IT Security Operations Associate (SGIS)(G6)

Organizational Setting

The Department of Safeguards (SG) is the organizational hub for the implementation of IAEA safeguards. The IAEA implements nuclear verification activities for over 180 States in accordance with their safeguards agreements. The main objective of the Department is to maintain and further develop an effective and efficient verification system in order to draw independent, impartial and timely safeguards conclusions, thus providing credible assurances to the international community that States are in compliance with their safeguards obligations. Safeguards activities are undertaken within a dynamic and technically complex environment including advanced nuclear fuel cycle facilities and complemented by the political and cultural diversity of the countries.

The Department of Safeguards consists of six Divisions: three Operations Divisions for the implementation of verification activities around the world; three Technical Divisions (Division of Concepts and Planning, Division of Information Management, and Division of Technical and Scientific Services); and three Offices (the Office for Verification in Iran, the Office of Safeguards Analytical Services and the Office of Information and Communication Services).

Within the Office of the Deputy Director General, Head of the Department of Safeguards, the Section for Safeguards Programme Coordination serves as the principal advisory body in support of the entire management of the Department including formulation and execution of departmental management policies and procedures. The Section provides internal coordination and support in the areas of programme and budget, human resources, performance monitoring, effectiveness evaluation, communication, reporting and project support.

Main Purpose

Under the supervision of the Systems and Engineering Team Leader, the IT Security Operations Associate acts as the primary IT security event handler and reporter of vulnerabilities in the Department of Safeguards. He/she operates processes related to security operations, such as vulnerability management; incident response; business continuity; and/or event management. He/she actively operates IT security incident and event management processes and proposes and implements changes, and contributes to the necessary technical improvements to ensure high quality alerts and reporting for security operations.

Functions / Key Results Expected

• Responsible for operating several security operations processes and activities related to IT security events; IT security vulnerabilities; threat intelligence; risk assessment; incident management; and the configuration and management of security controls and countermeasures.
• Oversees and monitors, recommends and, in consultation with management, implements process improvements for security operations. Provides reports regarding related aspects of IT security operations. Assists in refining alerting and improving threat information escalates the most critical events and impactful anomalies Operates and improves all aspects of security event management, threat management, including automation.
• Operates installation, configuration, and management of security operations tools and systems; the expansion and refinement of collection sources and by creating security operations reports automatically and distributing them to the appropriate audience.
• Performs initial assessment and review of security events and vulnerabilities and generates detailed reports; escalates issues as appropriate.
• Interfaces with security and IT professionals throughout the Department and the Agency to assist on the resolution of complex security issues and incidents and collaborates on the documentation results and lessons learned.
• Coordinates and delivers training and instruction to junior level IT and IT security staff regarding security operations processes and participates in security awareness programs, testing, and training.
• Operates security assessment procedures for systems, system configurations, information assets, and changes related to authentication, authorization, security baselines, confidentiality, and auditing, analyses the results, and provides reports and guidance to the relevant stakeholders and system owners. Communicates vulnerability and security relevant information to stakeholders and assists with remediation planning.
• Performs various security operations tasks as assigned.

Competencies and Expertise

Core Competencies

Name Definition Communication Communicates orally and in writing in a clear, concise and impartial manner. Takes time to listen to and understand the perspectives of others and proposes solutions. Achieving Results Takes initiative in defining realistic outputs and clarifying roles, responsibilities and expected results in the context of the Department/Division’s programme. Evaluates his/her results realistically, drawing conclusions from lessons learned. Teamwork Actively contributes to achieving team results. Supports team decisions. Planning and Organizing Plans and organizes his/her own work in support of achieving the team or Section’s priorities. Takes into account potential changes and proposes contingency plans.Functional Competencies

Name Definition Analytical thinking Analyses information to identify cause and effect relationships and correlations. Identifies critical elements and assesses consequences of different courses of action and proposes solutions. Client orientation Helps clients to analyse their needs. Seeks to understand service needs from the client’s perspective and ensure that the client’s standards are met. Resilience Maintains a high level of performance when facing pressure and uncertainty. Able to remain calm and self-controlled, and to respond logically and decisively in difficult situations.Required Expertise

Function Name Expertise Description Information Technology IT Security Expertise in IT security in high security environments. Expertise in event management and automation of threat intelligence into detection and prevention tools. Expertise in malware analysis. Information Technology Information Security Expertise in information security with experience in various aspects of information security and security operations processes, including incident and event management; vulnerability management; and threat intelligence. Information Technology Network Security Expertise in network security.Qualifications, Experience and Language skills

• Completed secondary education.
• Minimum of six years of working experience, including experience in implementing and documenting security operations procedures and experience with security operations,automation of common activities implementation of various security tools.
• IT security specialist training and certifications an asset.
• Experience with security incident and event management systems such as the ELK stack, Arcsight, QRadar, Alienware, and Splunk.
• Experience with security installations for the physical protection of information assets would be a benefit.
• Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.

Remuneration

The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at EUR 54871 (subject to mandatory deductions for pension contributions and health insurance), 6 weeks' annual vacation, pension plan and health insurance

Appointment is subject to a satisfactory medical report. Recruitment will be on a LOCAL BASIS only. Outside applicants are required to supply to the IAEA or to authorize it to seek all information relevant to their suitability for employment by the IAEA. Testing may be part of the recruitment process. ------------------------------------------------------------------------------------------------------------------------------------------------------------- Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. The IAEA is committed to applying the highest ethical standards in carrying out its mandate. As part of the United Nations common system, the IAEA subscribes to the following core ethical standards (or values): Integrity, Professionalism and Respect for diversity. Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above. -------------------------------------------------------------------------------------------------------------------------------------------------------------

table { border-collapse: collapse; } table, th, td { word-wrap: break-word; valign="top"; }