Consultant - Vulnerability Management Expert

Organizational Setting

The Division of Information Technology (MTIT) is a high performing team on a continuous improvement journey to deliver ever more value toward the IAEA's important mission\: Atoms for Peace and Development. We focus on Using Technology Better, Using Better Technology, Securely. MTIT is well into a transformation that achieves operational excellence, while also delivering on the six pillars of the IAEA's Business Technology Strategy\: Building an Adaptive IT Workforce, implementing a Holistic IT Risk Management and Information Security Programme, Improving How the IAEA Works, Collaborating and Cooperating Across IT, Managing and Sharing Information, and Cultivating an Innovation Mindset.

The Infrastructure Services Section (ISS) focuses on the operational excellence, security, reliability, performance, and cost optimization of the IAEA's network, compute and storage systems. We aim to modernize and use the Cloud when appropriate, ensuring that the confidentiality, integrity, and availability of the IAEA's information and information systems always come first. The Infrastructure Services Section includes three Units\: Network and Telecommunications, Enterprise Systems, and Security Systems.

Main Purpose

The Consultant will be responsible for day-to-day security administration for the vulnerability management platform, validation of findings, will conduct external threat research, manage operational reporting, as well as act as a serve as key subject matter expert to drive continuous operational improvements for patching and vulnerability management. 

This is a perfect opportunity for proactive technically savvy hands-on cyber security professional who is looking to make a great impact and enjoys working for a high-profile international institution.

Functions / Key Results Expected

Day-to-day Administration / Security Research
• Provide technical expertise and manage the scanning tool to ensure uninterrupted vulnerability ability scanning services delivery;
• Review vulnerability findings data and triage appropriately; understand vulnerabilities and misconfigurations, and make connections to broader potential threats;
• Identify risk and work with the assets stakeholders to support efficiently and timely patching;
• Identify and understand potential vulnerabilities, gaps, or opportunities that may exist and communicate to management.

Documentation
• Organize reports based on existing data sets; update/maintain the contents of various existing reports or data sets;
• Create or/and revise process documents/SOPs utilized by internal teams;
• Review and propose which process and workflows should be utilized.

Operations & Process Improvement
• Manage ongoing vulnerability management and configuration compliance requirements;
• Coordinate, execute, and deliver knowledge transfer sessions;
• Provide recommendations on solutions to fix/close identified gaps;
• Provide advice and inform assets owners and management on ways how to improve vulnerability and patch management of systems.

Knowledge, Skills and Abilities

Skills and Expertise

•    Network Engineering

•    Network Security

•    Network Architecture

•    IT Security

Qualifications and Experience

• University degree in Computer Science or other related field;

• Minimum 5 years of relevant experience out of which at least 3 years of experience performing Hands-on Configuration changes and patching, Vulnerability Management Engineering, and Vulnerability Assessments.

• Experience with and Understanding of commercial and open source vulnerability scanning tools is required (e.g. Nessus/Tenable, Rapid7, Qualys, Burp, Nmap, etc.)

• Familiarity with scripting languages (PowerShell/Python/Bash/etc.)

• Deep understanding of different Operating Systems, network architectures, network devices, and software suites required (e.g. Linux, Windows, Cisco, Active Directory, GPO, etc.

• Ability to combine multiple separate findings to identify complex blended vulnerabilities and attack chains

• Ability to convey complex technical security concepts to technical and non-technical audiences including executives

Remuneration

The remuneration for this consultancy is a daily fee of up to a maximum of € 340, based on qualifications and experience. In case duty travel is required within the assignment, a daily subsistence allowance (DSA) and travel costs are provided. Health coverage and pension fund are the responsibility of the incumbent.