Jump to content

IT Security Engineer

afotakel
 Share

Recommended Posts

afotakel Enterprise Admin!

afotakel

Posted
Posted
 

This is a full-time position

The term of this contract will be 4 years

The EIB offers fixed-term contracts of up to a maximum of 6 years, according to business needs,

with a possibility to convert to a permanent contract, subject to organisational requirements and individual performance.

Purpose

The IT Security Unit aims at protecting the Bank's IT infrastructure from internal and external cyber-security incidents and threats, advising other colleagues within the IT Department on IT Security aspects, as well as raising awareness among the end-user community.

The IT Security Engineer will ensure the design of IT security technical and logical controls. S/he will follow-up on and control their implementation and usage in the context of an outsourced IT infrastructure in order to ensure that associated policies and procedures are properly implemented.  

Specific post environment and operating network

The IT Security Engineer will be a member of the IT Security Unit and will report to the Head of the IT Security Unit.

S/he will have regular contact with the others IT Engineers, the users’ community and the Business Owners of the Bank. S/he will support the internal and external audit teams with regard to the various audits they conduct regularly. S/he will have contact with the others European Institutions security teams as well as with the CERT-EU for all aspects related to IT Security.

Accountabilities

The IT Security Engineer will be responsible for:

  • Ensuring that IT Security policies, processes, procedures and initiatives are properly designed and implemented, this may include:
    • Defining a set of security mechanisms and supporting standards which provide a coherent range of security capabilities
    • Proposing improvements and implementing the necessary technical and/or administrative controls, processes and procedures, IT standards, methodologies
  • Ensuring that key processes and controls related to IT Security are run in the most effective and efficient way, this includes:
  • Elaborating the IT Security policies and the operational set of documentation processes and procedures
  • Conducting IT Security-related projects (progress, resources and budget management)
  • Investigating and managing major information security incidents
  • Performing risk assessment of business applications and/or assess the actual level of security of IT systems
  • Controlling and ensuring that the security-related aspects of any service level agreements, agreed procedures and/or KPI’s are respected by the Service Provider, in the context of the IT infrastructure outsourcing
  • Developing and managing contacts with suppliers to meet key performance indicators and agreed targets
  • Following up on patching status with internal and outsourced teams to ensure compliance with the patching policy requirements
  • Developing security awareness programs Bank-wide  to develop security skills for IT and non-IT staff
  • Providing specific advice and recommendations on IT Security topics
  • Improving Security in development and support processes
  • Following up on technological trends and changes in security protection mechanisms and emerging security threats as well as related legislation

General qualifications

  • Full University degree preferably in computer science or related disciplines
  • At least 3 years of experience in the IT Security and/or in Network and Telecommunications areas
  • Information Security related certification such as CISSP and/or CISA would be an advantage
  • Technological expertise in IT Security typical topics and controls (security architecture and standards, risks management, vulnerabilities management and mitigation technics in particular those associated to Internet-exposed systems and applications)
  • Extensive knowledge of web-based typical vulnerabilities and the way to exploit them (penetration testing)
  • Project management techniques, progress tracking tools and reporting
  • Fluent in English or French (*)  and good knowledge of the other

Technical Qualifications

  • Advanced knowledge on all common  security devices ( firewalls, proxies, Web Application Firewall, remote access secure gateway, strong authentication and RADIUS servers, NIDS/NIPS, HIDS, email secure gateway, S.I.E.M, etc.) with a proven experience on at least one recognized market leading solution in each area
  • Advanced knowledge on end-point security such as anti-virus, personal firewall and HIDS on PCs with a proven experience on at least one recognized market leading solution
  • Advanced knowledge on operating systems, middleware and workstations security with proven experience on Windows and Linux based systems (secure build definition)
  • Advanced knowledge on hacking technics and comprehensive penetration testing scenario in particular on web applications exposed to the Internet (OWASP)
  • Good technical knowledge on Vulnerability assessment tools
  • Good command on network technologies such as routing, VRF, VLAN, NAC
  • Good command on Certificates Management System and strong authentication solutions based on certificates, OTP by SMS and/or physical tokens
  • Good knowledge of security standard such as ISO 2700x suite or equivalent
  • Proven experience and good knowledge in risk assessment of IT systems and business applications

Competencies

  • Analysis and problem-solving
  • Systemic thinking and ability to quickly understand potential changes and their impacts
  • Proactive anticipation of potential security threats
  • Good written and oral communication skills in English and French
  • Strong interpersonal skills, communicating easily with colleagues and 3rd parties
  • High level of discretion and confidentiality
  • Ability to work in a team and promote excellent team spirit
  • Ability to work well under pressure, to meet defined objectives and respect deadlines 

(*) There may be certain flexibility on this requirement, but limited to particularly suitable candidates who may not yet be proficient in French. If selected, such candidates will be hired on the condition that they build up rapidly knowledge of French and accept that their future career in the EIB may be subject to the attainment of sufficient proficiency in both of the Bank's working languages

Deadline for applications: 10th May 2016

We believe that Diversity is good for our people and our business. We promote and value diversity and inclusion among our staff and candidates; irrespective of their gender, age, nationality, race, culture, education and experience, religious beliefs, sexual orientation or disability 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...