Skills Required

PKI Network Network Analysis TCP/IP OWASP Penetration Testing Tools security penetration testing vulnerability Disaster Recovery Master's Degree Firewalls Antivirus IDS/IPS SIEM IAM APT DLP VA

Additional Skills

CISA CISSP ISO 27001 NIST SANS ISSAP CISM

Expertise

IT Security Specialist

Language

English

Total Experience (months or years)

72

Description

Role & Responsibilities:

• Security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
• Develop and validate baseline security configurations for operating systems, applications, and networking and telecommunications equipment
• Perform internal and external technical control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommend remedial action.
• Perform source code reviews
• Perform network and application penetration testing (Black box, Grey box and White box) 3
• Defining detailed security architecture
• Performing technical security audits
• Security monitoring and log analysis
• Provide support during security incident analysis
• Perform IT infrastructure/ Application Security configuration reviews
• Design and implement technical security mechanisms and technologies
• Design and develop technical security standards and procedures.
• Support the monitoring and management of the IT elements of the physical security and safety-related systems from the Institution’s premises. 
• Performing any other activity related to the security of the IT corporate infrastructure under the Institution' s responsibility.

Qualifications: 

• Minimum 4 years of relevant education (master or equivalent) after secondary school.
• Minimum 6 years of relevant professional experience in IT security 
• Proof read communication, documents, draft emails, etc. as needed 
• Maintain high level of accuracy, confidentiality and professionalism
• Ability to create professional documents and emails 
• Run reports & handle special projects as assigned
• Implementing security best practice guidelines (ISO 27001, NIST, SANS Top 20 OWASP and etc.)
• Good practice in the secure configuration of servers, network devices and applications
• Networking protocols and application communications. TCP/IP, Network Security.
• Network analysis tools. 
• Securing Unix and Windows operating systems; Linux, Active Directory and Microsoft Forefront Identity Manager administration; 
• Securing middleware and applications.
• Network penetration testing
• Web application penetration testing
• Performing vulnerability assessments
• Performing forensic image collection and analysis
• Managing/deploying the following security technologies: Firewalls; Antivirus, IDS/IPS - Intrusion detection/ Prevention Systems, SIEM – Security information and event management; IAM – Identity and access management; APT – Advanced Persistent threat detection; DLP – Data loss prevention; VA – Vulnerability Analysis and mitigation; PKI – Public key infrastructure; Virtual environments; Endpoint security; Mobile security; Communications and data encryption; Remote access methods; Backup and disaster recovery methodologies; Patch management technologies and processes; Wireless protocols and services.
• OWASP and secure software development standards
• Performing security code reviews.
• Security configuration reviews of IT Infrastructure and security devices, OS, Databases etc.
• Expected to possess one or more of the following qualifications:
  • Certified Information Systems Security Professional with Information Systems Security Architecture Professional concentration (CISSP-ISSAP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • OSCP, OSCE, GPEN, CEH, CCNA, CCNP
• Language: English

Security Requirements

• The profile owner shall possess a high level of integrity and a Personnel Security Clearance for accessing EU Classified Information, at least for level EU Secret/Secret UE. In case the person does not possess such clearance, then a criminal record of the chosen candidate should be provided together with written proof that this security clearance process was initiated and a copy of their national ID document, prior starting the work.
• Declaration of confidentiality and protection of the information system and of non-conflict of interest will be signed by the selected person, at latest on the starting date.

Location

Strasbourg

FRANCE

Duration

2 Months