C004893 Digital Forensics Platform Administrator (NS) - FRI 29 May - #45948

Deadline Date: Friday 29 May 2026

Requirement: Digital Forensics Platform Administrator

Location: Mons, BE

Full Time On-Site: Yes

Time On-Site: 100%

Total Scope of the request (hours): 836

Required Start Date: 13 July 2026

End Contract Date: 31 December 2026

Required Security Clearance: NATO SECRET

Duties & Role:

As part of a small team of technical experts performing the tasks listed above, your main duties will be to:

• Design, set up, and manage a suite of digital forensics acquisition tools (ex.: F-Response, Velociraptor, X-Ways, Axiom) ensuring seamless integration with other technologies present on the network.
• Ensure that the deployment and operation of forensic and XDR tools (ex.: Fidelis, CrowdStrike, Cortex, Defender XDR) meet strict security requirements and comply with IT Service Management policies governing the network environment.
• Apply best practices in forensic workflow automation by leveraging tools and technologies like N8N, Ansible and Magnet Automate to enhance efficiency and reliability.
• Ensure that forensic tools are properly configured with the necessary routing and network rules, enabling secure and reliable access across different segments of the network.
• Lead or contribute to the creation and ongoing maintenance of comprehensive documentation and Standard Operating Procedures (SOPs) to support operational continuity and compliance.
• Collaborate closely with team members and end users to incorporate feedback, continuously improving the quality and effectiveness of the delivered digital forensics capabilities.

Deliverables

The main deliverables as will be to:

• The service provider shall deploy, configure, and maintain the suite of digital forensics and XDR tools, ensuring all systems are kept up to date in accordance with IT Service Management (ITSM) processes.
• The provider is expected to integrate user feedback and implement enhancements to improve usability and effectiveness, which may include developing automation scripts or custom configurations to meet operational requirements.
• For coordination purposes and due to the access required, the provider of this service shall work onsite, at SHAPE, Mons, Belgium.
• The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA onboarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.
• The service provider shall not be required to work on NCIA holidays.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Essential to have a Bachelor's Degree in Computer Science (or similar) combined with a minimum of 2 years' experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCI Agency; that is, at least 8 years extensive and progressive expertise in the duties related to the function of the post.
• At least 5 years of experience in deploying, managing and maintaining forensics and XDR tools in complex environments;
• At least 2 years of experience with remote acquisition tooling (Fidelis and/or F-Response) with demonstrated ability to configure, support deployment at scale including resolving failed collections and performance issues.
• At least 2 years of experience with collaboration tools such as Jira and Confluence;
• Strong understanding of forensically sound acquisition principles (integrity verification, repeatability, minimizing system impact).
• Windows Server/Desktop administration skills: services, drivers, certificates, event logs, permissions, remote management.
• Ability to diagnose host-level issues impacting forensic tools (resource contention, disk I/O, endpoint controls, OS patch impacts).
• Experience with Red Hat Linux and managing a fleet of servers with Ansible
• Have an in-depth understanding of infrastructure concepts related to Hosting, Networks, IP address Management, firewalls, certificates, Load balancing and Proxy;
• Experience working with vendors (support tickets, log bundles, upgrades) and communicating impacts/ETAs to investigators/analysts.
• Experience implementing least-privilege access, credential handling, and audit logging for forensic systems.
• Knowledge and demonstrable experience with scripting languages and integration tools including PowerShell, Python, Bash, Batch and Ansible;
• Good understanding of cyber security concepts;
• Good understanding of network communication protocols;
• Good verbal and written communication skills in English;
• Strong team-spirit attitude;
• Ability to produce detailed technical documentation and follow change management processes.

Desirable

• Professional experience in digital forensic analysis;
• Past experience working for NATO or in an international organization;
• Experience with Microsoft Azure, Microsoft Defender for Endpoint.