By continuing to browse this site, you agree to our use of cookies. Read our privacy policy

Senior IT Security Engineer (SGIS) (P4)

Vienna

  • Organization: IAEA - International Atomic Energy Agency
  • Location: Vienna
  • Grade: Mid level - P-4, International Professional - Internationally recruited position
  • Occupational Groups:
    • Engineering
    • Security policy
    • Information Technology and Computer Science
    • Technology, Electronics and Mechanics
    • Security and Safety
    • Monitoring and Evaluation
    • Nuclear Technology
    • Systems Engineering Team
    • Internal audit and inspection
    • Energy sector
  • Closing Date: Closed

Organizational Setting

 

The Department of Safeguards (SG) is the organizational hub for the implementation of IAEA safeguards. The IAEA implements nuclear verification activities for over 180 States in accordance with their safeguards agreements. The main objective of the Department is to maintain and further develop an effective and efficient verification system in order to draw independent, impartial and timely safeguards conclusions, thus providing credible assurances to the international community that States are in compliance with their safeguards obligations. Safeguards activities are undertaken within a dynamic and technically challenging environment including advanced nuclear fuel cycle facilities and complemented by the political and cultural diversity of the countries.


The Department of Safeguards consists of six Divisions\: three Operations Divisions for the implementation of verification activities around the world; three Technical Divisions (Division of Concepts and Planning, Division of Information Management, and Division of Technical and Scientific Services); and three Offices (the Office for Verification in Iran, the Office of Safeguards Analytical Services and the Office of Information and Communication Services).

 
Within the Department of Safeguards, the Office of Information and Communication Systems (SGIS) is the centre of competence for the specification, development and maintenance of Information and Communication Technology (ICT) systems and for the management of all ICT infrastructure and services to support safeguards. In partnership with other organizational entities, SGIS is responsible for planning and implementing an ICT strategy as well as enforcing ICT standards.

The Infrastructure Section is responsible for providing secure, reliable, and dependable computing, collaboration, database and communications services to the Department of Safeguards. The Infrastructure Section cooperates with other Sections and Divisions in the Department of Safeguards to deliver IT services at a very high standard. 

 

Main Purpose

Reporting to the Team Leader of the Systems Engineering Team, the Senior IT Security Engineer (SGIS) ensures that\: Safeguards data and systems are adequately secured against relevant threats; information security risks associated with infrastructure and implementation decisions are known beforehand, so that mitigation strategies can be addressed; vulnerabilities are identified and managed appropriately; sensitive operations relevant to information security are captured and auditable; and security projects are properly managed and delivered.


Role

The Senior IT Security Engineer (SGIS) is\: an (1) innovator, developing new strategies, tools, techniques, and procedures to enhance the Departments security; (2) a technical lead, who mentors junior technical staff to operate and improve the Departments security incident management procedures; (3) an expert in information security topics such as risk assessment, digital forensics, incident response, vulnerability management, and security monitoring; (4) a senior engineer who designs, implements, and manages security processes and tools.


Functions / Key Results Expected

  • Identify, investigate, lead and develop procedures and solutions for detecting and responding to information security incidents.
  • Assess the requirements and then mentor and train staff members to perform security operations tasks in order to ensure the coverage of multiple areas of basic security operations and hygiene.
  • Provide specialized expert advice in information security to mitigate breaches and develop new policies, strategies, and solutions to reduce security risks.
    Provide IT forensics expertise to the Department of Safeguards and other departments in the Agency including the acquisition, preservation, authentication, examination and documentation of electronic evidence from a variety of media and systems.
  • Advocate and champion information security policies, procedures, techniques, and tools through clear communication initiatives and strategies.
  • Develop risk measurement criteria consistent with the Departments mission, which will enable the organization to determine where to effectively apply security controls.
  • Evaluate new IT technical architectures based on that risk measurement criteria.
  • Build partnerships with Agency teams to obtain consensus and to find appropriate solutions on information security initiatives.
  • Formulate, plan and execute information security projects.
  • Devise and initiate vulnerability scans and penetration tests with well-defined scope and actionable reports as well as propose and implement improvements to security operations in order to enhance the security of Safeguards systems, both independently and in coordination with internal or external partners.

Competencies and Expertise

Core Competencies

Name Definition
 
Planning and Organizing Plans and organizes his/her own work in support of achieving the team or Section’s priorities. Takes into account potential changes and proposes contingency plans.
 
Communication Communicates orally and in writing in a clear, concise and impartial manner. Takes time to listen to and understand the perspectives of others and proposes solutions.
 
Achieving Results Takes initiative in defining realistic outputs and clarifying roles, responsibilities and expected results in the context of the Department/Division’s programme. Evaluates his/her results realistically, drawing conclusions from lessons learned.
 
Teamwork Actively contributes to achieving team results. Supports team decisions.

Functional Competencies

Name Definition
 
Client orientation Helps clients to analyse their needs. Seeks to understand service needs from the client’s perspective and ensure that the client’s standards are met.
 
Commitment to continuous process improvement Plans and executes activities in the context of quality and risk management and identifies opportunities for process, system and structural improvement, as well as improving current practices. Analyses processes and procedures, and proposes improvements.
 
Technical/scientific credibility Ensures that work is in compliance with internationally accepted professional standards and scientific methods. Provides scientifically/technically accepted information that is credible and reliable.

Required Expertise

Function Name Expertise Description
     
Information Technology IT Security Substantive expertise in IT security, in particular in an environment with extensive security requirements.
     
Information Technology Information Security Expertise in reverse engineering and de-obfuscating malware as well as digital forensics and security event analysis.
     
Information Technology Information Security Substantive expertise in various aspects of information security and security operations processes, including incident and event management; vulnerability management; and threat intelligence.
     
Information Technology Information Security and Risk Management Expertise in risk assessment frameworks and experience performing risk assessments as well as preparing practical, actionable risk treatment plans.
     
Information Technology Network Security Expert knowledge of network security technologies and concepts including how essential network services are architected and operated in real environments.
     
Information Technology Systems Development Understanding of complex system interactions as well as demonstrated expertise of scripting and programming languages and the demonstrated ability to write technical tools to accomplish security tasks such as automation of processes, configurations, and a
     
Training Training Design Demonstrated experience with designing and delivering training, security awareness programmes, and representing security interests in meetings and workshops as well as presenting highly technical topics to audiences with diverse understanding of the topic

Qualifications, Experience and Language skills

  • Advanced University degree in Information Technology Security, Information Technology Management, Information Security, Computer Science, or Engineering.  
  • Certifications in information security or extensive technical course work in security topics would be an asset.
  • A minimum of seven years of practical work experience in IT or information security, of which 5 years of direct experience with highly technical aspects of security such as\: malware reverse engineering; event management and automation; digital forensics; in-depth network intrusion analysis; or secure coding lifecycle management.
  • Practical and demonstrated experience in the following areas\: 
    - Conducting forensic acquisitions and examinations for a variety of platforms, operating systems and file systems, including Windows (FAT, NTFS), Apple (HFS , APFS, iOS), Linux (EXT2/3/4); and hands-on experience in forensic tools;
    - Installation, management and development of an enterprise security event management and threat detection system such as ArcSight, Alienware, Splunk, or the ELK platform;
    - Managing security incidents, analysis, and reporting;
    - Creating, operating, and improving security operations procedures and technical techniques related to vulnerability management; threat intelligence; threat detection; and providing automated solution to accomplish threat hunting activities;
    - Formulating, developing and implementing IT security projects, risk assessments, policies, standards, and procedures;
    - Producing training and presentation materials and delivering training courses or presenting highly technical topics to diverse audiences;
    - Experience using network security and analysis tools such as WireShark, tcpdump, Nessus, Bro, Fiddler, Burp Suite Metaspoit, and nmap.
  • Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset. 

Remuneration

The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $73516 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $ 29333, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; 6 weeks' annual vacation, home leave, pension plan and health insurance


-------------------------------------------------------------------------------------------------------------------------------------------------------------
Applications from qualified women and candidates from developing countries are encouraged

Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. The IAEA is committed to applying the highest ethical standards in carrying out its mandate. As part of the United Nations common system, the IAEA subscribes to the following core ethical standards (or values)\: Integrity, Professionalism and Respect for diversity. Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above. Testing may be part of the recruitment process
-------------------------------------------------------------------------------------------------------------------------------------------------------------


This vacancy is now closed.
However, we have found similar vacancies for you: