ICT SECURITY EXPERT

Purpose of the post

The ICT Security Expert provides the technical security view to the ICT Security Officer in its mission of managing security of the ICRC information systems at the appropriate level. It includes:

• Delivering expertise in architecture design for improving protection mechanisms of the information systems
• Supplying relevant information to understand security trends and give tracks for enhancements
• Supporting ICT teams during exceptional security incidents

Main duties and responsibilities

• Manage & operate security tools to ensure that information systems are protected at the appropriate and expected security levels (i.e., vulnerabilities assessments)
• Identify security alerts and new threats, analyze their consequences and impacts, inform concerned parties and make sure they are handled in an proper way
• Establish and lead security activities related to critical incidents, in emergency situations, for the Geneva HQ as well as the field
• Actively contribute in improving detection of and response to information security-related events or incidents
• Monitor technical compliance with ICT security policies, procedures and standards
• Provide support to ICT sectors for technical implementation of security policies and all their related security controls
• Fully participate into new projects (applications, IT infrastructure, etc.), from the very beginning (typically the architecture design phase) to ensure that all the required security components are implemented to protect adequately the information systems
• Facilitate collaboration with other technical security resources (i.e., ICT platform responsible, consultants, external providers)
• Be the focal point for technical advices regarding security subjects coming from ICT Field engineers
• Continuously provide selected data to the ICT Security Officer for establishing security dashboard
• Do security training to ICT staff on technical subjects (i.e., OWASP, authentication methods, debugging tools)
• Be the ICT Security Officer’s backup in case of absence

Education and experience required

• At least 5 years of relevant professional experience
• Relevant experience in an international and multicultural environment
• A University degree in Computer Science, Engineering or related field
• Graduate specialization in security or networking, or equivalent experience
• Security certifications such as CISSP, GIAC, CompTIA Security+ or CEH

Desired profile and skills

• Able to work in both French and English (speaking and writing)
• Knowledge of information security standards, frameworks and best practices (ISO 27001, NIST, SANS)
• Analytical minded with a systematic approach, able to respond quickly to changing circumstances, challenge requests, value different perspectives and ideas
• Excellent communication, interpersonal and conceptual thinking skills
• Focuses on results and desired outcomes and how best to achieve them
• Adheres to a strong set of moral, ethical and professional principles which shows soundness of personal character, honesty and truthfulness
• In-depth knowledge of enterprise LAN / WAN & VPN technologies, common network protocols (DNS, HTTP/S, SMTP, SNMP, LDAP, NetBIOS, RTPS, Syslog, etc.) and components (routers, firewalls, Reverse Proxy, WAF, IDS/IPS, security gateways, etc.)
• Comprehensive knowledge of common authentication and authorisation mechanisms (LDAP, NTLM, Kerberos, ADFS), encryption and digital certificates implementation
• Excellent command of Microsoft OS (servers & workstations) and PowerShell scripting
• Thorough knowledge with monitoring, infosec assessment, forensics and pentest security toolset (i,e, QualysGuard, Metasploit, Burp, Wireshark, SIEM solution, etc.)
• Expertise in security architecture design and system hardening
• Basic programming and reverse engineering skills

Additional information

Type of role: Resident　

Type of contract: Open-ended　

Working rate: 100%　

Starting date: ASAP

Application deadline: 25 June 2017