Would you like to join the leading international intergovernmental organization?

This isn't a role where you merely watch the monitors; you are the architect of the monitoring platform itself. As a Cyber Security Tools Platform Engineer, you will be the critical force multiplier for the threat hunters, building and maintaining the sophisticated engine that powers the proactive cyber defense.

You will design, integrate, and automate the very tools, like THOR, Corelight, and Splunk, that allow our client's analysts to uncover hidden adversaries and neutralize threats before they impact the mission. Think of it as building the high-performance radar and sensor suite for a cutting-edge security operations center. Your work in scripting, systems engineering, and seamless integration directly determines the speed, precision, and effectiveness of our entire threat hunting capability.

NOTE: This role is not a cybersecurity analyst; utilization of cyber tools (performing threat hunt, malware or vulnerability analysis) is not considered to be part of the standard duties.

Responsibilities:

• Design, set up, and manage a suite of tools supporting threat hunting (ex.: THOR, Asgard, Sysmon, Corelight, Microsoft Defender, Splunk, Sentinel) ensuring seamless integration with other technologies present on the network.
• Ensure that the deployment and operation of those tools meet strict security requirements and comply with IT Service Management policies governing the network environment. This includes producing the required documentation and maintaining testing environments.
• Apply best practices workflow automation by leveraging tools and technologies like N8N, Ansible and Magnet Automate to enhance efficiency and reliability.
• Liaise with supporting team in other services and business areas to ensure streamlined delivery of agents, logs and configuration items.
• Lead or contribute to the creation and ongoing maintenance of comprehensive documentation and Standard Operating Procedures (SOPs) to support operational continuity and compliance.
• Collaborate closely with team members and end users to incorporate feedback, continuously improving the quality and effectiveness of the delivered digital forensics capabilities.
• Proactively identify and propose system improvements to ensure an up-to-date and stable environment. Justify business needs, and prepare documentation and an implementation plan for the Change Management Board. Implement the approved changes following coordination with other stakeholders.

Essential Qualifications & Experience:

• Education: A Bachelor's degree in Computer Science, Information Technology, or a related field, combined with a minimum of 2 years of experience in a cybersecurity engineering or similar role. Alternatively, a secondary education with an advanced vocational qualification and 5 years of post-related experience, or, exceptionally, at least 8 years of demonstrated, progressive expertise in the domain.
• Tooling Expertise: Strong, hands-on experience in deploying, managing, and maintaining cybersecurity tools in large, complex enterprise environments, with significant practical experience in Linux system administration.
• Scripting & Automation: Proven practical skills in writing scripts for automation using Bash, Python, or Ansible. Knowledge of PowerShell and other integration tools is required.
• Infrastructure Knowledge: In-depth understanding of core infrastructure concepts: networking (IPAM, firewalls, proxies, load balancers), hosting, virtualization (preferably VMware), and certificates.
• Cybersecurity Fundamentals: Solid understanding of cyber threat hunting methodologies, cybersecurity concepts, and network communication protocols (TCP/IP, HTTP/S, DNS).
• Collaboration & Process: Strong team spirit, excellent verbal and written communication skills in English, and the ability to produce detailed technical documentation and adhere to formal change management processes.
• Desirable Experience
  • Practical experience with specific tools: Sysmon, Nextron Asgard/THOR solutions.
  • Professional experience in cybersecurity monitoring or a Security Operations Center (SOC) environment.
  • Hands-on experience with Microsoft Azure and Microsoft Defender for Endpoint.
  • Experience as an end-user of SIEM and log aggregation systems (e.g., Splunk).
  • ITIL Foundation certification or similar service management knowledge.
  • Prior experience working for NATO or in an international/military-civilian organization.

If you've read the description and feel this role is a great match, we'd love to hear from you! Click "Apply for this job" to be directed to a brief questionnaire. It should only take a few moments to complete, and we'll be in touch promptly if your experience aligns with our needs.