Would you like to join the leading international intergovernmental organization?
We are seeking a MISP Platform Engineer & Cyber Threat Intelligence Specialist to join a multi-disciplinary team supporting the NATO Cyber Security Centre (NCSC). You will be part of a team responsible for the full lifecycle of MISP-based threat intelligence platforms — from system administration and DevOps to data curation, community management, and dissemination.
Responsibilities:
1. MISP Platform Engineering & DevOps
* System Administration: Proactively manage and maintain multiple MISP environments (test, production, training) running MISP, MISP-guard, and Cerebrate software, ensuring confidentiality, integrity, and availability in line with NATO security policies.
* Deployments & Patching: Regularly update MISP software to the latest version (typically monthly releases deployed within 1–4 weeks), including routine vulnerability patching and change management support.
* Infrastructure Scaling: Stand up, configure, and manage additional MISP, MISP-guard, and Cerebrate infrastructure as required, including temporary infrastructure for missions, exercises, or training.
* Monitoring: Configure and extend system monitoring for MISP and MISP-guard instances.
* Incident Handling: Remediate operational issues with 24/7 on-call support; treat critical vulnerability reports as cyber security incidents.
* Documentation: Maintain installation/configuration guides, technical architecture documentation, and runbooks compliant with NATO policies.
2. Software Testing & Quality Assurance
* Test Strategy: Define a test strategy for the MISP platform covering manual GUI testing (org/user management, CRUD operations, sync scenarios) and automated API testing (using pytest or Robot Framework with PyMISP).
* Test Automation: Develop automated functional tests covering 90%+ of required API endpoints (analystData, attributes, events, galaxies, organisations, roles, servers, etc.).
* Manual Testing: Create and execute manual test cases for basic MISP GUI functionality.
* Test Reporting: Produce test reports for each MISP release (typically monthly) with executive summaries, issue severity classifications, and acceptance statements.
3. MISP Community Management
* User Support: Provision organizations and users, handle password/MFA resets, refer users to documentation, and forward technical issues to relevant personnel.
* SLA Compliance: Start work on resolution within 1 hour of request receipt during NCIA NCSC business hours (Mons/SHAPE).
* Ticket Management: Process support requests via the tool defined by the CSISS Service Delivery Manager.
4. Data Curation
* Best Practices Documentation: Research and document best practices for MISP data entry, including data entry standards, external source mapping, validation guidelines, and data quality feedback loops.
* Taxonomy & Galaxy Management: Document commonly used MISP taxonomies and galaxies with clear descriptions of tags and usage examples.
* Process Definition: Define processes for:
* Incoming MISP event processing (intake, review, assignment, quality management, dashboard creation)
* Access and distribution management (distribution settings, dashboard access rules)
* Data lifecycle management (classifications, lifecycle stages, retention rules, IOC aging)
* Operational Curation: Perform daily data curation: intake, review, validation, tagging (taxonomies/galaxies), IOC lifecycle management, quality improvement, dashboard maintenance, retention/archival, and access compliance checks. Target data quality ≥95%.
5. Data Dissemination
* Process Definition: Define dissemination processes for MISP and other CTI products, covering communication of available products/updates/actions, user subscription mechanisms, and release calendar management.
* Operational Dissemination: Distribute intelligence products, updates, alerts, and notifications accurately, securely, and timely to appropriate stakeholders. Target dissemination accuracy ≥99%.
Essential Qualifications & Experience:
* Software Testing:5+ years demonstrated experience in functional software testing
* LAMP Sysadmin:5+ years as sysadmin with LAMP servers (Linux, Apache, MySQL/MariaDB, PHP)
* RedHat:3+ years experience with RedHat
* Python:3+ years Python scripting experience
* MVC & Code Review:3+ years experience in MVC software development and code review of web applications (PHP + SQL)
* Data Analysis:3+ years experience in data analysis
* Business Process:3+ years experience defining and documenting business processes
* Cyber Threats:Very good technical understanding of cyber threats to web-based products
* Cyber Security Principles:Good understanding of cyber security principles, best practices, concepts, and technology
* Soft Skills:Ability to work independently and in teams; monitor and support a team; support high-intensity military exercises for multiple weeks; excellent organising and communication skills
* Language:Good communications and writing skills in English
If you've read the description and feel this role is a great match, we'd love to hear from you! Click "Apply for this job" to be directed to a brief questionnaire. It should only take a few moments to complete, and we'll be in touch promptly if your experience aligns with our needs.