Senior IT Security Engineer (Safeguards Office of Information and Communication Systems ) (P4) - International Atomic Energy Agency Vienna, Austria Bookmark Share Print 453 0 2

Listing Description

Please note that we only accept applications through our official job portal on the IAEA website. Please apply here: http://bit.ly/3c2tK9Q

Organizational Setting

The Department of Safeguards (SG) is the organizational hub for the implementation of IAEA safeguards. The IAEA implements nuclear verification activities for over 180 States in accordance with their safeguards agreements. The main objective of the Department is to maintain and further develop an effective and efficient verification system in order to draw independent, impartial and timely safeguards conclusions, thus providing credible assurances to the international community that States are in compliance with their safeguards obligations. Safeguards activities are undertaken within a dynamic and technically challenging environment including advanced nuclear fuel cycle facilities and complemented by the political and cultural diversity of the countries.

The Department of Safeguards consists of six Divisions: three Operations Divisions for the implementation of verification activities around the world; three Technical Divisions (Division of Concepts and Planning, Division of Information Management, and Division of Technical and Scientific Services); and three Offices (the Office for Verification in Iran, the Office of Safeguards Analytical Services and the Office of Information and Communication Services).

Within the Department of Safeguards, the Office of Information and Communication Systems (SGIS) is the centre of competence for the specification, development and maintenance of Information and Communication Technology (ICT) systems and for the management of all ICT infrastructure and services to support safeguards. In partnership with other organizational entities, SGIS is responsible for planning and implementing an ICT strategy as well as enforcing ICT standards.

The Infrastructure Section is responsible for providing secure, reliable, and dependable computing, collaboration, database and communications services to the Department of Safeguards. The Infrastructure Section cooperates with other Sections and Divisions in the Department of Safeguards to deliver IT services at a very high standard.

Role

The Senior IT Security Engineer (SGIS) is: an (1) innovator, developing new strategies, tools, techniques, and procedures to enhance the Departments security; (2) a technical lead, who mentors junior technical staff to operate and improve the Departments security incident management procedures; (3) an expert in information security topics such as risk assessment, digital forensics, incident response, vulnerability management, and security monitoring; (4) a senior engineer who designs, implements, and manages security processes and tools.

Qualifications, Experience and Language skills

Advanced University degree in Information Technology Security, Information Technology Management, Information Security, Computer Science, or Engineering.

Certifications in information security or extensive technical course work in security topics would be an asset.

A minimum of seven years of practical work experience in IT or information security, of which 5 years of direct experience with highly technical aspects of security such as: malware reverse engineering; event management and automation; digital forensics; in-depth network intrusion analysis; or secure coding lifecycle management.

Practical and demonstrated experience in the following areas:

- Conducting forensic acquisitions and examinations for a variety of platforms, operating systems and file systems, including Windows (FAT, NTFS), Apple (HFS+, APFS, iOS), Linux (EXT2/3/4); and hands-on experience in forensic tools;

- Installation, management and development of an enterprise security event management and threat detection system such as ArcSight, Alienware, Splunk, or the ELK platform;

- Managing security incidents, analysis, and reporting;

- Creating, operating, and improving security operations procedures and technical techniques related to vulnerability management; threat intelligence; threat detection; and providing automated solution to accomplish threat hunting activities;

- Formulating, developing and implementing IT security projects, risk assessments, policies, standards, and procedures;

- Producing training and presentation materials and delivering training courses or presenting highly technical topics to diverse audiences;

- Experience using network security and analysis tools such as WireShark, tcpdump, Nessus, Bro, Fiddler, Burp Suite Metaspoit, and nmap.

Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.

Identify, investigate, lead and develop procedures and solutions for detecting and responding to information security incidents.

Assess the requirements and then mentor and train staff members to perform security operations tasks in order to ensure the coverage of multiple areas of basic security operations and hygiene.

Provide specialized expert advice in information security to mitigate breaches and develop new policies, strategies, and solutions to reduce security risks.

Provide IT forensics expertise to the Department of Safeguards and other departments in the Agency including the acquisition, preservation, authentication, examination and documentation of electronic evidence from a variety of media and systems.

Advocate and champion information security policies, procedures, techniques, and tools through clear communication initiatives and strategies.

Develop risk measurement criteria consistent with the Departments mission, which will enable the organization to determine where to effectively apply security controls.

Evaluate new IT technical architectures based on that risk measurement criteria.

Build partnerships with Agency teams to obtain consensus and to find appropriate solutions on information security initiatives.

Formulate, plan and execute information security projects.

Devise and initiate vulnerability scans and penetration tests with well-defined scope and actionable reports as well as propose and implement improvements to security operations in order to enhance the security of Safeguards systems, both independently and in coordination with internal or external partners.