devjobs

The EIB, the European Union's bank, is seeking to recruit for its Directorate – Corporate Services (CS) – Information Technology (IT) – IT Security Unit (SEC) at its headquarters in Luxembourg, a (Senior) IT Security Engineer. This is a full time position at grade 5/6.

Panel interviews are anticipated for mid of November.

The term of this contract is 4 years.

The EIB offers fixed-term contracts of up to a maximum of 6 years, according to business needs, with a possibility to convert to a permanent contract, subject to organisational requirements and individual performance.

Purpose

As (Senior) IT Security Engineer (internally referred to as (Senior) Engineer IT Technology & Infrastructure), you will drive the activities related to IT security operational monitoring, contribute to the definition of an IT security strategic plan and manage IT security projects in the operational monitoring domain in line with associated policies and procedures and controlling that these are properly implemented thereby contributing to the achievement of the EIB’s IT security strategy objectives

Operating Network

The IT Security Unit monitors the deployment and effectiveness of adequate controls to mitigate Information and Communications Technology (ICT) risks, and is responsible for technical security matters for on premise hosted systems.

You will report to the Head of the IT Security Unit, and closely interact with the IT controls and IT security architecture teams to identify and integrate monitoring controls as part of new IT systems to be rolled out.

You will collaborate with the IT Security Unit, IT internal and external staff and Internal Audit and work with the EIB’s second line of defence team members in the EIB’s Risk Management Directorate and the internal control assessment teams in the EIB’s Financial Control Directorate. You will also be in contact with external vendors and/or partners providing security equipment, software or security services and with IT Security Engineers & Officers from peer institutions, as well as with the CERT-EU and local security authorities under the guidance of the Head of IT Security Unit.

Accountabilities

Contribute to the definition of the IT security strategy and policies for IT security operational monitoring with regard to the short, medium and long-term, ensuring that meet the business strategy and are aligned with IT trends and developments

• Define a set of security mechanisms and supporting standards which provide a consistent range of security capabilities to ensure that IT security policies, procedures and initiatives are properly designed and implemented
• Establish IT security requirements and architectures by analysing IT requirements from different sources at EIB, such as business functions, enterprise architects, IT operational teams.
• Drive continuous improvements on IT security risk detection and implement the necessary technical and/or administrative controls, procedures, IT standards, methodologies
• Operate and maintain IT Security Production systems and evaluate continuously the cyber threat landscape for the EIB Group
• Enhance and manage the IT security monitoring activities, and lead the development of new monitoring mechanisms
• Manage the supporting technology and operationalize security incident monitoring and response mechanisms.
• Ensure the design, implementation and support of IT security technical and logical controls, this includes:
• Elaborating the operational set of documentation and procedures
• Dealing and following-up with Internal Audit on Agreed Action Points
• Contributing to security awareness throughout the organisation
• Coordinate a team of external consultants and manage the agreed service levels acting as a service manager for the contract with the outsourcing provider.

Qualifications

• University degree in computer science or related disciplines
• At least 5 years of professional experience as an operational security engineer
• Excellent knowledge of IT Security operations (firewalls, proxies, web application firewalls, email secure gateways, remote accesses, strong authentication systems, privileged access management)
• Good knowledge of security standards such as the ISO 2700x suite or other industry best practices in the area of security monitoring
• Demonstrated experience and deep knowledge in IT security risk analysis (SIEM, log review), contingency, vulnerability assessment and remediation (patch management)
• Good knowledge of IT security operations (firewalls, proxies, web application firewalls, email secure gateways, remote accesses, strong authentication systems, privileged access management)
• Good knowledge of general IT security topics and controls (security architecture and standards, vulnerabilities management and mitigation technics in particular those associated to Internet exposed systems and applications)
• Advanced knowledge and interest in cyber threat landscape, malware and hacking techniques
• Relevant post-graduate studies in field of IT risk management, IT or information management would be considered as a strong advantage
• Project management techniques, progress tracking tools and reporting would be considered an advantage
• Information Security related certification such as CISSP and/or CISA would be an advantage
• Fluent in English and/or French and preferably a solid understanding of the other (**)

Competencies

Find out more about EIB core and managerial competencies here

Interested?

Please apply via the application link