Application Security Engineer(P3)
Vienna
- Organization: IAEA - International Atomic Energy Agency
- Location: Vienna
- Grade: Mid level - P-3, International Professional - Internationally recruited position
-
Occupational Groups:
- Engineering
- Administrative support
- Information Technology and Computer Science
- Security and Safety
- Nuclear Technology
- Security Systems Unit
- Energy sector
- Closing Date: Closed
Organizational Setting
The Division of Information Technology provides support to the IAEA in the field of information and communication technology (ICT), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA's ICT infrastructure comprises hardware and software platforms, and cloud and externally-hosted services. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices.The Infrastructure Services Section (ISS) is responsible for implementing, maintaining, and administering the ICT systems and services for high availability; designing, implementing, and operating IT security services; and managing the data centre. The platforms include Microsoft Windows servers, Linux servers, Oracle EBS infrastructure, data storage, and transmission networks, serving more than 2500 staff, as well as over 10000 external users around the world. The Section includes three Units\: Network and Telecommunications, Enterprise Systems, and Security Systems.
Main Purpose
The Application Security Engineer leads application security and security threat research activities to strengthen IAEA information security and DevOps practices. He/she participates in development, delivery, and administration the comprehensive application security program for the IAEA. A successful candidate will be working with software development and security peers supporting day-to-day security DevOPS activities including but not limited to, Static Application Security testing (SAST) Dynamic Application Security Testing, (DAST), Web Application Firewall (WAF), API security, security threat research as well as investigations of possible application security incidents.
Role
The Application Security Engineer is (a) a technical specialist contributing to the design and formulation of security measures, procedures and standards on all aspects of application security; (b) a solution provider, coordinating applications security service delivery; (c) a team member actively involved in planning, implementing, testing and deployment of application security controls; and (d) a security threat researcher and incidents handler.
Functions / Key Results Expected
Perform application
security analysis, including code and architecture review, analysis of data
flows and penetration testing and make recommendations for corrective actions.
Actively contribute to top-notch R&D initiatives related to data analysis,
investigations, custom applications development, as well as intelligence
collection & analysis.
Participate in threat research, vulnerability discovery and investigations.
Implement and administer preventative and monitoring security controls for the
applications environment.
Identify application security issues and risks, and work with development team
to define mitigation plans.
Researching and evaluating new and emerging security technologies, features,
and products.
Provide substantive inputs and suggestions on all aspects related to the
applications design, vulnerabilities testing, security infrastructure, security
plans and services.
Coordinate application security services, installation, maintenance based on
from external vendors and other UN agencies services.
Prepare written reports using data and statistics to contribute towards
efficient, effective and secure software deployment.
Provide technical inputs and guidance on deficiency and effectiveness of
application security control deployment and usage.
Create and deliver applications security training to peers and junior staff.
Competencies and Expertise
Core Competencies
|
Name |
Definition |
|
|
|
|
Planning and Organizing |
Plans and organizes his/her own work in support of achieving the team or Sectionâs priorities. Takes into account potential changes and proposes contingency plans. |
|
|
|
|
Communication |
Communicates orally and in writing in a clear, concise and impartial manner. Takes time to listen to and understand the perspectives of others and proposes solutions. |
|
|
|
|
Achieving Results |
Takes initiative in defining realistic outputs and clarifying roles, responsibilities and expected results in the context of the Department/Divisionâs programme. Evaluates his/her results realistically, drawing conclusions from lessons learned. |
|
|
|
|
Teamwork |
Actively contributes to achieving team results. Supports team decisions. |
Functional Competencies
|
Name |
Definition |
|
|
|
|
Client orientation |
Helps clients to analyse their needs. Seeks to understand service needs from the clientâs perspective and ensure that the clientâs standards are met. |
|
|
|
|
Commitment to continuous process improvement |
Plans and executes activities in the context of quality and risk management and identifies opportunities for process, system and structural improvement, as well as improving current practices. Analyses processes and procedures, and proposes improvements. |
|
|
|
|
Technical/scientific credibility |
Ensures that work is in compliance with internationally accepted professional standards and scientific methods. Provides scientifically/technically accepted information that is credible and reliable. |
Required Expertise
|
Function |
Name |
Expertise Description |
|
|
|
|
|
Information Technology |
IT Security |
Expertise in threat research as well as implementation and maintenance of technical application security controls. |
|
|
|
|
|
Information Technology |
Information Security and Risk Management |
Practical expertise in managing security vulnerabilities, threats, and risks according to the beet practices. |
|
|
|
|
|
Information Technology |
Software Engineering |
Proven ability to use one or more of the programming languages\: (Java/Ruby/Python/Perl) and deep understanding of Security Software Development Life Cycle and DevOps principles. |
|
|
|
|
|
Information Technology |
Technical Writing |
Expertise in creating technical documentation. |
|
|
|
|
|
Information Technology |
Web Development |
Understanding of Web API development, and security threats, and remediation best practices. |
Qualifications, Experience and Language skills
University degree in Computer Science, IT Security, Information Security or a closely related field.
Internationally recognised security certification, such as EC-Council |CASEEC-Council E|CIH, Offensive Security OSCP, CSSLP would be an advantage.
Minimum 5 years of relevant technical experience of which at least 2 years of experience in one or more of the following domains\: application and software security, technical threat research, penetration testing, secure software development.
Foundation in, and in-depth technical knowledge of, security engineering, computer and network security, authentication, security protocols and applied cryptography.
Demonstrated experience with tools and techniques used for software security analysis, including penetration testing, static and dynamic analysis.
Experience with public cloud environments and technologies, including Amazon Web Services, MS Azure, MS DevOps.Experience with Python, Perl, or other scripting languages.
Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.
Remuneration
The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $60962 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $ 25726, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; 6 weeks' annual vacation, home leave, pension plan and health insurance
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Applications from qualified women and candidates from developing countries
are encouraged
Applicants should be aware that IAEA staff members are international civil
servants and may not accept instructions from any other authority. The IAEA is
committed to applying the highest ethical standards in carrying out its
mandate. As part of the United Nations common system, the IAEA subscribes to
the following core ethical standards (or values)\: Integrity, Professionalism and Respect for diversity. Staff members may be
assigned to any location. The IAEA retains the discretion not to make any
appointment to this vacancy, to make an appointment at a lower grade or with a
different contract type, or to make an appointment with a modified job
description or for shorter duration than indicated above. Testing may be part
of the recruitment process
-------------------------------------------------------------------------------------------------------------------------------------------------------------
However, we have found similar vacancies for you:
Assistant Shop Manager
Senior Access and Security Officer – National Position
Un.e Chargé.e d’appui administratif et financier des projets Eau Assainissement et Hygiène
Senior Associate, District Health Systems Strengthening Short Term
VAC-11610 Hart - Close Protection Officer and Team Leader (EOI)
