Cyber-Security Analyst & Engineer (IT-GOV-CSO-2023-109-LD)

At CERN, the European Organization for Nuclear Research, physicists and engineers are probing the fundamental structure of the universe. Using the world's largest and most complex scientific instruments, they study the basic constituents of matter - fundamental particles that are made to collide together at close to the speed of light. The process gives physicists clues about how particles interact, and provides insights into the fundamental laws of nature. Find out more on http://home.cern.

Job Description
Introduction

Like any other organization, university or company, CERN is facing a permanent threat from different kinds of cyber-attacks putting its office computers, computer centres as well as accelerators and experiments at risk. The CERN Computer Security Team (https://cern.ch/security) is mandated to secure and protect all aspects of CERN's computing infrastructures as well as its operations and reputation against any kind of cyber-threats by:

-Proactively auditing and reviewing CERN's computing services, and conducting penetration tests against those.
-Extensively monitoring a vast sphere of computer centre nodes, network traffic and storage systems for potential attacks based on high-quality threat intelligence from many different sources.
-Quickly and efficiently responding to incidents occurring at CERN, but also in CERN's world-wide academic community, in tight collaboration with many different stakeholders.

We invite you take part in that cyber-security challenge!

Functions

As a Cyber-Security Analyst & Engineer:

-You shall play an active role in performing security reviews of and penetration tests against CERN's computing services and systems.
-You shall contribute and manage a series of computer security projects (e.g. storage of and scanning for secrets, software curation) to better protect the Organization, take responsibilities in updating and improving the Computer Security Team's detection infrastructure as well as adding further sources of security-relevant data to CERN's Security Operations Centre.
-Collaborate with partners in CERN's academic community (like the EGI https://www.egi.eu, OSG https://opensciencegrid.org), the high-energy physics community, and related institutes and universities. This includes gathering new threat intelligence sources and threat intelligence as such, as well as discussing e.g. malware samples and Indicators of Compromise with these partners, participate in vetted dedicated trust groups, etc.
-Leverage this partnership network to participate in the CERN CSIRT (Computer Security Incident Response Team) and autonomously and independently handle computer security incidents as well as provide forensics capabilities.

Qualifications
Master's degree or PhD or equivalent relevant experience in the field of in computer security and/or system administration or a related field.

Experience:

The successful candidate should come with proven expertise and knowledge on computer, network or software security, and, preferably, as computer systems administrator. In particular, the successful candidate should be able to demonstrate:

-a deep technical understanding of malware behavior (following e.g. the MITRE ATT&CK framework).
-an ability to perform remote memory and network forensics.
-a capacity to establish strategic trust relationships with external stakeholders and security fora.
-capabilities in forensics and incident response spanning across multiple administrative domains.

Technical competencies:

-Monitoring and responding to security threats and incidents for ICT systems: with particular skills in forensics and penetration testing.
-Knowledge of best practices for developing secure software: and of development and integration of IT security features.
-Installation, operation and maintenance (preventive and corrective) of computing systems: in particular excellent knowledge of the Linux/UNIX operating system, virtualization, databases, and in particular of shell scripting and programming (Python, and/or C), other languages or technologies would be a plus.
-Knowledge of communication technologies and protocols.

Behavioural competencies:

-Achieving results: having a structured and organised approach towards work; being able to set priorities and plan tasks with results in mind; delivering high quality work on time and fulfilling expectations; driving work / projects along and seeing them through to their conclusion.
-Communicating effectively: successfully changing other people's opinions by persuasive arguments; expressing opinions, ideas and suggestions with conviction and in a logical/structured manner; keeping to the point.
-Learning and sharing knowledge: keeping up-to-date with developments in own field of expertise and readily absorbing new information; sharing knowledge and expertise freely and willingly with others; coaching others to ensure knowledge transfer.
-Solving problems: identifying, defining and assessing problems, taking action to address them; addressing complex problems by breaking them down into manageable components; adopting a pragmatic approach; understanding the value of adopting generic rather than 'gold -plated' technical solutions.
-Demonstrating accountability: taking responsibility for own actions and decisions.

Language skills:
Spoken and written English or French: ability to understand and speak the other language in professional contexts. Ability to draw-up technical specifications and/or scientific reports and to make oral presentations in at least one of the two languages.

Eligibility and closing date:

Diversity has been an integral part of CERN's mission since its foundation and is an established value of the Organization. Employing a diverse workforce is central to our success. We welcome applications from all Member States and Associate Member States.

This vacancy will be filled as soon as possible, and applications should normally reach us no later than 31.08.2023 at 12:00 AM (midnight) CEST.

Employment Conditions

Contract type: Limited duration contract (2 years). Subject to certain conditions, holders of limited-duration contracts may apply for an indefinite position.

These functions require:

Work during nights, Sundays and official holidays, when required by the needs of the Organization.