Field Cyber Security Engineer

What we do

The International Committee of the Red Cross (ICRC) works worldwide to provide humanitarian assistance to people affected by conflict and armed violence. We take action in response to emergencies and at the same time promote respect for international humanitarian law. We are an independent and neutral organization, and our mandate stems essentially from the Geneva Conventions of 1949. We work closely with National Red Cross and Red Crescent Societies and with their International Federation in order to ensure a concerted, rational and rapid humanitarian response to the needs of the victims of armed conflict or any other situation of internal violence. We direct and coordinate the international activities conducted in these situations.

Purpose of the post 

The ICRC provides technology services to more than 15,000 employees globally, external partners and our beneficiaries. Protecting our digital operations from cyber-attacks is a core element of the institutional cyber security strategy.

Based in Belgrade and reporting directly to the Head of ICT region and functionally to the Chief Information Security Officer (CISO, based in HQ Geneva), the Field Cyber Security Engineer plays a key role to support the mission of managing the security of the ICRC information systems at his regional level, according to institutional expectations.

Working closely with all the cyber security team, the Field Cyber Security Engineer provides active support in the following domains:

• Operations managed by the Cyber Security Operations Center (SOC) in Belgrade, notably activities related to Vulnerability Management and Incident Response.
• Compliance with policies and standards for managing the security of the ICRC information systems as defined by the CISO and his team in Geneva.
• Awareness and training for regional ICT resources.

The Field Cyber Security Expert contributes to the overall delivery of the institutional cyber security strategy with knowledge, experience, technical expertise, and situational awareness over the broad range of the cyber security domains. 

Main duties and responsibilities

• Support the SOC coordinator and CISO function in the delivery of the overall ICRC cyber security strategy
• Cyber security incident response
• Provide cyber security incident handling assistance to ICRC constituents and support teams
• Disseminate incident-related information to constituents and concerned parties via the given process, tooling and communication channels
• Appropriately preserve evidence from impacted computing environments
• Ensure containment, eradication and recovery tasks are appropriately performed
• Escalate unresolved, persistent or repetitive cases to SOC Coordinator
•  Vulnerabilities management
• Support the operation of the global vulnerability management process
• Coordinate remediation activities
• Validate and verify remediation activities
• Escalate unresolved, persistent or repetitive vulnerabilities to SOC Coordinator
• Technical support for security local/regional projects, Feasibility Studies, Out of Catalog requests and other similar initiatives
• On Demand security assessment in delegations
• Local support during forensic activities
• Point of contact for security questions at the regional level
• Contribution to user awareness (communities/newsletter, cyber security events, etc.)
• Security dashboard follow-up and reporting
• Enforcement (compliance with ICT security policies)

Education & professional experience

• A University degree in Computer Science, Engineering, or a related field (with a major in security is an asset)
• At least 2 years of relevant professional experience related to enterprise IT operations
• Certification relevant to computer network defense such as SANS GIAC, CEH, Security+ and/or Offensive Security is an asset
• Problem-solving and time management are essential 
• Ability to work in English (written and spoken). French and/or Spanish is an asset.
• Functional competencies and skills 
• Solid sense of integrity, limits and understanding of the overall SOC organization and wider mission
• Ability to manage workflows within dedicated case management and common service management tooling
• Working knowledge with common desktop and server OS, container technology, databases, and network administration/management
• Working knowledge of OSI network stack including major IPv4/IPv6 protocols using TCP/UDP including SMTP, HTTP, DNS, SNMP, LDAP etc.
• Fluency in 1 or more scripting languages. Python and/or Powershell/Powershell Core is an asset
• Familiarity with core FOSS tools (e.g.: tcpdump, Wireshark)
• Basic knowledge of core crypto solutions including AES, RSA, DH, SHA, Kerberos, NTLMv2, TLS, OpenSSL
• Basic knowledge of enterprise security architecture and engineering
• Basic knowledge of security frameworks (NIST, ISO, ENISA, etc.)
• Basic knowledge of digital forensics
• Experience in technical security assessment is an asset 
• Ability to work in an international & multicultural environment

Our offer

• Rewarding work in a humanitarian and multicultural environment 
• A two-week orientation course and other opportunities for further in-house training
• Competitive employment package with attractive social benefits
• Type of contract: full-time local contract based in Belgrade, Serbia. 

How to join

Please send your resume and a motivation letter.

Only national candidates or foreigners with valid working permit for Serbia will be considered.

Only shortlisted candidates will be contacted

We welcome applications from all qualified candidates. The ICRC values diversity and is committed to creating an inclusive working environment.