Avis de recrutement : Agence Internationale de l’Energie Atomique recherche un Ingénieur en Cybersécurité basé à Vienne, Australie.
Organizational Setting
The Department of Safeguards carries out the IAEA’s duties and responsibilities as the world’s nuclear inspectorate, supporting global efforts to stop the spread of nuclear weapons. The primary role of the Department is to develop and implement IAEA safeguards to ensure that there is no diversion of declared nuclear material from peaceful activities and no indications of undeclared nuclear material or activities in a State as a whole.
The Department comprises nuclear safeguards inspectors, responsible for carrying out inspections and verifications of all-safeguards relevant information for nuclear facilities in over 180 States; and technical staff responsible for a wide range of activities including: developing concepts and approaches for implementing safeguards; developing and maintaining safeguards equipment; providing analytical and laboratory services for sample analysis; collecting, evaluating and analysing safeguards-relevant information; providing information and communication technology infrastructure and services; and providing programme coordination support.
The Office of Information and Communication Systems (SGIS) is responsible for the provision of secure Information and Communication Technology (ICT) services that enable the Department of Safeguards to deliver on its mandate. Major services provided by SGIS include provision of information technology project management services; development and maintenance of specialized ICT solutions; operation of resilient ICT infrastructure; provision of customer support services; and protection of safeguards information. In partnership with other organizational entities, SGIS is responsible for planning and implementing ICT strategies as well as promoting ICT standards.
Main Purpose
The Cyber Security Engineer is part of the Safeguards Security Group and a key contributor to the cyber security operations and defence activities for the Department of Safeguards and the Division of Nuclear Security. The purpose for this role is to deploy, configure, and evolve cyber threats prevention, detection, and monitoring capabilities. He/she will manage, improve, and scale up detection/response program engaging in innovative work related to identification and hunting for novel threats; administration of security information and events management and security orchestration tools; as well as provide subject matter support for cyber security operations to assure best-in-class protection and incident response.
Role
The Cyber Security Engineer is (a) a technical specialist that solves challenging security problems, usually at the intersection of detection, response, and security automation; (b) a technical expert who can understand and evaluate cyber threat landscape, with the ability to present risks and multiple possible solutions in a logical and constructive manner; (c) a practical problem solver with a can-do attitude and sense of ownership and accountability.
Functions / Key Results Expected
- Manage and evolve the content development within the Security Information and Event Management SIEM platform which includes use case creation, dashboard design, tuning of use cases and development of playbooks to minimize false positives.
- Configure event collections/ logging of events relevant to cybersecurity to integrate with the SIEM tool to enable near real-time alerting.
- Conduct regular threat hunting and independent threat research to augment and feed custom use case creation.
- Leverage advanced knowledge of security operations, cyber security tools, intrusion detection, and network security to detect, investigate, or prevent cyber intrusions.
- Perform in-depth analysis of security events, including malware analysis, network forensics detection, as well as share practices with junior incidents handlers.
- Collaborate with peers and lead development of dashboards, reports, and alerts to meet tactical cybersecurity requirements and monitor for indications of compromise.
- Act as an escalation point and take the role of technical subject matter expert and occasionally serve as incident manager in order to handle cyber intrusions and incidents.
- Contribute to the development of operational reporting and metrics such as KPIs, KRIs; produce regular and ad-hoc threat and event reports for the direct supervisor and the management team.
- Collaborate with the enterprise IT peers to appropriately configure cybersecurity systems and services that affect the overall security posture for the organization.
Qualifications, Experience and Language skills
• University Degree in computer Science, Information Management, IT Security or equivalent relevant experience. Four (4) additional years of experience may be considered in lieu of University Degree.
• Internationally recognised security relevant certification, such as CISSP, OSCP, GCIA, CYSA, or related certifications, is an asset.
• At least 5 years of relevant experience in information security, out of which at least 2 years performing digital forensics and incident handling tasks or management of threat detection and response automation tools.
• Proven experience in creating custom rules, dashboards, and reports using Endpoint Detection and Response (EDR) or Nextgen Antivirus (NGAV) tools is an asset.
• Ability to develop use cases for one of the following platforms: Splunk ES, QRadar, Sentinel, Sumo Logic, Exabeam, Chronicle, Sentinel, Log Rhythm and ELK (Elastic, Logstash, Beats, Kibana) stack
• Proven ability to use scripting skills for automation of cyber security response or technical threat intelligence processing.
• Knowledge of the Cyber Kill Chain methodology, Mitre Attack Framework, and Malware analysis methods is an asset.
• Experience in Linux system engineering and administration is an asset.
• Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.