As part of the ICT Shared Service Centre, the incumbent, as a member of an expert team, assists in providing technical expertise and support in IT security operations. Under guidance from ICTS Vienna and supervision from National Information Security Officer, the incumbent ensures that security policies, procedures, instructions and guidelines written by OSCE Secretariat ICTS team are appropriately implemented and complied with. The incumbent ensures that all ICT systems within limits of delegated authority are operational, sufficient and cost effective according to defined service levels.
Tasks and Responsibilities:
- Assisting in the establishment and operation of the Information Security Operations Centre, including:
- Monitoring and analysing logs, trends and security events from various sources (systems) with purpose of recognizing potential, successful and unsuccessful intrusion attempts and compromises and informing the OSCE Security Incident Response Team (SIRT);
- Participating in security incident response, frequently acting as "first responder' and working with the OSCE Security Incident response team on containment, eradication and remediation for events escalated to incident level;
- Performing periodic reviews with respect to effective, efficient, and secure use of IT Security Systems, ensuring requirements are met and that replacement and upgrades are in place in support of priorities and deadlines;
- Producing relevant documentation;
- Assisting and supporting administration activities of ICT systems security including:
- Performing tasks to ensure availability, performance, and security of the Wide Area Network (WAN) and Internet/Intranet related services and security systems (routers, perimeter, firewalls, mail and proxy servers, content filtering, anti-spam and anti-virus systems);
- Performing tasks to ensure availability, performance, and security of the Local Area Network (LAN) related services and security systems (switches, wireless networking, network access controls, VoIP);
- Maintaining and monitoring of endpoint security and endpoint management systems;
- Responding to support requests from Service Desk, within his/her own area of responsibility, in a professional manner, logging calls in a database. Maintaining accurate log entries of requests with fault details and produces relevant documentation. Searching documentation and previous requests for assistance on related topics to find solution in the most effective way;
- Performing troubleshooting, upgrade, deployment and repairs on network and endpoint Security Systems and related hardware, software and systems;
- Maintaining contacts with vendors and service providers as needed for product updates or troubleshooting;
- Participating in a Vulnerability Assessment (VA) Scanning Capability. Following the documented process for routine scanning of devices and systems. Assisting in the development of mitigation and remediation plans as a result of the vulnerability assessment findings;
- Participating in the ICT security projects:
- Newly adopted IT services and technologies;
- Additional security controls;
- Management and other supporting tools and systems;
- Hardware and Software Inventory and Control;
- Performing other duties as assigned.
- Minimum secondary education supplemented by formal studies in computer/information science or related field, or equivalent combination of education and experience;
- At least one relevant information security certificate such as GIAC, CISSP, CISA, CISM, CCSA, CCSE, etc., or at least one relevant network administration certificate such as CCNA, CCNP, etc.;
- Minimum 6 years of relevant working experience;
- Demonstrated experience in key security technologies (SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation);
- Relevant ITIL Experience;
- Problem solving, troubleshooting skills and fixing technical issues on network, security and other computer equipment;
- Understanding of access controls, networking, servers, firewalls and logging;
- Familiarity with encrypted communications and network protocols;
- Familiarity with Windows, Linux and WMware administration and concepts;
- Experience with technical writing and management reports;
- Excellent written and oral communication skills in English.
Monthly remuneration, subject to social security deductions is 2,574.25 BAM/month. Social benefits will include participation in the Cigna health insurance scheme and the OSCE Provident Fund. Appointments are normally made at step 1 of the applicable OSCE salary scale. At the discretion of the appointing authority a higher step may be approved up to a maximum of step 3 subject to specific conditions.
This position is open to citizens and permanent residents of Bosnia and Herzegovina only. If you wish to apply for this position, please use the OSCE's online application link found under http://www.osce.org/employment. Please note that offline applications submitted via email, fax, or mail will not be considered. The OSCE retains the discretion to re-advertise the vacancy, to cancel the recruitment, to offer an appointment at a lower grade or to offer an appointment with a modified job description or for a different duration. Only short-listed candidates will be contacted. The OSCE is committed to diversity and inclusion within its workforce, and encourages qualified female and male candidates from all religious, ethnic and social backgrounds to apply to become a part of the Organization. Please be aware that the OSCE does not request payment at any stage of the application and review process.