IT Security Engineer (SGIS)(P3)

Vienna

Organization: IAEA - International Atomic Energy Agency
Location: Vienna
Grade: Mid level - P-3, International Professional - Internationally recruited position
Occupational Groups:
- Engineering
- Information Technology and Computer Science
- Security and Safety
Closing Date: Closed

This vacancy notice may be used to fill 2 posts.

Organizational Setting

The Department of Safeguards (SG) is the organizational hub for the implementation of IAEA safeguards. The IAEA implements nuclear verification activities for over 180 States in accordance with their safeguards agreements. The main objective of the Department is to maintain and further develop an effective and efficient verification system in order to draw independent, impartial and timely safeguards conclusions, thus providing credible assurances to the international community that States are in compliance with their safeguards obligations. Safeguards activities are undertaken within a dynamic and technically complex environment including advanced nuclear fuel cycle facilities and complemented by the political and cultural diversity of the countries.

The Department of Safeguards consists of six Divisions\: three Operations Divisions for the implementation of verification activities around the world; three Technical Divisions (Division of Concepts and Planning, Division of Information Management, and Division of Technical and Scientific Services); and three Offices (the Office for Verification in Iran, the Office of Safeguards Analytical Services and the Office of Information and Communication Services).

Within the Department of Safeguards, the Office of Information and Communication Systems (SGIS) is the centre of competence for the specification, development and maintenance of Information and Communication Technology (ICT) systems and for the management of all ICT infrastructure and services to support safeguards. In partnership with other organizational entities, SGIS is responsible for planning and implementing an ICT strategy as well as enforcing ICT standards.

Main Purpose

The IT Security Engineer (SGIS) is a technical specialist, designing and formulating IT security measures; an IT forensic expert capable of conducting forensic analysis; a solution provider, functioning as an expert in managing security-related incidents and coordinating service delivery; a project manager defining, planning and executing projects; and a specialist advisor advising management on IT security and best practices.

Role

The IT Security Engineer (SGIS is part of a team responsible for delivering the information security programmes and operations of the Department of Safeguards. The IT security engineer interacts, develops and nurtures relationships with information security experts and IT security practitioners across the Division, the Department of Safeguards, and the Agency. The IT Security Engineer works closely with IT and application delivery teams on security topics including incident response and provides subject matter expertise. He/she works with external vendors and product suppliers on new information and technical specifications to evaluate and assess the suitability of their products and keeps abreast of technical progress. He/she interacts, when appropriate, with all departmental staff and works closely with management on all aspects of IT security, and particularly on incident follow-up.

Functions/ Key Results Expected

Contribute as a key player in ensuring the confidentiality, integrity and availability of information systems and data through end-to-end IT security measures and by implementing appropriate technology and processes.

Work closely with the team to ensure the implementation, delivery and continuous improvement of the security operations processes, including\: event management; vulnerability management; digital forensics and incident response; risk assessment; vulnerability assessment and secure engineering as a practitioner or coordinator.

Develop efficient and effective security operations and incident response capability alongside teammates with a focus on building capabilities and automation informed by the understanding of common Tactics, Techniques, and Procedures (TTPs) and Indicators of Attach (IOAs).

Ensure that security violations and incidents are handled as per the incident management procedures, and provide computer- and IT-related forensic services, including the acquisition, preservation, authentication, examination and documentation of electronic evidence from a variety of media and systems. Conduct host-based forensics, network and log analysis; and triage of malware in support of security event and incident response procedures and provide fully-scoped incident management capability, including timely, relevant updates to leadership during security incidents.

Develop, implement and maintain vulnerability management and risk management procedures, design appropriate procedural and technical access control mechanisms and follow up on findings until resolution.

Ensure appropriate operation of IT security systems, including the design and application of appropriate standards and operating procedures.

Participate in IT projects on a daily basis to ensure they produce the required results. This includes planning, implementing and monitoring the projects, as well as creating project documentation.

Produce high-quality oral and written reports, presenting complex technical matters clearly and concisely. Create reports and analytical products involving data analysis to support management decisions; the effectiveness of security controls; communication of key statistics and information; and the measurement of key metrics (OKRs, KPIs etc).

Maintain proficiency in industry standards tools, techniques and practices and in relevant internal policies and procedures.

Competencies and Expertise

Core Competencies

Name	Definition

Communication	Communicates orally and in writing in a clear, concise and impartial manner. Takes time to listen to and understand the perspectives of others and proposes solutions.

Achieving Results	Takes initiative in defining realistic outputs and clarifying roles, responsibilities and expected results in the context of the Department/Division’s programme. Evaluates his/her results realistically, drawing conclusions from lessons learned.

Teamwork	Actively contributes to achieving team results. Supports team decisions.

Planning and Organizing	Plans and organizes his/her own work in support of achieving the team or Section’s priorities. Takes into account potential changes and proposes contingency plans.

Functional Competencies

Name	Definition

Client orientation	Helps clients to analyse their needs. Seeks to understand service needs from the client’s perspective and ensure that the client’s standards are met.

Commitment to continuous process improvement	Plans and executes activities in the context of quality and risk management and identifies opportunities for process, system and structural improvement, as well as improving current practices. Analyses processes and procedures, and proposes improvements.

Technical/scientific credibility	Ensures that work is in compliance with internationally accepted professional standards and scientific methods. Provides scientifically/technically accepted information that is credible and reliable.

Required Expertise

Function	Name	Expertise Description

Information Technology	IT Security	Experience in participating in IT security incident response, forensics, vulnerability assessment, software assessments, and other IT security areas.

Information Technology	Information Security and Risk Management	Managing information security risk through the application of technical, procedural, detective, and other types of controls, monitoring their progress, and assessing their maturity levels.

Information Technology	Network Technology	Experience in the use of established formal methods and a disciplined approach to software engineering. Experience with lean/agile methods such as SCRUM and DevOps.

Information Technology	Network Security	Understand internetworking, the associated protocols, the application layers of stacks, and the ability to analyze network traffic and activity data for issues and anomalies.

Information Technology	Software Engineering	Can automate work using code and create tools to contribute to the team and its work.

Information Technology	Systems Administration	Specify, implement, and manage security systems.

Asset Expertise

Function	Name	Expertise Description

Management and Programme Analysis	Programme Management	Demonstrated expertise in managing security projects and delivering complex, multi-stakeholder products that reduce risk or bring about new capabilities.

Qualifications, Experience and Language Skills

Bachelor's degree - University degree in Information Security, Cyber Security, Information Systems, Information technology, Computer Science, Engineering or other related field.

Other - Professional certifications in information security, network security, IT security, business continuity, disaster recovery, travel security, physical security, information security management, application development and risk management an asset.

A minimum of five years' working experience in IT, preferably IT security in technical areas.

Thorough knowledge and experience wiwht Windows operating systems and security features including active directory, group policy and authentication methods.

Experience with scripting languages and/or software development.

Practical and demonstrated experience in one or more of the following\:

Conducting forensic acquisitions and examinations for a variety of platforms, operating systems and file systems, including Windows (FAT and NTFS);
Macintosh (HFS ), Linus (EXT 2/3); and hands-on experience in forensic tools;
Handling security incidents, analysis and reporting;
Technical defensive security operations;
Using highly technical means of assessing systems for security and measuring the effectiveness of controls by testing them;
Public Key Infrastructure (PKI) systems and encryption technologies and techniques;
Managing and running security-related projects;
Formulating and producing security policies and procedures and implementing them;
Producing training materials and delivering training courses;

Experience in an international organization is desirable.

Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.

Remuneration

The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $62692 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $ 26331, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; 6 weeks' annual vacation, home leave, pension plan and health insurance

-------------------------------------------------------------------------------------------------------------------------------------------------------------
Applications from qualified women and candidates from developing countries are encouraged

Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. The IAEA is committed to applying the highest ethical standards in carrying out its mandate. As part of the United Nations common system, the IAEA subscribes to the following core ethical standards (or values)\: Integrity, Professionalism and Respect for diversity. Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above. Testing may be part of the recruitment process
-------------------------------------------------------------------------------------------------------------------------------------------------------------

This vacancy is now closed.
However, we have found similar vacancies for you: