Security architect (administrator)

[afotakel]

http://www.epo.org/about-us/jobs/vacancies/other/NRC-5957.html

 

Deadline for applications: 4.4.2016

 

The European Patent Office in The Hague is seeking a Security architect (administrator)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

* after deduction of EPO internal tax and before deduction of staff contributions to the social-security and pension schemes.How to get there: directions for the European Patent Office in The Hague  Instructions for online job applications to the European Patent Office  Please apply by sending us your online application   Application until: 4.4.2016  It is intended to hold the interviews in April/May 2016 in The Hague  The successful candidate will be selected on the basis of qualifications, supplemented as appropriate by interviews, tests and/or a personality questionnaire. Process and timeline The EPO offers competitive salaries, an excellent social package, and varied work in a modern international environment. The net (basic) monthly salary* for this vacancy ranges from EUR 5 223 to 7 396, depending on experience. In addition, depending on their personal circumstances, EPO staff may be entitled to relocation benefits and various allowances (e.g. household, dependant's, childcare, education, expatriation, installation, rent and language allowance). Salary and benefitsCitizenship of one of the member states of the European Patent Organisation.Diploma of completed studies at master's level or – in exceptional cases – equivalent professional experience. Excellent knowledge of one official language (English, French or German) and ability to understand the other two. Minimum qualificationsthe ability and drive to deliver within strict deadlinesa service-driven approach the ability to interact with highly specialised teams of technical experts, software developers and business representativesstrong analytical and problem-solving skillsexcellent communication skills (oral, written, presentation) with strong interpersonal and consultative skillsAdditionally, candidates should havedemonstrable experience of defining go-live criteria for new/changed applications and of assuring that these criteria are met as part of go-live decisionsthe ability to detect common software vulnerabilities, including cross-site scripting and SQL injection, and to identify appropriate countermeasureshands-on experience of using software development languages and software development methodologies over multiple projectsdemonstrable broad knowledge and hands-on experience of secure software development with multiple previous examples of developing and testing against security requirements for software development projectsexperience of, and/or certification in SABSA, TOGAF, OSACISSP, GIAC, or other security certifications and/or membership of a professional institution representing security professionalsexperience of working with information security in large, international organisationsan advanced degree in information securityIt will also be an advantage to havea very good knowledge of, and experience working with, a range of information security technologies such as firewalls, IDPS, VPN technologies and malware protection, authentication technologies such as RADIUS, Kerberos, single sign-on, Vasco tokens, Federation (SAML, WS-Fed), WebSSO, two-factor authentication, authorisation, including RBAC, rules-based authorisation, LAN, WAN and SAN concepts and technical implementations, application development, including Java, .NET platforms, source code review, including secure coding practices, mainframe, Windows, Unix, Linux operating systems, identity repositories, including LDAP, Active Directory, RACF, IAM suites, including Microsoft FIM 2010, Microsoft ADFSknowledge and experience of working with the management of security incidents, including incident analysisproven experience and knowledge of system and application penetration testing and system and application vulnerability assessmentsIt is important to havevery good knowledge and experience of information security standards (e.g. ISO 27001/27002, etc.), and rules and regulations related to information securityexcellent knowledge and experience of working with the principles of risk identification and analysis related to data confidentiality and securityproven experience of security-policy development, security education, risk analysis and compliance testingvery good technical security knowledge of a broad range of information technologies including desktops, servers, operating systems and applications, databases and networksa thorough understanding of the risks to business posed by information-system threats and vulnerabilitiesat least five years' experience in the application and development of information security systems, including experience with internet technology and security issues and the development and securing of web-based applicationsThe ideal candidate must have Performing other related duties as assignedAssisting with responses to information security incidents and vulnerabilitiesCollaborating with IT management, the legal department and the operational IT and physical security groups to support security management implementation and enforcementCollaborating with the enterprise architects to align the security architecture with the overall enterprise architectureDefining an overall architecture to drive security improvements in line with the security requirements of the different security domainsUnderstanding how applications interact with the wider IT infrastructure to ensure that integration is effective and secure (e.g. single sign-on technologies or centralised auditing)Understanding the challenges and threats facing the business and translating that understanding into sound security requirements for new and existing security systems that effectively mitigate identified risks whilst allowing the business to continue to operate effectivelyMain duties  The successful candidate will need to demonstrate wide experience of delivering sound information assurance advice in a number of different organisations, have an in-depth technical background gained from experience developing enterprise-level information security systems and be able to use their extensive knowledge to provide sound advice on mitigating information risk, commensurate with business needs, in a cost-effective way.  CIOO is seeking a security architect to help the team to meets its goals and objectives.  The Information Security team of the CIO's Office (CIOO) provides support and advice on a wide range of technical and non-technical topics related to information security. Its mission is to enforce a security framework that both protects the EPO's automated systems and information, thereby assuring their availability and reliability, and guarantees authorised, controlled and registered access.  The Information Management (IM) department of the European Patent Office (EPO) has 800 staff working on IT and information processing, with a professional and proactive focus on supporting the EPO's different business processes.  Deadline for applications: 4.4.2016  Grade G7-G10  Job group 4 in Directorate 2.8.0.1 (CIO Office) PD IM