IT Security SME

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting

Allied Command Transformation (ACT) is NATO’s leading agent for change: driving, facilitating, and advocating the continuous improvement of Alliance capabilities to maintain and enhance the military relevance and effectiveness of the Alliance. The main objectives of ACT are: providing appropriate support to NATO missions and operations; leading NATO military transformation; and improving relationships, interaction and practical cooperation with partners, nations and international organisations. ACT therefore leads Alliance concept development, capability development, training and lessons-learned initiatives and provides unfettered military support to policy development within NATO.

The Program

Capability Development & Management Support (CDMS)

 DCOS Capability Development (CAPDEV) acts as the Supreme Allied Commander Transformation's Director for guidance, direction and coordination of the activities and resources of the Capability Development Directorate.

The Requirements Division will execute all tasks and activities needed to support requirements management for NATO capabilities

The Capability Requirements (CR) Branch will develop the Capability Requirements Brief and recommended courses of action to resolve issues through the life cycle management of requirements using matrixed, cross-functional project-specific Requirements Management teams.

The Requirements Forward Branch (Mons) is responsible for conducting requirements development and management representation and engagement-related functions in Europe.

The Capability Division coordinates the development of capabilities from capability planning through acceptance and then disposal with management entities, NATO Headquarters staff and the NATO Governance Structure

The Capability Forward Branch (Mons) coordinates with ACO, NCIA, NSPA, NATO HQ, territorial Host Nations, and NATO Centres of Excellence (COEs) to support the development of capabilities.

Strategic Plans and Policy (SPP) supports Allied Command Transformation in formalizing military advice to shape future military strategy, political guidance, and other policy documents supporting NATO’s strategic objectives.

Role Duties and Responsibilities

• Provide subject matter expertise in cybersecurity engineering to design and implement secure systems, networks, and applications across NATO environments.
• Engineer, implement, and monitor technical and organizational security measures for the protection of computer systems, networks, and sensitive information.
• Identify, define, and document system security requirements, ensuring they align with NATO security standards and operational priorities.
• Design secure architectures and develop detailed Cybersecurity designs, supporting enterprise-scale solutions and mission-critical systems.
• Plan, research, and develop security policies, standards, and procedures aligned with NATO standards.
• Deploy, configure, and monitor advanced security tools and vulnerability management solutions (e.g., Nessus, Prisma, Qualys, Burp Suite, OpenVAS).
• Integrate security principles into Agile and DevSecOps workflows to ensure security is embedded from the outset of product development.
• Perform risk assessments using established tools and frameworks, advising stakeholders on mitigation strategies.
• Conduct incident response planning, disaster recovery preparation, and contribute to forensic investigations where required.
• Collaborate closely with developers, system administrators, and product managers to ensure security requirements are met throughout the lifecycle.
• Clearly communicate complex cybersecurity risks and issues to technical teams, leadership, and non-technical audiences

 Essential Skills and Experience

• Proven experience engineering, implementing, and monitoring security measures across networks, systems, and applications (incl.code analysis & vulnerability mgmt).
• Demonstrated ability to define, document, and maintain security requirements aligned with organizational goals.
• Experience designing secure enterprise architectures and developing detailed cybersecurity designs.
• Embedding security practices in Agile/DevSecOps or lean start-up teams
• Hands-on experience with vulnerability assessment, intrusion detection, firewalls, antivirus, and content filtering.
• Experience using security tools such as Nessus, Prisma, Qualys, Burp Suite, OpenVAS, or equivalent.
• Experience in risk assessment and security auditing methodologies.
• Experience planning, developing, and maintaining security policies, standards, and procedures.
• Proven track record in system administration across multiple operating systems and platforms.
• Strong communication skills to present complex security issues to peers, management, and leadership.
• Security certifications (CISSP, CISM, Security+, CEH, or equivalent)

Education

• University degree in ICT, Information Security, or related discipline.

Language Proficiency

• Advanced Proficiency in English

Working Location

• Norfolk, VA, USA

Working Policy

• On-Site

Contract Duration

• January 2026 – December 2030

Security Clearance

• Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.