Switzerland: ICT Security Expert

Purpose of the post

The ICT Security Expert provides the technical security view to the ICT Security Officer in its mission of managing security of the ICRC information systems at the appropriate level. It includes:

• Supplying relevant information to understand security trends and give tracks for enhancements
• Supporting ICT teams during exceptional security incidents
• Support the team with the design and implementation of projects

Main duties and responsibilities

• Manage & operate security tools or services to ensure that information systems are protected at the appropriate and expected security levels (i.e., run vulnerabilities assessments, coordinate penetration tests)
• Identify security alerts and new threats, analyze their consequences and impacts, inform concerned parties and make sure they are handled in an proper way
• Establish and lead security activities related to critical incidents, in emergency situations, for the Geneva HQ as well as the field
• Actively contribute in improving detection of and response to information security-related events or incidents
• Monitor technical compliance with ICT security policies, procedures and standards
• Provide support to ICT sectors for technical implementation of security policies and all their related security controls
• Participate into new projects (applications, IT infrastructure, etc.), aiming at assessing security risks and proposing mitigation measures
• Facilitate collaboration with other technical security resources (i.e., ICT platform responsible, consultants, external providers)
• Be the focal point for technical advices regarding security subjects coming from ICT Field engineers
• Continuously provide selected data to the ICT Security Officer for establishing security dashboard
• Support security training to ICT staff on technical subjects (i.e., OWASP, authentication methods, debugging tools)

Education and experience required

• At least 5 years of relevant professional experience
• Relevant experience in an international and multicultural environment
• A University degree in Computer Science, Engineering or related field
• Graduate specialization in security or networking, or equivalent experience
• Security certifications such as CISSP, GIAC, CompTIA Security+ or CEH
• Strong knowledge of Microsoft solution (operating system, active directory and identity management) mandatory - certification

Desired profile and skills

• Able to work in both French and English (speaking and writing); Spanish an asset
• Knowledge of information security standards, frameworks and best practices (ISO 27001, NIST, SANS)
• Analytical minded with a systematic approach, able to respond quickly to changing circumstances, challenge requests, value different perspectives and ideas
• Excellent communication, interpersonal and conceptual thinking skills
• Focuses on results and desired outcomes and how best to achieve them
• Adheres to a strong set of moral, ethical and professional principles which shows soundness of personal character, honesty and truthfulness
• In-depth knowledge of enterprise LAN / WAN & VPN technologies, common network protocols (DNS, HTTP/S, SMTP, SNMP, LDAP, NetBIOS, RTPS, Syslog, etc.) and components (routers, firewalls, Reverse Proxy, WAF, IDS/IPS, security gateways, etc.)
• Comprehensive knowledge of common authentication and authorisation mechanisms (LDAP, NTLM, Kerberos, ADFS), encryption and digital certificates implementation
• Excellent command of Microsoft OS (servers & workstations) and PowerShell scripting
• Thorough knowledge with monitoring, infosec assessment, forensics and pentest security toolset (i,e, QualysGuard, Metasploit, Burp, Wireshark, SIEM solution, etc.)
• Expertise in system hardening
• Basic programming and reverse engineering skills

Additional information

Type of contract: Open-ended

Length of assignment: 4 years, renewable

Working rate: 100%

Starting date: ASAP

Application deadline: Sunday, 19th November 2017

To apply please visit: http://bit.ly/2iAYeVz