Job Description

Your responsibilities

CERN runs a plethora of on-site and cloud-based IT services including MS Azure and Google Workspace cloud services as well as local control systems. Based on standard IT technologies but also on in-house developments, these IT services require a permanent adaptation of their security stance commensurate with CERN's risk appetite. The CERN Computer Security Team is mandated to protect the operations and reputation of the Organization, including those IT services, against any kind of cyber-threat.

As a successful candidate you will take an active role in reviewing and improving the security of those IT services:

• Reviewing autonomously or inside a team newly developed or purchased IT services as well as those subject to essential changes with regards to security principles (like the CISv8 standard);
• Providing consultancy and suggestions on furtherly improving the security posture of said IT services;
• Maintaining a CERN-wide review plan and register for "security" as well as CERN's risk-register linked to "security"-related risks.

Furthermore, we offer you the possibility to delve into pure security operations, running separately your own security project(s), and contributing to incident handling in the CERN CSIRT.

Your profile

Skills and/or knowledge

• Excellent knowledge of best practices in the field of "computer security", of secure software development and integration of IT security (features);
• Proven experience in performing security reviews following industrial standards (ideally CIS, but also ISO 27k or similar);
• Good knowledge of the Linux/UNIX operating system, network design, communication technologies and protocols, virtualization, databases, and in particular of shell scripting and programming (Python, and/or C). Other languages or technologies would be a plus;
• Experience in securing either or both MS Azure and Google Workspace cloud services;
• Proven expertise in automatic and manual vulnerability scanning and penetration testing (using tools like Nessus, Burpsuite, Metasploit), red/blue teaming, or similar.

Eligibility criteria:

• You are a national of a CERN Member or Associate Member State.
• You have a professional background in IT (or a related field) and have either:
  • a Master's degree with 2 to 6 years of post-graduation professional experience;
  • or a PhD with no more than 3 years of post-graduation professional experience.
• You have never had a CERN fellow or graduate contract before.

Additional Information

Job closing date: July 3 at 23:59 PM CEST.

Job reference: IT-GOV-CSO-2024-117-GRAP

Contract duration: 24 months, with a possible extension up to 36 months maximum.

Target start date: 01-September-2024

What we offer

• A monthly stipend ranging between 6212 and 6828 Swiss Francs per month (net of tax).
• Coverage by CERN's comprehensive health scheme (for yourself, your spouse and children), and membership of the CERN Pension Fund.
• Depending on your individual circumstances: installation grant; family, child and infant allowances; payment of travel expenses at the beginning and end of contract.
• 30 days of paid leave per year.
• On-the-job and formal training at CERN as well as in-house language courses for English and/or French.

About us

At CERN, the European Organization for Nuclear Research, physicists and engineers are probing the fundamental structure of the universe. Using the world's largest and most complex scientific instruments, they study the basic constituents of matter - fundamental particles that are made to collide together at close to the speed of light. The process gives physicists clues about how particles interact, and provides insights into the fundamental laws of nature. Find out more on http://home.cern.

We are on a Quest. A Journey into discovery like no other. Bring your expertise to our unique work and develop your knowledge and skills at pace. Join world-class subject matter experts on unique projects, in a Quest for greater knowledge and deeper understanding.

Begin your CERN Quest. Take Part!

 

Diversity has been an integral part of CERN's mission since its foundation and is an established value of the Organization. Employing a diverse workforce is central to our success.