Additional details on the conditions of application can be found here via the NCI Agency career site.
To strengthen the Alliance through connecting its forces, the NCI Agency delivers secure, coherent, cost effective and interoperable communications and information systems in support of consultation, command & control and enabling intelligence, surveillance and reconnaissance apabilities, for NATO, where and when required. It includes IT support to the Alliances’ business processes (to include provision of IT shared services) to the NATO HQ, the Command Structure and NATO Agencies.
The NATO Cyber Security Centre (NCSC) is responsible for planning and executing all lifecycle management activities for cyber security. In executing this responsibility, NCSC provides specialist cyber security-related services covering the spectrum of scientific, technical, acquisition, perations, maintenance, and sustainment support, throughout the lifecycle of NATO Communications and Information Systems (CIS). The NCSC enables secure conduct of the Alliance's operations and business in the context of NATO's C4ISR. The NCSC provides cyber security services to NCI Agency customers and users, as well as to all other elements of the Agency; this includes all Service Lines, Programme Offices, CIS Support Units/Elements, and the Agency Ops Centre. The NCSC is responsible for providing the bread spectrum of services in the following specialist security areas: CIS Security, Cyber Defence, Information Assurance, Computer Security and Communications Security. In executing its responsibilities, the NCSC provides support to the development and implementation of cyber security-related policy, strategy, and provides lifecycle security risk management services for all NATO CIS. The NCSC leads in the development of new capabilities and innovation in cyber security. The NCSC incorporates and provides specialist services to prevent, detect, respond to and recover from cyber security incidents.
The Infrastructure Branch delivers a suite of enabling services in the specific areas of Cryptography, Identity Management, Technical Services (supporting CS Operations) and CIS Protection. These services include capability and validation of NATOs crypto solutions, lifecycle management of cryptographic equipment and keys, operation and logistic support for NATO-wide online and offline cryptographic equipment, identity management services, gateway services, specialized enterprise-wide CS infrastructure (including NCIRC elements), application, configuration and management of NATO Enterprise-wide endpoint security software.
The Crypto Services Section ensures lifecycle management of cryptographic equipment, keys provision for high grade Crypto, operation and logistic support for NATO-wide online and offline cryptographic equipment, Cryptographic implementation and site surveys. The section is also responsible for Crypto Compliance includes Crypto Facility/Maintenance Inspections and Crypto installations validation.
The IdM and PKI Services Cell is responsible for NATO Public Key Infrastructure (NPKI), which is a set of roles, policies, hardware, software and procedures managing the lifecycle of medium assurance asymmetric credentials. The NATO Public Key Infrastructure implements key anagement system capable of supporting a wide variety of Authentication, Integrity, Non-repudiation and Confidentiality services for the NATO Alliance.
WHO WE ARE:
For more than 70 years, NATO’s mission has been to preserve peace and security in the Alliance for nearly one billion citizens. The NATO Communications and Information Agency (NCI Agency) and its predecessors have worked tirelessly in providing the means that enable the connectedness and togetherness that keep our Alliance strong. We are the NCI Agency, a team of 3000 civilian and military staff in 29 locations throughout Europe, North America and Asia.
Our technology and cyber experts allow NATO to conduct critical operations, protect NATO’s airspace, make data-driven decisions, defend against cyber-attacks, secure NATO networks and maintain superiority in space. This is all possible because of our greatest force, our people. In order to keep this edge we aim to hire, train and retain the very best staff.
Our staff members represent both the diversity and unity of our Alliance. When you join the NCI Agency, you will be part of an organization where you can contribute authentically to the mission and purpose of NATO and help us keep our technological edge.
ABOUT THE JOB:
Based in Mons, Belgium you will join the Agency as we embark on a journey to transform our IT services to support NATO’s Digital Endeavour. You will join NATO Cyber Security Centre (NCSC), which is responsible for planning and executing all lifecycle management activities for cyber security. In executing this responsibility, NCSC provides specialist cyber security-related services covering the spectrum of scientific, technical, acquisition, operations, maintenance, and sustainment support, throughout the lifecycle of NATO Communications and Information Systems (CIS).
We are looking for driven and enthusiastic Engineers (IdM and PKI Services) who will take on the following roles and responsibilities:
- Install, setup and maintain the NATO Public Key Infrastructure (NPKI) systems, Hardware Security Module (HSM), Auto-enrolment Services and Directory Services;
- Perform PKI system backups, restore and regular upgrade;
- Cooperate with NATO PKI vendors in order to install, maintain and develop NATO PKI services as well as to resolve detected issues;
- Responsible for the delivery of 2nd level of technical support of CIS services and creation and maintenance of Standard Operating Procedures within the NPKI as part of modifications to current capabilities;
- Coordination and performance of configuration and evaluation, integration of test scenarios within the NPKI Certification Authority and PKI system backups, restore and regular upgrade;
- NPKI systems accreditation documentation, prepare NPKI systems for Vulnerability Assessment audit and Compliance Audit inspection.
DUTIES:
Under the direction of the Cell Head, the incumbent will perform duties such as the following:
- Install, setup and maintain the NATO Public Key Infrastructure (NPKI) systems, Hardware Security Module (HSM) and LDAP directory service;
- Responsible for PKI system backups, restore and regular upgrade;
- Cooperate with NATO PKI vendors in order to install, maintain and develop NATO PKI services as well as to resolve detected issues;
- Responsible for the delivery of 2nd level of technical support of CIS services and creation and maintenance of Standard Operating Procedures within the NPKI as part of modifications to current capabilities;
- Coordination, and performance, of configuration, and evaluation, integration of test scenarios within the NPKI Certification Authority and PKI system backups, restore and regular upgrade;
- Responsible for NPKI systems accreditation documentation, prepare NPKI systems for Vulnerability Assessment audit and Compliance Audit inspection;
- Responsible for Online Certificate Status Protocol (OCSP), Time Stamp management and Database maintenance dedicated for NPKI;
- Responsible for Card Management System deployment, integration, day-to-day management and support Smart Card and certificate enrolment;
- Certificate Authority Log analysis, (Troubleshoot the system ALARM/ERRORS and monitor user activity);
- Monitoring and reporting of NPKI services, both qualitative and quantitative through Key Performance Indicator (KPI);
- Participate and support in designing of new NPKI components and integration with third party products;
- As NATO PKI SME will be responsible for supporting all NATO exercises and missions, providing training to the NATO wide Registration Authorities as well as close cooperation with Root CA operation team for NPKI matters;
- Investigating and proposing long term solutions to encountered equipment and configuration problems;
- Deputize for higher-grade staff, if required;
- Performs other duties as may be required.
ESSENTIAL EXPERIENCE AND EDUCATION:
- A minimum requirement of a Bachelor’s degree at a nationally recognised/certified University in a related discipline and 2 years post-related experience. Or, exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency, that is, at least 6 years extensive and progressive expertise in duties related to the function of the post;
- At least 2 years of extensive experience in operation and configuration of Information Security and Cryptography (symmetric and asymmetric encryption, public key infrastructure (PKI) encryption, hash functions, digital signatures, digital certificates, PKI system development, design and day-to-day management;
- At least 2 years of practical experience in management of PKI CA (deployment, installation, configuration and maintenance);
- At least 2 years of extensive experience in deployment, installation, configuration and maintenance of digital certificates auto-enrolment services and Smart Cards enrolment services;
- At least 2 years of extensive experience in maintenance and management of HSM;
- At least 2 years of experience in management of CMS (Card Management System);
- Experience in providing PKI training;
- Practical experience in Windows, Linux and VMware system administration;
- Practical experience with IT services automation e.g. Ansible;
- Knowledge of the principles of computer and communications security, networking, and vulnerabilities of modern operating systems and applications;
- Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours of the NATO PKI CA and related services;
- Experience with SPLUNK Syslog server configuration;
- Experience as a user of SIEM and Log aggregation systems;
- Extensive experience in operating systems backup and restore;
- Practical experience in scripting (Python, PowerShell);
- Extensive experience in SSL, TLS, and OpenSSL.
DESIRABLE EXPERIENCE AND EDUCATION:
- VMware (VCA, VCP) and Linux RHEL system administration certificates;
- Red Hat Certified Engineer RHCE;
- Knowledge of NATO PKI certificate policy;
- Experience with Red Hat Directory Server deployment and management;
- Experience in development and implementation of computer security policies;
- Experience in evaluation and accreditation of telecommunications and information systems;
- Prior experience of working in an international environment comprising both military and civilian elements;
- Knowledge of NATO responsibilities and organization, including ACO and ACT.
LANGUAGE PROFICIENCY:
- A thorough knowledge of one of the two NATO languages, both written and spoken, is essential and some knowledge of the other is desirable;
- Note: Most of the work of the NCI Agency is conducted in the English language.
COMPETENCIES OR PERSONAL ATTRIBUTES:
- Deciding and Initiating Action: Takes responsibility for actions, projects and people; takes initiative and works under own direction; initiates and generates activity and introduces changes into work processes; makes quick, clear decisions which may include tough choices or considered risks;
- Relating and Networking: Easily establishes good relationships with customers and staff; relates well to people at all levels; builds wide and effective networks of contacts; uses humour appropriately to bring warmth to relationships with others;
- Formulating Strategies and Concepts: Works strategically to realise organisational goals; sets and develops strategies; identifies, develops positive and compelling visions of the organisation’s future potential; takes account of a wide range of issues across, and related to, the organisation;
- Achieving Personal Work Goals and Objectives: Accepts and tackles demanding goals with enthusiasm; works hard and puts in longer hours when it is necessary; seeks progression to roles of increased responsibility and influence; identifies own development needs and makes use of developmental or training opportunities.
ABOUT YOU:
The valuable knowledge and experience that you bring to this role are:
- Bachelor’s degree at a nationally recognised/certified University in a related discipline and 2 years post-related experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency, that is, at least 6 years extensive and progressive expertise in duties related to the function of the post;
- At least 2 years of extensive experience in operation and configuration of Information Security and Cryptography (symmetric and asymmetric encryption, public key infrastructure (PKI) encryption, hash functions, digital signatures, digital certificates, PKI system development, design and day-to-day management;
- At least 2 years of practical experience in management of PKI CA (deployment, installation, configuration and maintenance);
- At least 2 years of extensive experience in deployment, installation, configuration and maintenance of digital certificates auto-enrolment services and Smart Cards enrolment services;
- At least 2 years of extensive experience in maintenance and management of HSM;
- At least 2 years of experience in management of CMS (Card Management System);
- Experience in providing PKI training;
- Practical experience in Windows, Linux and VMware system administration;
- Extensive hands-on experience with IT services automation e.g. Ansible, Bash Scripting and Quality Assurance;
- Knowledge of the principles of computer and communications security, networking, and vulnerabilities of modern operating systems and applications;
- Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours of the NATO PKI CA and related services;
- Experience with SPLUNK Syslog server/client configuration;
- Experience as a user of SIEM and Log aggregation systems;
- Extensive experience in operating/automating systems backup and restore;
- Hands-on experience in scripting (Bash, Python, PowerShell);
- Extensive experience in SSL, TLS, and OpenSSL;
- Fluency in English, both written and spoken.
Please note that the work is conducted fully on site in Mons, Belgium.
WHAT WE OFFER:
- Genuinely meaningful work as part of the most successful alliance in history;
- 3 year contract with competitive tax-free salary and household and children’s allowances;
- Privileges for expatriate staff including expatriation and education allowances (where appropriate) and additional home leave;
- Excellent private health insurance scheme;
- Generous annual leave of 30 days plus official holidays;
- NATO Pension Scheme;
- Development programs such as professional training, wellbeing, and more.
To learn more about NCI Agency and our work, please visit our website.
The NCI Agency prides itself on being an equal opportunity employer. We are committed to fostering an inclusive environment of mutual respect and value uniqueness and differences in gender, gender identity, race, ethnic or cultural origin, age, religion, sexual orientation and physical or neurocognitive ability.
Additional details on the conditions of application can be found here via the NCI Agency career site.
Share
Facebook
Twitter
LinkedIn
Telegram
Tumblr
WhatsApp
Mail