The Division of Information Technology (MTIT) is a high performing team on a continuous improvement journey to deliver ever more value toward the IAEA’s important mission: Atoms for Peace and Development. We focus on Using Technology Better, Using Better Technology, Securely. MTIT is well into a transformation that achieves operational excellence, while also delivering on the six pillars of the IAEA’s Business Technology Strategy: Building an Adaptive IT Workforce, implementing a Holistic IT Risk Management and Information Security Programme, Improving How the IAEA Works, Collaborating and Cooperating Across IT, Managing and Sharing Information, and Cultivating an Innovation Mindset.

The Infrastructure Services Section (ISS) focuses on the operational excellence, security, reliability, performance, and cost optimization of the IAEA’s network, compute and storage systems. We aim to modernize and use the Cloud when appropriate, ensuring that the confidentiality, integrity, and availability of the IAEA’s information and information systems always come first. The Infrastructure Services Section includes three Units: Network and Telecommunications, Enterprise Systems, and Security Systems.

Main Purpose

The purpose of the consultancy is to provide technical advice and expertise to new and on-going short-term and long-term projects/ activities to hardening the foundation of our computing environment.

Under supervision of the IT Security head the consultant will be serving as an infrastructure security engineer and will be responsible for the global enterprise network security and all facets that make up a typical enterprise network security environment. The consultant will ensure implementations, operational maintenance, and provide technical expertise for various security technologies as typical of an enterprise global environment.

Functions / Key Results Expected

Network Intrusion Prevention Administration: 50%
• Assure effectiveness and evolution of infrastructure security controls applied to virtual private networks, cloud environment, on prem data centres, web protocols, and custom applications.
• Provide technical security planning, implementation, configuration, support and troubleshooting services on security technologies.
• Maintain the existing infrastructure security controls assuring high availability, redundancy, and resilience.
• Conduct routine log review of network information security events, investigating and escalating to incident responders as necessary.
• Provide periodic, informal knowledge transfer to other group members and to designated employees covering the management, normal operation, and maintenance of the network infrastructure security.
• Apply patches and firmware upgrades on a regular basis, and upgrade administrative tools and utilities.

Design & Improvements: 30%
• Improve the existing security hardening to achieve high resilience and security.
• Development and maintenance of new features for IPS/IDS bring-up and automation.
• Optimize, implement, and assist in monitoring of network security performance across the technology stack.

Documentation: 20%
• Develop and improve Standard Operating Procedures (SOPs) for operational efficiency.
• Draft and maintain network diagrams, build books, and technical “cheat sheets”.
• Create and provide regular reports to the senior management pertaining to effectiveness of network security controls

Knowledge, Skills and Abilities

Required –

Skills and Expertise

•    Network Engineering

•    Network Security

•    Network Architecture

•    IT Security

Qualifications and Experience

•    Bachelor’s Degree – Computer Science or other related field;

•      Minimum of 5 years of relevant IT experience out of which at least 3 years’ experience designing, supporting, and delivering security solutions across complex, international environments.
Experience in configuration and administration of Palo Alto security features such as Panorama, security policies, WildFire, URL filtering, APP-ID, User-ID, Threat prevention, Site-site VPN, Global protect and SSL decryption.
• Knowledge of SNMP, Syslog, AAA, IP Super/sub netting, DHCP, NTP, QOS, and NetFlow as they relate to security enhancement and diagnostics.
• Hand on experience in design, configuration, migrations, tuning and customization of network threat prevention controls.
• Knowledge in virtualization, networking, and cloud environments.
• Excellent written and spoken level of English language and ability to convey complex technical IT infrastructure or IT security concepts to technical and non-technical audiences including executives.

Remuneration

The remuneration for this consultancy is a daily fee of up to a maximum of € 340, based on qualifications and experience. In case duty travel is required within the assignment, a daily subsistence allowance (DSA) and travel costs are provided. Health coverage and pension fund are the responsibility of the incumbent.