About this job

Nixu, a DNV Company, is recruiting a Cyber Threat Hunter to work in the service delivery team at NATO SHAPE / NCIA. While the assignment and day-to-day work will be based in Mons, Belgium, the employment contract will be issued in one of our following locations: Finland, Sweden, Denmark or the Netherlands. You will need to be eligible for employment under the labor laws of these countries, and have the willingness to relocate to Belgium until end of 2025.

We are looking for an expert to work in a team delivering a continuous Threat Hunting – service for NATO Cyber Security Center (NCSC). The NATO Cyber Security Center (NCSC) is a team of over 200 members working to monitor and protect NATO networks. The NCSC´s role is to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Mission (AOM). The center executes a portfolio of programs and projects around 219 MEUR per year to uplift and enhance critical cyber security services.

THE NCSC is responsible for defending NATO networks on a 24/7 basis and to proactively look for signs of malicious activities by threat hunting. The threat hunting activities encompass searches in existing security log sources based on threat intelligence hypothesis, anomaly detection and more general assessments. As a Threat Hunter you will work daily with NATO Cyber Threat Intelligence, SOC and the Cyber Threat Investigation Team.

We are looking for a Threat Hunter with a solid background in cyber security

A university degree in Information Security, Cybersecurity, Computer Science or a related field is desirable. A minimum of 3 years of professional experience in tasks related to providing cyber defense services is required.

We are looking for someone with a high level of experience in the following:

• Experience in analyzing Threat Intel reports and creating threat hunting hypothesis and queries based on those.
• Knowledge and experience in analysis of incidents, attack patterns and tactics, techniques, and procedures (TTPs).
• Experience supporting incident response and deeply familiar with common incident response procedures, processes, and tools.
• Experience with threat hunting, including deep knowledge of operating systems and Windows internals.
• Strong knowledge of malware families and network attack vectors.
• Knowledge of the MITRE ATT&CK framework.
• Knowledge of threat hunting with EDR-tools.
• Experience in writing Splunk queries using SPL.
• Experience in analyzing Sysmon events.

You have a strong ability to write technical reports in English, and an attention to detail and a high level of accuracy to maintain precision in all tasks and reports.

It is considered an advantage if you understand network forensics including common network protocols and how those are used in adversary operations. Applied knowledge of a variety of adversary command and control methods and protocols is desirable as well as the ability to produce contextual attack models applied to a scenario.

This job requires teamwork and experience in working in Threat Intelligence team is seen as an advantage. Also, previous experience in working for or supporting a military or governmental organization is seen as a big plus.

Specific working conditions

Due to the nature of the job, you will be working on-site at the customer´s premises in Mons, Belgium using tools provided by the customer. You will work in a normal office environment mainly with standard working hours with the exception of supporting possible major cyber incidents or du to urgent operational needs where non-standard working hours will be required.

This position requires passing the NATO SECRET security clearance.

Be one of us

We have recently embarked on an exciting journey – formerly known as Nixu, now combined forces with DNV and Applied Risk, with the goal of creating a leading European cyber security services business.

As DNV Cyber, we are passionate about cyber security and take pride in the way we are impacting the society we live in. We encourage you to excel professionally through knowledge sharing and demanding cases. At DNV Cyber, you'll have 500 colleagues who share an interest in cyber security with you.

At DNV Cyber, you will have the opportunity to work on a variety of cases and customers from various industries. You will be working in an international environment with global opportunities to advance in your career. With us, you will be surrounded by the most talented people in the cyber security field. We encourage you to keep challenging yourself by exploring new areas of expertise.

Join us on an exciting adventure of growth, meaningful work, and shaping the future through cyber security!

Apply now!

We are waiting for your application! To apply please create a profile in our recruitment system and attach you CV, cover letter and salary expectations.

Need more information?

If you have any questions regarding this position, please reach out to the hiring manager Antti Niemelä at antti.niemela[at]dnv.com.

A security background check will be a part of the recruitment process.