Jul 31, 2016 - Manage security operation following to predefined process and ... Academic Qualifications: University deg
FOOD AND AGRICULTURE ORGANIZATION OF THE UNITED NATIONS Terms of Reference for Consultant
/PSA
Minimum number of years of relevant experience required: 1yr
5yrs
12+yrs
Name: Job Title:
ICT Operations Security Engineer Consultant
Division/Department:
CIODD
Programme/Project Number: Location:
Rome, Italy
Expected Start Date of Assignment: Reports to:
ASAP
David Wu
Duration:
11 months (until 31 Dec 2016)
Title: Chief Operations Officer
GENERAL DESCRIPTION OF TASK(S) AND OBJECTIVES TO BE ACHIEVED
The ICT Operations Security Engineer Consultant will play an important role in CIO Global Security Operations. CIO global Security Operations is responsible for establishing and leading an enterprise-wide information security and assurance function, ensuring that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately. The consultant will work under the SECU team leader to perform analysis, integration and implementation of key security technologies and features including secure architecture design, risk analysis, infrastructure security, and administration of network, firewall, application gateways, reverse proxy, identity management, AD security, encryption, IDS/IPS, VPN, proactive security monitoring, threat modelling and other security-centric technologies. The consultant will also act as the focal point for internal and external security testing. Essential Responsibilities:
Responsible for day to day IT security operations: infrastructure/application security administration, security monitoring, threat management, and reporting; Provide security expertise and guidance to a diverse set of FAO engineering and business teams; Conduct security reviews of core corporate and production infrastructure and application Drive enterprise focused security improvements to CIO IT products and services.
KEY PERFORMANCE INDICATORS
Expected Outputs:
Required Completion Date:
-
Review and update the IT security policy documents
31/7/2016
-
Conduct vulnerability assessment and security testing
31/8/2016
-
Finalize the security design for application security, infrastructure redesign, and web security
31/9/2016
-
Manage day to day security operation to meet defined operation targets;
31/9/2016
-
Manage security operation following to predefined process and procedure: Incident management, change management, and other steps in FAO ITSM;
31/12/2016
-
Manage FAO IT security infrastructure: Firewall administration; Reverse proxy; IDS operation; event management and log analysis;
31/12/2016
-
Threat management
31/12/2016
-
Document security operation procedure
31/11/2016
-
Security Assessments for new and existing systems when requested
31/09/2016
-
Management of secured document dissemination and all forms of digital certificates in use in FAO
31/12/2016
-
Support to OIG Investigations
31/12/2016
-
Resolution of ICT security incidents and problems, in collaboration with other ICT groups
31/12/2016
-
Knowledge transfer to operations staff on the above activities
31/12/2016
REQUIRED COMPETENCIES Academic Qualifications: University degree in computer science, information systems or related fields Technical Competencies and Experience Requirements
Essential Qualification:
Experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modelling;
Minimum of 5 years of system admin or development experience on a Windows and Unix/Linux operating systems; excellent experience with system hardening; Skilled with Perl, CGI or shell scripting;
Expert level knowledge in designing secure network architectures, virtualization technologies, database platforms, identity and access management principles, application security, encryption technologies, DNS, SOA and web applications;
Excellent understanding of the Internet protocol suite, e.g. Radius, BOOTP, ARP, IP, ICMP, BGP, OSPF, TCP, UDP, LDAP, DNS, DHCP, SNMP, SMTP, SIP, GRE, Netflow/cflowd and POP3;
Experience with the following SSL, HTTPS, PGP, DES, SSH, SCP, Kerberos, IPSEC, PKI;
Hands-on Experience in threat management: IDS/IPS, logging analysis, security monitoring and event management; Experience with Arcsight and/or Splunk is a plus;
Experience with DotDefender, TippingPoint, Sophos and PCI compliance a plus;
Experience with security incident response;
Experience with security test: vulnerability scan and penetration test;
Due to the nature of the work, after office hour standby and work from home is required;
Advanced university degree with experience minimum 5 years working in the field of IT Security in infrastructure and/or application security;
One or more certification from a recognized organization (CISSP, CISA, CISM, SANS, Security Vendors: Cisco CCIE Security, Checkpoint, Juniper, etc);
Working knowledge of English.
Payment conditions: the daily honorarium will be paid monthly on when-actually-employed basis and will be defined
depending on relevant qualifications and work experience. Schedule of work: The incumbent will be required to work and be present on the premises during the standard office hours of
the duty station (from 8.30 till 17.00 for HQ) and after-hours emergency support when needed. The working time will be reported in the internal timesheet system. How to Apply
Interested applicants are required to create an online Personal Profile form (PPF) in iRecruitment. To create the PPF, please follow the instructions available at: http://www.fao.org/employment/irecruitment-access/en - Once created the PPF, applicants should submit a cover letter setting out how their qualifications and experience match the requirements for the position, a PPF form and an updated CV including two references to:
[email protected] - Deadline for submission of your application: May 22th, 2016 - Applications received after the closing date will not be given consideration. Only short listed candidates will be contacted
