Cyber Security Engineer Oeiras

About the Role

Spektrum is supporting the NATO Communication and Information Agency (NCIA) in delivering secure and effective communications and information technology services to NATO member countries and partners. The successful candidate will work on the Assistance and Advisory Service (AAS), contributing to the design, implementation, and accreditation of NATO’s enterprise‑wide information technology infrastructure.

Role ID – 2025-0342

Role Duties and Responsibilities

• Develop and maintain system descriptions for ALE systems, documenting technical details, connections, locations, and inventories. Document titled “CIS Description” and maintained under version control.
• Define the accreditation strategy and plan for ALE systems, formalising the “Security Accreditation Plan (SAP)” under version control.
• Perform high‑level security risk assessments (SRA) to inform early design, identifying assets, threats, vulnerabilities, likelihood/impact, and initial risk ratings.
• Define system‑specific security requirements and control coverage, creating the “System‑specific Security Requirement Statement (SSRS)” under version control.
• Develop and maintain Security Operating Procedures (Sec
  OPs) for day‑to‑day operations, covering:
• Administrators: account/privilege management, backups, patching, baseline configurations, logging/monitoring, incident and change handling, and continuity steps.
• End Users: acceptable use, data handling, access/MFA, reporting suspicious activity, and secure usage guidance.
• Define security test and verification activities, formalising the “Security Test and Verification Plan (STVP)” under version control.

Essential Skills, Experience and Certifications

• Cyber Security Engineer Experience
  • Minimum 5 years designing secure, scalable solution architectures aligned with enterprise standards.
  • Minimum 5 years applying and overseeing physical, procedural, and technical security controls; conducting risk assessments; leading incident response.
  • Minimum 5 years of system and application hardening, collaborating across technical teams to enforce best practices and compliance.
• Accreditation Process: Demonstrated success in managing accreditation processes, defining assurance requirements, and coordinating with stakeholders.
• Communication Skills: Excellent written and verbal communication in English, able to explain technical information clearly.
• Collaboration: Ability to work effectively in a team environment and coordinate with multiple stakeholders.
• Documentation: Strong documentation capabilities including SOPs, technical manuals, and security guidelines.
• Analytical Skills: Strong problem‑solving and troubleshooting ability, with capacity to quickly identify issues and determine efficient resolutions.

Desirable Skills, Experience and Certifications

• Knowledge of working with the NCI Agency and/or NATO organisations.
• Knowledge of ISO27001 or equivalent standards.
• Familiarity with Agency tools for configuration, risk, and documentation management.
• Experience supporting audits.
• Understanding of Agile delivery practices.

Working Location

Oeiras, Portugal

Working Policy

Onsite

Travel

Some travel to other NATO sites may be required.

Security Clearance

Valid National or NATO Secret personal security clearance.