Header

Information Security Analyst


ECMWF - European Centre for Medium-Range Weather Forecasts

Reading, United Kingdom

1. Position information

Vacancy No.: VN16-11 
Department: Computing Department
Grade: A2 
Section: Networks and Security Section
Job Ref. No.: STF-C/16-11 
Reports to: Information Security Officer
Closing Date: 25 April 2016

2. About ECMWF*

ECMWF is both a research institute and a 24/7 operational service, producing and disseminating numerical weather predictions to its Member States. ECMWF carries out scientific and technical research directed to the improvement of its forecasts, collects and processes large amounts of observations, and manages a long-term archive of meteorological data. Satellite and in situ observations provide the information for up-to-date global analyses and climate reanalyses of the atmosphere, ocean and land surface.
For further details, see www.ecmwf.int/.
The Networks and Security Section forms part of ECMWF’s Computing Department. It is responsible for delivering network, remote access, authentication, data acquisition, product delivery, and security infrastructure to the organisation. The Section also co-ordinates information security activities, reporting to the Centre’s Director of Computing and its Information Security Governance Board.

3. Summary of the role

The Information Security Analyst role is responsible for operational security matters related to information technology (IT) security within ECMWF. Reporting to the Information Security Officer, the role coordinates the implementation of agreed controls across the organisation to reduce information and IT risks and ensure information assets and technologies are adequately protected.

4. Main duties and key responsibilities

The ideal candidate will have the expertise and in-depth knowledge to adopt and develop standards and new techniques for information security (InfoSec), working with internal and external stakeholders to introduce these into operations.

Key responsibilities

  • Delivering the information security framework in line with ECMWF’s policies, industry best practice and associated industry standards;
  • Developing and implementing standards, controls, policies and procedures that will form ECMWF’s information security governance architecture;
  • Monitoring and reporting on established information security controls;
  • Cooperating with information security representatives in all departments and at all levels of the organisation;
  • Coordinating regular meetings with information security experts of ECMWF’s Member and Co-operating States;
  • Implementing regular information security audits together with independent external auditors;
  • Coordinating IT investigations, security incident response, digital forensics and electronic discovery;
  • Undertaking operational risk assessments to cover changes in the environment;
  • Providing technical advice and policy knowledge in the area of information security;
  • Recommending solutions to improve IT infrastructure security;
  • Increasing awareness of information security within ECMWF, including training and communication;
  • Representing the organisation in conferences and working groups, when required.

5. Personal attributes

  • Excellent interpersonal and communication skills;
  • Strong analytical and problem-solving skills, with a proactive approach;
  • Self-motivated, and able to work with minimal supervision;
  • Dedication and enthusiasm to work in a team;
  • Ability to work efficiently and complete diverse tasks in a timely manner.

6. Qualifications and experience required

Education

  • A university education to degree standard or equivalent industry experience.

Experience

  • Understanding of common security frameworks and legislation, and their impact, e.g. ISO 27001, PCI DSS, DPA;
  • Experience configuring and administering network security technologies including, but not limited to, firewalls, VPNs, intrusion detection/prevention systems, email and web filters, logging and monitoring platforms, and network admission control;
  • Experience with endpoint security technologies including, but not limited to, anti-virus, host-based intrusion detection, posture checking, and local security policies;
  • Experience of providing hands-on support of ISO 27001 to implement policies into specific, monitored, measurable controls would be an advantage;
  • Experience of working in an international environment would be an advantage;
  • Experience of endpoint and network forensics, and incident response;
  • Experience with vulnerability scanning or penetration testing methodologies and practices.

Knowledge and skills (including language)

  • A recognised professional InfoSec certification such as CISSP, CEH, or GIAC GCIH;
  • Understanding of threat intelligence gathering and associated processes to inform digital security awareness;
  • Comfortable working with commercial and open source technologies;
  • Working knowledge of Microsoft and *nix operating systems, and their configuration to support security controls;
  • Understanding of tools to support monitoring and incident investigation (e.g. tcpdump, netflow);
  • Candidates must be able to work effectively in English and interviews will be conducted in English;
  • A good knowledge of one of the Centre’s other working languages (French or German) would be an advantage.

7. Other information

Grade remuneration

The successful candidate will be recruited at the A2 grade, according to the scales of the Co-ordinated Organisations and the annual basic salary will be £55,488 net of tax. This position is assigned to the employment category STF-C as defined in the Staff Regulations.
Full details of salary scales and allowances are available on the ECMWF website at www.ecmwf.int/en/about/jobs, including the Centre’s Staff Regulations regarding the terms and conditions of employment.
Starting date: 1 July 2016 or as soon as possible thereafter.
Length of contract: Four years, with the possibility of a further contract.
Location: The position will be based in the Reading area, in Berkshire, United Kingdom.

8. How to apply

Please apply by completing the online application form available at www.ecmwf.int/en/about/jobs.
ECMWF has an Equal Opportunities Policy and applications from all suitably qualified candidates are welcome.
Staff are usually recruited from among nationals of the Member States and Co-operating States.
Staff from non-ECMWF States may be considered in exceptional cases where there is a strong need for a particular competency.
The ECMWF Member States are Austria, Belgium, Croatia, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, the Netherlands, Norway, Portugal, Serbia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
The ECMWF Co-operating States are Bulgaria, Czech Republic, Estonia, former Yugoslav Republic of Macedonia, Hungary, Israel, Latvia, Lithuania, Montenegro, Morocco, Romania and Slovakia.