This website uses cookies to ensure you get the best experience.

WLG and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics and marketing purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor

These cookies are used to make advertising messages more relevant to you. In some cases, they also deliver additional functions on the site.

Vendors Youtube
Skip to main content
DevOps · Mons

MISP Platform Engineer & Cyber Threat Intelligence Specialists for NATO with security clearance

Would you like to join the leading international intergovernmental organization?

We are seeking a MISP Platform Engineer & Cyber Threat Intelligence Specialist to join a multi-disciplinary team supporting the NATO Cyber Security Centre (NCSC). You will be part of a team responsible for the full lifecycle of MISP-based threat intelligence platforms — from system administration and DevOps to data curation, community management, and dissemination.

Responsibilities:

1. MISP Platform Engineering & DevOps

  • System Administration: Proactively manage and maintain multiple MISP environments (test, production, training) running MISP, MISP-guard, and Cerebrate software, ensuring confidentiality, integrity, and availability in line with NATO security policies.

  • Deployments & Patching: Regularly update MISP software to the latest version (typically monthly releases deployed within 1–4 weeks), including routine vulnerability patching and change management support.

  • Infrastructure Scaling: Stand up, configure, and manage additional MISP, MISP-guard, and Cerebrate infrastructure as required, including temporary infrastructure for missions, exercises, or training.

  • Monitoring: Configure and extend system monitoring for MISP and MISP-guard instances.

  • Incident Handling: Remediate operational issues with 24/7 on-call support; treat critical vulnerability reports as cyber security incidents.

  • Documentation: Maintain installation/configuration guides, technical architecture documentation, and runbooks compliant with NATO policies.

2. Software Testing & Quality Assurance

  • Test Strategy: Define a test strategy for the MISP platform covering manual GUI testing (org/user management, CRUD operations, sync scenarios) and automated API testing (using pytest or Robot Framework with PyMISP).

  • Test Automation: Develop automated functional tests covering 90%+ of required API endpoints (analystData, attributes, events, galaxies, organisations, roles, servers, etc.).

  • Manual Testing: Create and execute manual test cases for basic MISP GUI functionality.

  • Test Reporting: Produce test reports for each MISP release (typically monthly) with executive summaries, issue severity classifications, and acceptance statements.

3. MISP Community Management

  • User Support: Provision organizations and users, handle password/MFA resets, refer users to documentation, and forward technical issues to relevant personnel.

  • SLA Compliance: Start work on resolution within 1 hour of request receipt during NCIA NCSC business hours (Mons/SHAPE).

  • Ticket Management: Process support requests via the tool defined by the CSISS Service Delivery Manager.

4. Data Curation

  • Best Practices Documentation: Research and document best practices for MISP data entry, including data entry standards, external source mapping, validation guidelines, and data quality feedback loops.

  • Taxonomy & Galaxy Management: Document commonly used MISP taxonomies and galaxies with clear descriptions of tags and usage examples.

  • Process Definition: Define processes for:

  • Incoming MISP event processing (intake, review, assignment, quality management, dashboard creation)

  • Access and distribution management (distribution settings, dashboard access rules)

  • Data lifecycle management (classifications, lifecycle stages, retention rules, IOC aging)

  • Operational Curation: Perform daily data curation: intake, review, validation, tagging (taxonomies/galaxies), IOC lifecycle management, quality improvement, dashboard maintenance, retention/archival, and access compliance checks. Target data quality ≥95%.

5. Data Dissemination

  • Process Definition: Define dissemination processes for MISP and other CTI products, covering communication of available products/updates/actions, user subscription mechanisms, and release calendar management.

  • Operational Dissemination: Distribute intelligence products, updates, alerts, and notifications accurately, securely, and timely to appropriate stakeholders. Target dissemination accuracy ≥99%.

Essential Qualifications & Experience:

  • Software Testing: 5+ years demonstrated experience in functional software testing

  • LAMP Sysadmin: 5+ years as sysadmin with LAMP servers (Linux, Apache, MySQL/MariaDB, PHP)

  • RedHat: 3+ years experience with RedHat

  • Python: 3+ years Python scripting experience

  • MVC & Code Review: 3+ years experience in MVC software development and code review of web applications (PHP + SQL)

  • Data Analysis: 3+ years experience in data analysis

  • Business Process: 3+ years experience defining and documenting business processes

  • Cyber Threats: Very good technical understanding of cyber threats to web-based products

  • Cyber Security Principles: Good understanding of cyber security principles, best practices, concepts, and technology

  • Soft Skills: Ability to work independently and in teams; monitor and support a team; support high-intensity military exercises for multiple weeks; excellent organising and communication skills

  • Language: Good communications and writing skills in English

If you've read the description and feel this role is a great match, we'd love to hear from you! Click "Apply for this job" to be directed to a brief questionnaire. It should only take a few moments to complete, and we'll be in touch promptly if your experience aligns with our needs.

Department
DevOps
Locations
Mons

Current job openings

More jobs

Mons

DevOps · Mons

MISP Platform Engineer & Cyber Threat Intelligence Specialists for NATO with security clearance

Loading application form

Applicant tracking system by Teamtailor