• Reviewing autonomously or inside a team newly developed or purchased IT services as well as those subject to essential changes with regards to security principles (like the CISv8 standard);
• Providing consultancy and suggestions on furtherly improving the security posture of said IT services;
• Maintaining a CERN-wide review plan and register for “security” as well as CERN’s risk-register linked to “security”-related risks.

Furthermore, we offer you the possibility to delve into pure security operations, running separately your own security project(s), and contributing to incident handling in the CERN CSIRT.

Requirements: 

Skills and/or knowledge

• Excellent knowledge of best practices in the field of “computer security”, of secure software development and integration of IT security (features);
• Proven experience in performing security reviews following industrial standards (ideally CIS, but also ISO 27k or similar);
• Good knowledge of the Linux/UNIX operating system, network design, communication technologies and protocols, virtualization, databases, and in particular of shell scripting and programming (Python, and/or C). Other languages or technologies would be a plus;
• Experience in securing either or both MS Azure and Google Workspace cloud services;
• Proven expertise in automatic and manual vulnerability scanning and penetration testing (using tools like Nessus, Burpsuite, Metasploit), red/blue teaming, or similar.

Eligibility criteria:

• You are a national of a CERN Member or Associate Member State.
• You have a professional background in IT (or a related field) and have either:
  • a Master’s degree with 2 to 6 years of post-graduation professional experience;
  • or a PhD with no more than 3 years of post-graduation professional experience.
• You have never had a CERN fellow or graduate contract before.