Cyber Security Engineer

  • Location:
  • Salary:
  • Job type:
  • Posted:
    1 week ago
  • Category:
    Information and Telecommunication Technology
  • Deadline:
    December 21, 2022



Organizational Setting

The Division of Information Technology provides support to the IAEA in the field of information and communication technology (ICT), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA’s ICT infrastructure comprises hardware and software platforms, and cloud and externally hosted services. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices. The Infrastructure Services Section (ISS) is responsible for implementing, maintaining, and administering the ICT systems and services for high availability; designing, implementing, and operating IT security services; and managing the data centre. The platforms include Microsoft Windows servers, Linux servers, Oracle EBS infrastructure, data storage, and transmission networks, serving more than 2500 staff, as well as over 10000 external users around the world. The Section includes three Units: Network and Telecommunications, Enterprise Systems, and Security Systems.


Main Purpose

The Cyber Threat Detection & Response Engineer is part of the IAEA’s cyber security team and a key contributor to the cyber security operations and defense activities. The purpose for this role is to deploy, configure, and evolve cyber threats prevention, detection, and monitoring capabilities. He/she will manage, improve, and scale up detection/response program engaging in innovative work related to identification and hunting for novel threats; administration of security information and events management and security orchestration tools; as well as provide subject matter support for cyber security operations to assure best-in-class protection services for IAEA’s users, data, and computer systems.



The Cyber Threat Detection & Response Engineer is (a) a technical specialist that solves challenging security problems, usually at the intersection of detection, response, and security automation; (b) a technical expert who can understand and evaluate cyber threat landscape, with the ability to present risks and multiple possible solutions in a logical and constructive manner; (c) a practical problem solver with a can-do attitude and sense of ownership and accountabilities.


Functions / Key Results Expected

•Manage and evolve the content development within the Security Information and Event Management SIEM platform which includes use case creation, dashboard design, tuning of use cases to minimize false positives.
•Configure logging of cybersecurity technologies to integrate with the SIEM tool to enable near real-time alerting.
•Conduct regular threat hunting and independent threat research to augment and feed custom use case creation.
•Leverage advanced knowledge of security operations, cyber security tools, intrusion detection, and network security to detect, investigate, or prevent cyber intrusions.
•Perform in-depth analysis of security events, including malware analysis, network forensics detection, as well as share practices with Tier 1 – Tier 2 incidents handlers.
•Collaborate with peers and lead development of dashboards, reports, and alerts to meet tactical cybersecurity requirements and monitor for indications of compromise.
•Act as an escalation point and take a role of the key technical subject matter expert and in the absence of the team manager to handle any cyber intrusions and incidents.
•Contribute to the development of operational reporting and metrics such as KPI , KRI; produce regular and ad-hoc threat reports for the Unit Head and the Sr. Management team.
•Collaborate with the enterprise IT peers to appropriately configure cybersecurity systems and services that affect the overall security posture for the organization.

Competencies and Expertise

Core Competencies

Name Definition
Communication Communicates orally and in writing in a clear, concise and impartial manner. Takes time to listen to and understand the perspectives of others and proposes solutions.
Achieving Results Takes initiative in defining realistic outputs and clarifying roles, responsibilities and expected results in the context of the Department/Division’s programme. Evaluates his/her results realistically, drawing conclusions from lessons learned.
Teamwork Actively contributes to achieving team results. Supports team decisions.
Planning and Organizing Plans and organizes his/her own work in support of achieving the team or Section’s priorities. Takes into account potential changes and proposes contingency plans.

Functional Competencies

Name Definition
Client orientation Helps clients to analyse their needs. Seeks to understand service needs from the client’s perspective and ensure that the client’s standards are met.
Commitment to continuous process improvement Plans and executes activities in the context of quality and risk management and identifies opportunities for process, system and structural improvement, as well as improving current practices. Analyses processes and procedures, and proposes improvements.
Technical/scientific credibility Ensures that work is in compliance with internationally accepted professional standards and scientific methods. Provides scientifically/technically accepted information that is credible and reliable.

Required Expertise

Function Name Expertise Description
Information Technology IT Security Expertise with SIEM or SOAR systems and writing or configuring high-signal, low-noise detections rules or automated response workflows.
Information Technology Information Security Experience with analysis of event and systems logs, perform forensic analysis, and analysis of malware.
Information Technology Software Engineering Experience with computer programming and/or scripting languages (Python, Java Script, Go, )etc.


Qualifications, Experience and Language skills

• University Degree in computer Science, Information Management, IT Security. Four (4) additional years of experience may be considered in lieu of University Degree.

• Internationally recognised security relevant certification, such as CISSP, OSCP, GCIA, CYSA, or related certifications.

•At least 5 years of relevant experience in information security, out of which at least 2 years performing Tier 3 incident handling tasks or management of threat detection and response automation tools
•Proven experience in creating custom rules, dashboards, and reports using Endpoint Detection and Response (EDR) or Nextgen Antivirus (NGAV) tools.
•Ability to develop use cases for one of the following platforms: Splunk ES, QRadar, Sentinel, Sumo Logic, Exabeam, Chronicle, Sentinel, Log Rhythm
•Proven ability to use scripting skills for automation of cyber security response or technical threat intelligence processing
•Knowledge of the Cyber Kill Chain methodology, Mitre Attack Framework, and Malware analysis methods

•Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.



The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $62692 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $ 23071*, dependency benefits, rental subsidyeducation grantrelocation and repatriation expenses; 6 weeks’ annual vacation, home leavepension plan and health insurance


Applications from qualified women and candidates from developing countries are encouraged

Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. The IAEA is committed to applying the highest ethical standards in carrying out its mandate. As part of the United Nations common system, the IAEA subscribes to the following core ethical standards (or values): IntegrityProfessionalism and Respect for diversity. Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above. Testing may be part of the recruitment process