Like any other organization, university or company, CERN is facing a permanent threat from different kinds of cyber-attacks putting its office computers, computer centres as well as accelerators and experiments at risk. Proactive detection of such attacks based on intelligence from many different sources and the monitoring of a vast sphere of computer centre nodes, network traffic and storage systems has become key to avert any abuse of CERN's computing resources.
You will join:
The CERN Computer Security Team (https://cern.ch/security), which is mandated to secure and protect all aspects of the computing infrastructure of CERN as well as its operations and reputation against any kind of cyber-threats, and take over an active role in managing, maintaining, and improving CERN's Security Operations Centre (SOC).
More information on the IT Department is at: http://cern.ch/it.
- As a Computer Security Expert, the successful candidate shall join the CERN Computer Security Team and take over full responsibility for the further development and extension of the CERN Security Operations Centre (SOC). This SOC receives and stores a flat data stream topping a few terabytes per day, performs automatic real-time comparison with indicators of compromise, and provides long-term storage for future forensics as well as thorough data enrichment for incident response. It also manages and shares threat intelligence with our partners. Your responsibility includes continuing to improve the SOC currently running on CERN's IT department's central computing facilities (e.g. Elastic Search, HDFS, Kafka, Flume, Puppet, CentOS, etc.), adding further sources of security-relevant data, and programming interfaces automatically informing end-users of potential security problems.
- In parallel, you shall contribute and manage a series of computer security projects (e.g. Windows computing, firewall appliances, SPAM & malware filtering, control system & IoT security, storage of secrets) relevant for a better protection of the Organization as well as providing advice and consultancy in matters of computer security.
- Furthermore, you will also participate in the CERN CERT (Computer Emergency Response Team) and autonomously and independently handle computer security incidents as well as provide forensics capabilities within CERN but also happening at remote sites associated with the so-called Worldwide LHC computing grid, the high-energy physics community, or collaborating institutes and universities.
- The successful candidate should come with proven expertise both on security operations (DFIR, threat intel) and security infrastructures design (SOC, EDR, big data solutions) as well as experience on computer, network or software security, and, preferably, as computer system administrator. Strong communication, presentation and collaboration-building skills are essential.
- Design of networks: as well as knowledge of communication technologies and protocols.
- Administration of computing systems: as well as installation, operation and maintenance (preventive and corrective) of computing systems. In particular, excellent knowledge of the Linux/UNIX operating system, virtualization, databases and in particular of shell scripting and programming (Python, and/or C); other languages or technologies would be a plus.
- Knowledge of best practices for developing secure software: and of, development and integration of IT security (features).
- Monitoring and responding to security threats and incidents for ICT systems.