International Atomic Energy Agency
Vacancy Notice No. 2012/135

Position and Grade: Systems Security Engineer (P-4)
Organizational Unit: Infrastructure Section
Office of Information and Communication Systems
Department of Safeguards
Duty Station: Vienna, Austria
Issue Date: 11 December 2012
Application Deadline: 22 January 2013
Type/Duration of Appointment: Fixed term, 3 years (subject to a probationary period of 1 year)

Organizational Setting

The Department of Safeguards is the organizational hub for the implementation of IAEA safeguards. The IAEA implements nuclear verification activities for more than 175 States in accordance with their safeguards agreements. The safeguards activities are undertaken within a dynamic and technically challenging environment including advanced nuclear fuel cycle facilities and complemented by the political diversity of the countries.

The Department of Safeguards consists of six Divisions: three Operations Divisions: A, B and C, for the implementation of verification activities around the world; three Technical Divisions: Division of Concepts and Planning, Division of Information Management, and Division of Technical and Scientific Services; as well as two Offices: the Office of Safeguards Analytical Services and the Office of Information and Communication Services.

Within the Department of Safeguards, the Office of Information and Communication Systems (SGIS) is the centre of competence for the specification, development and maintenance of ICT systems and for the management of all ICT infrastructure and services to support safeguards. In partnership with other organizational entities, SGIS is responsible for planning and implementing an ICT strategy as well as enforcing ICT standards.

The Infrastructure Section is responsible for providing secure, reliable, and dependable computing, collaboration, and communications services to the Department of Safeguards. The Infrastructure Section cooperates with other Sections and Agency divisions to deliver IT services to a very high standard and in accordance with ITIL principles. Furthermore, the Section operates a centre of excellence for information security - ensuring that Information Technology meets the Department's mission-critical requirements for the confidentiality, integrity and availability of Safeguards information and provides many IT security services to the Department and the Agency as a whole. The Infrastructure Section collaborates with other teams on projects both as leaders and resources in a Prince2 project management environment. The Infrastructure Section is comprised of two teams, the Systems Engineering Team and the Information Systems Team.

Main purpose

Reporting to the Leader of the Systems Engineering Team, the Systems Security Engineer ensures that:
  • Safeguards data and systems are adequately secured against relevant threats;
  • Information security risks associated with infrastructure and implementation decisions are known beforehand, so that mitigation strategies can be addressed;
  • Vulnerabilities are identified and managed appropriately;
  • Sensitive operations relevant to information security are captured and auditable; and
  • Security projects are properly managed and delivered.

Role

The Systems Security Engineer plays several important roles within the Department:
  • As an incident responder, investigator and forensic analyst;
  • As custodian, architect and developer of the security event management system;
  • As leader of the forensic service provided by Safeguards to the Agency as a whole;
  • As a vulnerability expert, ensuring scanning and mitigation activities are performed in a timely manner; and
  • As a general information security expert performing risk assessments and providing expert guidance as needed to management and project teams.

Partnerships

The Systems Security Engineer collaborates extensively with the Systems Engineering Team, Information Systems Team and software development teams, project managers and senior management on IT security matters. He/she liaises with external vendors and product suppliers on new information and technical specifications to evaluate and assess the suitability of their products.

Functions / Key Results Expected

  • Identify, investigate, lead and develop procedures for IT security incidents.
  • Develop and advise on IT security policies which protect the Agency's information assets.
  • Develop and document IT security procedures aimed at enforcing policy while enabling the business needs of the Department.
  • Provide IT forensics expertise to the Department of Safeguards and other departments in the Agency including the acquisition, preservation, authentication, examination and documentation of electronic evidence from a variety of media and systems.
  • Contribute as a key player to ensuring the confidentiality, integrity and availability of Safeguards information systems and data through end-to-end IT security measures and by implementing appropriate technology and processes.
  • Formulate, plan and execute IT security projects.
  • Formulate and articulate expert opinions based on analysis.
  • Conduct audits of Safeguards IT systems to ensure compliance with Safeguards security standards.
  • Devise and initiate vulnerability scans and penetration tests with well-defined scope and actionable reports in order to improve the security of Safeguards IT systems.
  • Produce high-quality oral and written reports, presenting complex technical matters clearly and concisely.
  • Develop and manage the Department's IT event management system and perform auditing as needed to ensure appropriate access to resources is in place and to verify that policies and procedures are followed.
  • Maintain proficiency in industry standard tools and practices and in IAEA policies and procedures.
  • Provide user/customer training on security awareness and related topics.
  • Ensure that action is taken in a timely manner pursuant to the recommendations of periodic security audits, vulnerability assessments and threat and risk assessments.

Knowledge, Skills and Abilities

  • Technical expertise:
    • Thorough knowledge of and in-depth technical skills in all aspects of IT security, including firewall systems, intrusion detection/prevention systems, encryption, public key infrastructure, virtual private networks and access control
    • Expert knowledge of and hands-on experience with IT forensic software and hardware tools such as FTK, HB Gary Responder and Sleuthkit
    • Experience with the installation, management and development of an enterprise security event management system such as ArcSight
    • Demonstrated experience with IT security assessments and vulnerability management
    • A broad and thorough knowledge of penetration testing and vulnerability assessment tools and techniques
  • Excellent analytical skills: Ability to analyse complex security requirements and propose solutions, and analyse event logs and draw appropriate conclusions.
  • Thorough knowledge of and practical experience with security incident response and management processes.
  • Strong planning and organizing skills to set clearly defined objectives, plan activities in a timely manner and monitor performance against deadlines and milestones.
  • Learning attitude: Exhibits quick learning skills for new systems and requirements.
  • Excellent communication skills, including writing and presentation skills.
  • Strong interpersonal skills: Ability to work in a pro-active manner in a multicultural environment with sensitivity and respect for diversity.

Education, Experience and Language Skills

  • University degree in information technology security, computer science, or engineering.
  • Advanced university degree in IT Security is desirable.
  • A minimum of seven years of practical work experience in IT security.
  • Thorough knowledge of Windows operating systems and security features including active directory, group policy and authentication methods.
  • Practical and demonstrated experience in the following:
    • Conducting forensic acquisitions and examinations for a variety of platforms, operating systems and file systems, including Windows (FAT & NTFS), Macintosh (HFS+), Linux (EXT2/3); and hands-on experience in forensic tools;
    • Installation, management and development of an enterprise security event management system such as ArcSight;
    • Managing security incidents, analysis and reporting;
    • Managing and running security-related projects;
    • Formulating, developing and implementing IT security policies and procedures;
    • Producing training materials and delivering training courses.
  • Experience in an international organization desirable.
  • Professional security certifications such as CISSP, CISA, and GIAC.
  • Experience with network security and analysis tools such as WireShark, tcpdump, Nessus, Metaspoit, and nmap.
  • Fluency in both spoken and written English. Good knowledge of other IAEA official languages (i.e. Arabic, Chinese, French, Russian or Spanish) desirable.

Remuneration

The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $67 483 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $38 195*, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; 6 weeks' annual vacation, home leave, pension plan and health insurance.

How to apply to the IAEA

Complete an Online Application

* Subject to change without notice


Applications from qualified women and candidates from developing countries are encouraged

Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above. Testing may be part of the recruitment process.

Bookmark and Share