2770 Support for SIEM (Splunk)
On site
Mons, Belgium
Freelance
17-04-2025
Job Specifications
SCOPE OF WORK
Under The Direction Of The CSDE Cell Head, SEC007 SDM Or Delegated Authority, a Contractor Will Be The Part Of The NCSC Team Supporting The Following Activities
Log collection
Manage log collection of new data log sources in SIEM which includes, but is not limited to, log ingestion process from various data sources located on premise or in the cloud, data mapping to Splunk Common Information Model, integration with existing Splunk data models, testing log ingestion, validating log ingestion quality with stakeholders.
Document all relevant information in Confluence in accordance with CSDE standards
Coordinate such activity with CSDE team and T3 customers
Service availability and monitoring
Act as one of the engineers and Subject Matter Expert (SME) for SIEM and Log Collection services within the Cyber Security Data team
Monitoring the availability and performance of the SIEM environment including log collection
Detecting and reporting to SDM any service degradation
Taking appropriate actions to restore the environment to a fully operational state when a problem is detected.
Following best practices for maintaining the Splunk environment in a stable and reliable state with the objective of preventing any service degradation
Ensure that data security systems are installed, configured, and operating correctly and in line with dependencies with others systems or applications required
Ensure that data security systems operate within any KPI’s, as defined in Service Level Agreements with NCSC customers
Change management
Implement changes to the SIEM environment including but not limited to: software upgrades, new applications deployment, deploying new servers, modifying existing configuration of the SIEM environment, collecting new data sources, deploying new software.
Follow NCSC Change management process to get approval before implementing changes. This includes, but is not limited to, creating the change request, ensure all necessary information is provided in due diligence, following up the change request to ensure quick approval, attending to CAB meeting when necessary, providing impact assessment when required.
Coordinate all these changes with CSDE and external teams.
Develop and maintain documentation guidelines, standard operating procedures, system and service design documents and other relevant documentation that support management of the data security systems.
Reporting and advisory role
Attending meeting when there is a need for representing the cell, for providing technical advice or for reporting relevant information to the team or other stakeholders.
Reporting any relevant information to the cell head, the SDM or other team members.
Providing support to customers
Provide support to customers (mainly security analysts but not limited to them) facing issues or needing technical assistance
COORDINATION
The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, according to the manager’s / team leader’s instructions.
SCHEDULE
The period of performance is as soon as possible but not later than 09 June 2025 (tentative) and will end no later than 31 December 2025.
If the 2026, 2027 and 2028 options are exercised, the period of performance is 01 JAN to 31 DEC of the respective year.
TRAVEL
There is no travel expected. However, if required during the execution of this contract, travel costs are out of scope and will be borne by the NCI Agency separately.
SECURITY AND NON-DISCLOSURE AGREEMENT
Any proposed resource providing services under this SOW must be in possession of a security clearance NATO SECRET or above. The signature of a Non-Disclosure Agreement between any Service Provider’s individuals contributing to this task and NCIA will be required prior to execution.
PRACTICAL ARRANGEMENTSThe services will be performed by a contractor on site at SHAPE Mons Belgium. The contractor will be required to work 100% onsite in Mons / BEL as part of this engagement. The NCSC Team is located in Mons / BEL
Services will be provided on site during standard working days/hours.
Exceptionally, the contractor will be on call (max limit : 1 week per month) for this position (e.g. NATO summit)
On-Call Rotation Schedule
The schedule will be defined during sprint planning and will outline who is responsible for on-call activities duties each week
On-call duty will cover critical issues outside working hours, including weekend and national holidays.
The Contractor would cover maximum 1 week per month
Security Classification: NATO Secret
Regular travel costs to and from main location of the work (SHAPE) are out of scope and will be borne by the contractor.
This work must be accomplished by one contractor.
The Purchaser will provide the contractor with the following Purchaser-Furnished Equipment (PFE): Access to NATO sites, as required, for the purpose of executing this SOW; Workspace (needed business IT at NCSC facility); NCIA “REACH” laptop to be used by the contractor for the execution of the contract.
Required Profile
The contractor that is going to perform the identified tasks as an Operation and Maintenance Expert in SIEM (Splunk) infrastructure management and log collection must have demonstrated skills, knowledge and experience as listed below:
A good understanding of IT Security
At least 2 years of relevant experience and strong technical skills in administering, deploying, installing, configuring and maintaining large distributed Splunk Enterprise environment
Good programming skills in at least one of these languages: Ansible, python or bash
A good understanding of networking and various protocols such as TCP/IP, HTTP(S), DNS.
Very good knowledge and proven experience of Linux system and application administration and troubleshooting
Ability to work autonomously
Accuracy and attention to detail
Each team member shall be dressed suitably for meetings with high ranked officials
Strong reporting skills to various levels of seniority
Language Proficiency: A thorough knowledge of English language, both written and spoken, is essential.
Responsible for complying with all applicable local employment laws, in addition to following all SHAPE & NCIA on boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.
The service provider shall be required to provide services on NCIA working days
About the Company
Contact One Communications, Inc. is a worldwide systems integration company providing leading edge Information Technology services including Engineering and Installation (E&I), Operations and Maintenance (O&M) and Force Protection in the fields of Cyber Security and Information Assurance, Perimeter Security and Telecommunications Infrastructure. We are a "go to" organization for rapid response requirements in support of expeditionary missions. We work on US Department of Defense (DoD), North Atlantic Treaty Organization (NA... Know more
Related Jobs
- Company Name
- NEBIRU
- Job Title
- Application Support Engineer
- Job Description
- Join our client's team and be a part of ensuring the smooth operation of their cloud-based infrastructure! Your role: Manage and maintain our Azure tenant, ensuring smooth daily operations. Address and resolve operational issues within the Azure environment. Collaborate with support teams to investigate and resolve incidents. Act as the initial point of contact for IT-related issues, providing timely and effective responses. Troubleshoot and resolve basic technical problems reported by users. Log, categorize, and prioritize IT service requests using the company’s ticketing system. What You Bring: Bachelor’s degree in Information Technology, Computer Science, or a related field. Strong experience with ServiceNow as an ITSM tool. Experience managing Microsoft Azure environments, including integrations, Entra ID, SendGrid, and Azure firewall. Familiarity with IT service management frameworks (e.g., ITIL). Excellent problem-solving abilities and strong verbal and written communication skills. Ability to work effectively both independently and as part of a team. Fluency in English (written and oral); knowledge of Dutch and/or French is a plus. Preferred Certifications: Microsoft Azure Administrator Associate (or equivalent). ITIL Foundation Certification. Information security certifications (e.g., CompTIA Security+, CISSP). Interested? Apply today!
- Company Name
- Nova Hunte
- Job Title
- UX Developer
- Job Description
- Are you a User Experience Expert with 10+ years of frontend development experience? Apply now for a hybrid long-term contract opportunity for a public sector client in Belgium. EU nationality is required due to security clearance. Requirements: 10+ years of experience in UX/UI design principles and implementation (responsive design, wireframes, accessibility standards) 10+ years of experience in HTML/CSS and JavaScript libraries (jQuery, Ajax, Json, Gsap) 5+ years of experience with Drupal themes (preferably Drupal 8/9/10) 5+ years of experience with Angular/Typescript Experience with front-end tooling (Webpack, npm) Familiarity with version control systems (Git, GitHub, GitLab) Experience working in Agile/Scrum environments and using tools like JIRA, Confluence Knowledge of Docker or other containerization tools Languages: English (fluent) Job Description: Develop and maintain responsive and accessible user interfaces using Drupal and Angular Implement multilingual setups and internationalization (i18n) for global projects Transfer wireframes into functional interfaces following UX/UI best practices Debug and optimize performance for both Drupal and Angular environments Write clear and structured technical documentation Collaborate with development teams using Agile/Scrum methodologies
- Company Name
- TRIJIT
- Job Title
- Java Application Developer
- Job Description
- Description Role As a medior developer, the candidate will join a mixed Agile team developing features for a pension simulator. The developer will work within the Exsyspen team, responsible for simulations for the policy research department to provide data useful for decision-making. Main responsibilities include developing and maintaining Java applications, collaborating with development teams to integrate new features, participating in code reviews and testing, resolving technical issues, and optimizing performance. The developer will also be responsible for keeping up with technological advancements in Java and providing necessary data for policy research. More specifically, the role involves coding for: Functionally: Separation between socio-economic simulation and benefit calculations. Integration of the constant public population model and probabilistic model. Publication of simulations on pension Stat. Technically: Software upgrades (including migration to Java 21). Integrated deployment of both the Toolkit (Framework) code and the simulation code. Required Skills Java Git Jenkins Agile methodology Cassandra Vert.x Advanced SQL XLDeploy Linux Dynatrace CI/CD Maven TDD Jira CQL Experience with microservices and distributed architectures (preferred) Candidate Requirements Ability to work in a team Clear communication skills Proactivity and autonomy Problem-solving abilities Strong critical thinking Knowledge of best practices in Java application development Ability to set priorities Good organizational skills Ability to document work Ability to manage priorities and work under pressure Adaptability and flexibility to change Selection Criteria Over 15 years of experience in Java development 5+ years of experience with Git 5+ years of experience with Jenkins 5+ years of Agile methodology experience At least 2 years of experience with Cassandra In-depth knowledge of Vert.x, SQL, XLDeploy, Linux, Dynatrace CI/CD experience Ability to coach junior developers Proven autonomy and strong critical thinking Knowledge of microservices and distributed architectures Business knowledge of employee and public sector pensions (a strong plus) Additional Requirement: In their CV, the candidate must briefly explain the contribution of Vert.x in the context of a simulation tool. On-site Presence: The mission requires at least 2 days per week on-site at the SFP offices in Brussels. Roles Expert Application Developer Languages Dutch: Native English: Active knowledge French: Passive knowledge
- Company Name
- Eames Consulting
- Job Title
- DevOps / Cloud Security Engineer - AWS
- Job Description
- DevOps / Cloud Security Engineer (AWS) Location: Antwerp Duration: 12 Month Contract Daily Rate: 400 to 450 Euro per day via umbrella. Key responsibilities: Architect, implement, and oversee secure cloud environments, primarily on AWS. Support IT DevOps teams on securely building and maintaining cloud infrastructure. Develop and maintain CI/CD pipelines with embedded security controls for automated deployments. Continuously monitor and fine-tune cloud infrastructure for performance, cost-efficiency, and security compliance. Support the administration of IT security technologies and services across the company. Partner with DevOps teams to proactively identify and address cloud security risks. Utilize Infrastructure as Code (IaC) methodologies to automate infrastructure provisioning and management. Ensure robust disaster recovery, high availability, and incident response strategies are established. Collaborate with development teams to integrate security seamlessly into DevOps processes. Technical Context: Over three years of experience managing cloud infrastructure across AWS (Azure and GCP are a plus) Practical expertise in containerization technologies (e.g., Docker) and securing microservices architectures Proficient in automation and scripting using Python, Bash, and PowerShell Knowledgeable in serverless architecture security and API security best practices Skilled in implementing and managing CI/CD pipelines Deep understanding of infrastructure as code (IaC) principles and tools Strong grasp of logging, monitoring, and SIEM solutions Please apply and a member of the team will reach out ASAP.