The Security Systems Engineer will work in the Systems Engineering Team, which is responsible for ensuring data and systems are adequately secured against relevant threats, information security risks associated with infrastructure and implementation decisions are known beforehand, so that mitigation strategies can be addressed.
The Security Systems Engineer will act as an incident responder, investigator and forensic analyst, and will have the role of a vulnerability expert, ensuring scanning and mitigation activities are performed in a timely manner, perform security risk assessments, and provide expert guidance as needed to management and project teams.
Specifically:
- Identify, investigate, lead and develop procedures for IT security incidents.
- Develop and advise on IT security standards and procedures which protect the Department's information assets.
- Develop and document IT security procedures aimed at enforcing policy while enabling the business needs of the Department.
- Provide IT forensics expertise to the Department and occasionally other departments in the IAEA including the acquisition, preservation, authentication, examination and documentation of electronic evidence from a variety of media and systems.
- Contribute as a key player to ensuring the confidentiality, integrity and availability of Safeguards information systems and data through end-to-end IT security measures and by implementing appropriate technology and processes.
- Formulate, plan and execute IT security projects and articulate expert opinions based on analysis.
- Conduct audits of IT systems to ensure compliance with Departmental security standards.
- Devise and initiate vulnerability scans and penetration tests with well-defined scope and actionable reports in order to improve the security of IT systems.
- Produce high-quality oral and written reports, presenting complex technical matters clearly and concisely.
- Develop and manage the Department's IT event management system and perform auditing as needed to ensure appropriate access to resources is in place and to verify that policies and procedures are followed.
- Maintain proficiency in industry standard tools and practices and in IAEA policies and procedures.
- Provide user/customer training on security awareness and related topics.
- Ensure that action is taken in a timely manner pursuant to the recommendations of periodic security audits, vulnerability assessments and threat and risk assessments
This assignment (Cost-Free Expert) is funded by the U.S. government (Dept. of State) and priority will be given to U.S. citizens. The initial contract duration is for two years with the potential to be extended to a maximum of five years.
- Advanced university degree in computer science, information technology security or related field.
- Minimum of seven years of work experience IT security.
- Thorough knowledge of Windows operating systems and security features including active directory, group policy and authentication methods.
- Practical and demonstrated experience in the following:
- Conducting forensic acquisitions and examinations for a variety of platforms, operating systems and file systems, including Windows (FAT & NTFS), Macintosh (HFS+), Linux
- (EXT2/3); and hands-on experience in forensic tools;
- Installation, management and development of an enterprise security event management system such as ArcSight
- Managing security incidents, analysis and reporting;
- Managing and running security-related projects;
- Formulating, developing and implementing IT security policies and procedures;
- Producing training materials and delivering training courses.
- Professional security certifications such as CISSP, CISA, and GIAC.
- Experience with network security and analysis tools such as WireShark, tcpdump, Nessus, Metaspoit, and nmap.
The International Atomic Energy Agency (IAEA) in Vienna, Austria is the world’s center for cooperation in the nuclear field committed to promoting safe, secure and peaceful uses of nuclear technology...
Apply Now