As a Cyber-Security Analyst & Engineer:

• You will take over responsibilities in coordinating and collaborating with external partners in CERN’s academic community (as well as the EGI https://www.egi.eu, OSG https://opensciencegrid.org and WLCG https://wlcg.web.cern.ch/), the high-energy physics community, and collaborating institutes and universities. This includes gathering new threat intelligence sources and threat intelligence as such, as well as discussing e.g. malware samples and Indicators of Compromise with these partners, participate in vetted dedicated trust groups, etc.
• Benefitting from that network, you shall participate in the CERN CSIRT (Computer Security Incident Response Team) and autonomously and independently handle computer security incidents as well as provide forensics capabilities within CERN and the aforementioned partner network.
• As a Computer Security Engineer and systems administrator, you shall contribute and manage a series of computer security projects (e.g. storage of and scanning for secrets, software curation) relevant for a better protection of the Organization, take responsibilities in updating and improving the Team’s computing infrastructure as well as adding further sources of security-relevant data to CERN’s Security Operations Centre;
• In addition, your responsibility includes continuing to improve the security of CERN’s IT department’s central computing facilities (e.g. Open Search, HDFS, Puppet, Jira, CentOS, etc.), e.g. by reviewing the current implementations, identifying weaknesses as well as providing advice and consultancy in matters of computer security.

Experience

The successful candidate should come with proven expertise and knowledge on computer, network or software security, and, preferably, as computer systems administrator. In particular, the successful candidate should be able to show

• a deep technical understanding of malware behaviour (following e.g. the MITRE ATT&CK framework);
• an ability to perform remote memory and network forensics;
• a capacity to establish strategic trust relationships with external stakeholders and security fora; and
• capabilities in forensics and incident response spanning across multiple administrative domains.

Technical competencies

• Monitoring and responding to security threats and incidents for ICT systems: With particular skills in forensics and penetration testing;
• Knowledge of best practises for developing secure software, and of development and integration of IT security features
• Installation, operation and maintenance (preventive and corrective) of computing systems: In particular excellent knowledge of the Linux/UNIX operating system, virtualization, databases, and in particular of shell scripting and programming (Python, and/or C), other languages or technologies would be a plus;
• Knowledge of communication technologies and protocols.

Please contact Stefan Lüders for more information.