C003950 Threat Hunting Analyst (NS) - FRI 1 May RELAUNCH

Deadline Date: Friday 1 May 2026

Requirement: Threat Hunting Analyst

Location: Mons, BE

Full Time On-Site: Yes

Time On-Site: 100%

Total Scope of the request (hours): 482

Required Start Date: 8 June 2026

End Contract Date: 31 December 2026

Required Security Clearance: NATO SECRET

Duties and Role:

• Prioritize, plan and execute threat hunts.
• Can work independently, as well as part of the team.
• Highlight improvements on the detection and prevention methods (IDS, SIEM content for correlation, modification of security settings, etc…).
• Pro-active engagement with the Cyber Community internal to NATO.
• Monthly reporting on approved KPIs.
• Creation/maintenance of Standard Operating Procedures (SOPs) to support all aspects of their role.
• Monthly reporting to both the Customer and Business Stake Holders.
• Assist NCSC, when required, in support to Cyber Incident Analysis and Response.
• Production of high quality hypotheses and detection use cases documented in the centralized knowledge base of NCSC.
• Advise on, test and implement Data Analysis, Artificial Intelligence and Machine Learning technologies to augment and improve existing NCSC process,
• Improvement of NCSC processes for receiving, searching, analysing, and storing cyber threat data.
• Regular, at least monthly, Knowledge Transfer meetings with appropriate stakeholders, focusing on:
• Successes and setbacks,
• Lessons identified/learned,
• Improvements to the Cyber Security processes currently in use within NCSC.

Requirements:
Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Significant demonstrable experience in Cyber Security related environment.
• Excellent analytical and hypothetical thinking.
• Experience in liaising at both the technical and managerial level, the incumbent must have excellent written and spoken communication skills.
• Experience in producing accurate and meaningful reports, both technical and managerial, on activities related to Cyber Security.
• Able to organize and lead.
• Able to work as part of a team and under direction of a higher authority.
• Strong collaboration and interpersonal skills.
• Pattern Recognition/Deductive Reasoning
• Highly Desirable to have one or more advanced professional SANS (500/600/700) certifications (e.g., GCIA, GCFA, GNFA, GREM,…) or with the same level of quality.
• Demonstrable self-learning capability on complex technical subjects.
• Knowledge and practice of Data Analytics, Data Mining, Data Enrichment, Artificial Intelligence and connected concepts such as Large Language Models, Retrieval Augmented Generation, Machine Learning;
• A good understanding in at least three of these areas: Network Based Intrusion Detection Systems (NIDS), Host Based Intrusion Detection Systems (HIDS), Network security appliances and networking devices and associated management software. A variety of Security Event generating sources at network and host level (e.g. Firewalls, IDS, Routers, Security Appliances, …), Computer Forensics Tools (stand alone, online and network), Computer Security Tools (Vulnerability Assessment, Anti-Virus, Anti-Spyware, etc.), Network protocols, Scripting languages (PowerShell/Python/…).
• Ability to effectively manage own workload in a high tempo environment to Time, Quality and Standards.
• Ability to effectively communicate technical solutions to various audiences, both technical and non-technical.
• Be self-motivated and driven.
• Ability to work in an International environment embedded in the Customer's location in mainland Europe (Belgium).