Cyber Security Operations

Organizational Setting

The Division of Information Technology provides support to the IAEA in the field of information and communication technology (ICT), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA’s ICT infrastructure comprises hardware and software platforms, and cloud and externally-hosted services. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices.

The Infrastructure Services Section (ISS) is responsible for implementing, maintaining, and administering the ICT systems and services for high availability; designing, implementing, and operating IT security services; and managing the data centre. The platforms include Microsoft Windows servers, Linux servers, Oracle EBS infrastructure, data storage, and transmission networks, serving more than 2500 staff, as well as over 10000 external users around the world. The Section includes three Units: Network and Telecommunications, Enterprise Systems, and Security Systems.

Main Purpose

• The consultant will be in the Security Systems Unit. The purpose of the consultancy is to provide technical advice and expertise for projects to optimize the IAEA’s IT security systems.
• The consultant will collect and interpret information and events generated by internal security monitoring tools, and external threat intelligence providers. Furthermore he/she will be providing technical expertise to address information security research, monitoring, and investigations activities.
• This is a perfect opportunity for proactive technically savvy individuals who are looking to make an impact.

Functions / Key Results Expected

• Collect and analyse evidence including network traffic, volatile data, logs, or other indicators of compromise in order to identify security threats.
• Perform real-time analysis and correlation of events from a multitude of data sources with a focus on identifying new indicators of compromise or determine anomalies and potential security incidents.
• Provide technical resolution or escalation of security investigation tickets, ensuring that proper containment, eradication, recovery and lessons-learned activities are maintained.
• Suggest opportunities to improve security detection & monitoring capabilities to the (Senior) Cyber Security Engineers, based on observations, and provide recommendations on tuning of signatures, rules and alerts.
• Propose solutions on creative ways to do work faster, better and more effectively while maintaining a high quality of service.
• Ensure proper documentation, review and update of work instructions, and SOPs of relevant tasks.

Qualifications and Experience

• First level university degree in Computer Science, Information Technology or related field. A high school diploma with additional 4 years of relevant work experience in Computer Science, Information Technology or related field will be considered.
• Minimum of 5 years of relevant experience with at least 2 years’ experience related to operational security monitoring, incident response experience, technical threat intelligence, or security research.
• Demonstrated experience using Firewalls, Intrusion Detection/Prevention Systems, Proxy Servers, or Log Aggregation Technology to conduct analysis for evidence of network penetrations and data theft.
• Demonstrated experience using intrusion detection, security event management systems, and other applicable security tools.
• Demonstrated ability to drive changes and provide tangible results.
• Excellent problem-solving skills that would allow for the ability to diagnose and troubleshoot technical issues.
• Strong verbal and written communication skills with ability to communicate effectively and clearly to executive leadership
• Technical understanding of network fundamentals and common internet protocols.
• Ability to use one or more of the programming languages JAVA, C++, Python, Ruby, PHP, JavaScript, etc.

Source: https://iaea.taleo.net/careersection/ex/jobdetail.ftl?job=TAL-MTIT20240722-001