IT Security Engineer

Εργασιακά Θέματα

The EIB, the European Union's bank, is seeking to recruit for its Corporate Services Directorate (CS) – Information Technology Department (IT),  IT Security Unit (SEC), at its headquarters in Luxembourg, an:

IT Security Engineer

The term of this contract will be 4 years

 

The EIB offers fixed-term contracts of up to a maximum of 6 years, according to business needs,

with a possibility to convert to a permanent contract, subject to organisational requirements and individual performance.        

 

Purpose

 The IT Security Unit aims at protecting the Bank's IT infrastructure from internal and external cyber-security incidents and threats, advising other colleagues within the IT Department on IT Security aspects, as well as raising awareness among the end-user community.

The IT Security Engineer will ensure the design, the implementation and the support of IT security technical and logical controls. S/he will also control that associated policies and procedures are properly implemented.  

Specific Post Environment and Operating Network

 The IT Security Engineer will be a member of the IT Security Unit and will report to the Head of the IT Security Unit.

S/he will have regular contact with the others IT Engineers, the users’ community and the Business Owners of the Bank. S/he will support the internal and external audit teams with regard to the various audits they conduct regularly. S/he will have contact with the others European Institutions security teams as well as with the CERT-EU for all aspects related to IT Security.

Accountabilities

The IT Security Engineer will be responsible for:

  • Ensuring that IT Security policies, processes, procedures and initiatives are properly designed and implemented, this may include:
  • Defining a set of security mechanisms and supporting standards which provide a coherent range of security capabilities
  • Proposing improvements and implementing the necessary technical and/or administrative controls, processes and procedures, IT standards, methodologies
  • Ensuring that key processes and controls related to IT Security are run in the most effective and efficient way, this includes:
  • Elaborating the IT Security policies and the operational set of documentation processes and procedures
  • Conducting IT Security-related projects (progress, resources and budget management)
  • Investigating and managing major information security incidents
  • Performing risk assessment of business applications and/or assess the actual level of security of IT systems
  • Controlling and ensuring that the security-related aspects of any service level agreements, agreed procedures and/or KPI’s are respected by the Service Provider, in the context of the IT infrastructure outsourcing
  • Developing and managing contacts with suppliers to meet key performance indicators and agreed targets
  • Developing security awareness programs Bank-wide  to develop security skills for IT and non-IT staff
  • Providing specific advice and recommendations on IT Security topics
  • Following up on technological trends and changes in security protection mechanisms and emerging security threats as well as related legislation

Qualifications

  • Full University degree preferably in computer science or related disciplines
  • At least 3 years of experience in the IT Security and/or in Network and Telecommunications areas
  • Information Security related certification such as CISSP and/or CISA would be an advantage
  • Technological expertise in IT Security typical topics and controls (security architecture and standards, risks management, vulnerabilities management and mitigation technics in particular those associated to Internet-exposed systems and applications)
  • Extensive knowledge of web-based typical vulnerabilities and the way to exploit them (penetration testing)
  • Project management techniques, progress tracking tools and reporting
  • Fluent in English or French (*) and good knowledge of the other

 Technical Qualifications

  • Advanced knowledge on all common  security devices ( firewalls, proxies, Web Application Firewall, remote access secure gateway, strong authentication and RADIUS servers, NIDS/NIPS, HIDS, email secure gateway, etc.) with a proven experience on at least one recognized market leading solution in each area
  • Advanced knowledge on end-point security such as anti-virus, personal firewall and HIDS on PCs with a proven experience on at least one recognized market leading solution
  • Advanced knowledge on operating systems, middleware and workstations security with proven experience on Windows and Linux based systems (secure build definition)
  • Advanced knowledge on hacking technics and comprehensive penetration testing scenario in particular on web applications exposed to the Internet (OWASP)
  • Good command on network technologies such as routing, VRF, VLAN, NAC
  • Good command on Certificates Management System and strong authentication solutions based on certificates, OTP by SMS and/or physical tokens
  • Good knowledge of security standard such as ISO 2700x suite or equivalent
  • Proven experience and good knowledge in risk assessment of IT systems and business applications 

Competencies

  • Analysis and problem-solving
  • Systemic thinking and ability to quickly understand potential changes and their impacts
  • Proactive anticipation of potential security threats
  • Good written and oral communication skills in English and French
  • Strong interpersonal skills, communicating easily with colleagues and 3rd parties
  • High level of discretion and confidentiality
  • Ability to work in a team and promote excellent team spirit
  • Ability to work well under pressure, to meet defined objectives and respect deadlines

  

(*) There may be certain flexibility on this requirement, but limited to particularly suitable candidates who may not yet be proficient in French. If selected, such candidates will be hired on the condition that they build up rapidly knowledge of French and accept that their future career in the EIB may be subject to the attainment of sufficient proficiency in both of the Bank's working languages

We believe that Diversity is good for our people and our business. We promote and value diversity and inclusion among our staff and candidates; irrespective of their gender, age, nationality, race, culture, education and experience, religious beliefs, sexual orientation or disability.

Deadline for applications: 10 th April 2015

 

(NB. Applicants, please note that you will receive an email acknowledgement confirming reception of your application, once duly submitted)

 

 

Επιστροφή