Your work environment
The Luxembourg Institute of Science and Technology (LIST) is a Research and Technology Organization (RTO) active in the fields of materials, environment and IT. By transforming scientific knowledge into technologies, smart data and tools, LIST empowers citizens in their choices, public authorities in their decisions and businesses in their strategies.
In this new position, within our Information Systems Unit, you will be working under the coordination and supervision of the Information Systems Security Officer. You have the opportunity to be part of operational implementation of the Information Systems Security Policy of LIST and related security projects in the area of software components, applications, databases, as well as components of the IT and telecom technical infrastructure.
You will be working together with other teams in the Information Systems Unit in order to support of the research, administrative and technical departments. You help to guarantee the security of the the components (applicative and technical) that make up the information systems.
You will be mainly in charge of:
- Participate in the architecture and design of IS security solutions
- Manage or participate in IT security solutions implementation projects
- Analyse, in collaboration with the Services of the Information Systems Unit, the needs of researchers in order to propose adapted IS security measures
- Implement controls to ensure the effectiveness of the IS security measures and solutions deployed
- Participate in the development and updating of procedures and documents related to IS security
- Contribute in the continuous improvement of threat detection mechanisms
- Be part of technical IT security audits
- Participate in the assessment and analysis of risks and threats related to IS security
- Conduct investigations and response operations to cyber incidents
- Provide advice and technical assistance in the fields of IS security to research departments and to administrative and technical departments
- Participate in the development and implementation of Business Continuity Plan and Business Recovery Plans
- Analyse the market and offers of external providers in terms of IT security
- Ensure constant monitoring of IT security technologies
Experience and skills
Proven professional experience (5 years minimum) in the fields of IS security, development and operational implementation of IS security projects and solutions, in a similar position in a company's Information Systems Department or in an IT services provider.
Good knowledge of risk assessment and management related to IT security
Knowledge of IS security audit mechanisms
Good knowledge of project management methods
CISSP or CISM or CEH certification is an asset
Good overall knowledge of IS, IT components of IS architectures (multi-tenant environments) and security in the field of software development cycle (Web and database security) and IT technical fields
- Proven knowledge in all or part of the technical components and tools such as:
- Architecture and network protocols TCP / IP, IPV6, Wifi, mobile telephony, ToIP, DNSSec, SD-WAN
- Communication protocols: http, https, ssl, ftp, ssh, VPNs, etc.
- Hardware and software security devices including those related to the web, the Cloud and mobile resources, such as (Firewall, WAF, IDS, IPS; Security gateways for messaging and internet access; Antivirus and anti-spam; Encryption solutions)
- IS security monitoring, supervision and metrological measurement tools
- Authentication servers AD, ADFS, LDAPS, radius, MFA
- Office 365 security: CASB, AIP, DLP, etc.
- Operating systems (VMWare, Windows 10, Windows Server, Linux, Ubuntu, CentOS, Mac OS)
- Good knowledge of all/part following technical aspects:
- SIEM solutions (splunk is an asset)
- Forensic techniques are an asset
- Security, scan and vulnerability detection tools for IT infrastructure components, DLP and Web applications
- Containers (docker, kubernetes, etc.)
- System scripting language (Powershell is an asset, bash, python, etc.)
- RDBMS databases (Oracle is an asset, MySQL, SQL language)
- Autonomous, organised and accurate, methodical approach
- Able to work confidentially, high ethical standards
- Able to work across the organisation and be initiative
- Stress resistant
- Client service attitude
- Good communication skills, both oral and written
- Good level both written and spoken English and French