Consultant - Infrastructure Security Engineer (SSU), Vienna, Austria

Organization: International Atomic Energy Agency (IAEA)

Country: Austria

City: Vienna, Austria

Office: IAEA Vienna, Austria

Closing date: Tuesday, 27 April 2021


Infrastructure Security Engineer (SSU)

( TAL-MTIT20210413-001 )

Organization: MTIT-Security Systems Unit

Primary Location: Austria-Vienna-Vienna-IAEA Headquarters

Job Posting: 2021-04-13, 12:44:36 PM

Contract Type : Special Service Agreement


Organizational Setting

The Department of Management (MT) provides a ‚platform of services‘ that serves as a foundation for the successful delivery of the IAEA’s scientific and technical programmes. Its mission statement is as follows: "MT is a partner and a business enabler that champions change and efficiency, leveraging a common purpose". Thus, among other support activities, it assists a scientific manager in recruiting the right expert, helps a technical officer coordinate the purchase of radiation equipment, and ensures that all Board documents are translated and distributed on a timely basis to Member States.

The Division of Information Technology provides support to the IAEA in the field of information and communication technology (ICT), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA’s ICT infrastructure comprises hardware and software platforms, and cloud and externally-hosted services. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices.

The Infrastructure Services Section (ISS) is responsible for implementing, maintaining, and administering the ICT systems and services for high availability; designing, implementing, and operating IT security services; and managing the data centre. The platforms include Microsoft Windows servers, Linux servers, Oracle EBS infrastructure, data storage, and transmission networks, serving more than 2500 staff, as well as over 10000 external users around the world. The Section includes three Units: Network and Telecommunications, Enterprise Systems, and Security Systems.

Main Purpose

The purpose of the consultancy is to provide technical advice and expertise to new and on-going short-term and long-term projects/ activities to hardening the foundation of our computing environment. Under supervision of the IT Security Head, the consultant will be serving as an infrastructure security engineer and will be responsible for the global enterprise network security and all facets that make up a typical enterprise network security environment. The consultant will ensure implementations, operational maintenance, and provide technical expertise for various security technologies as typical of an enterprise global environment.

Functions / Key Results Expected

Network Intrusion Prevention Administration: 50%

Provide advice to ensure the effectiveness and evolution of infrastructure security controls applied to virtual private networks, cloud environment, on prem data centres, web protocols, and custom applications.

Provide technical security planning, implementation, configuration, support and troubleshooting services on security technologies.

Maintain the existing infrastructure security controls assuring high availability, redundancy, and resilience.

Conduct routine log review of network information security events, investigating and escalating to incident responders as necessary.

Provide periodic, informal knowledge transfer to other group members and to designated employees covering the management, normal operation, and maintenance of the network infrastructure security.

Apply patches and firmware upgrades on a regular basis, and upgrade administrative tools and utilities.

Design & Improvements: 30%

Improve the existing security hardening to achieve high resilience and security.

Development and maintenance of new features for IPS/IDS bring-up and automation.

Optimize, implement, and assist in monitoring of network security performance across the technology stack.

Documentation: 20%

Develop and improve Standard Operating Procedures (SOPs) for operational efficiency.

Draft and maintain network diagrams, build books, and technical "cheat sheets".

Create and provide regular reports to the senior management pertaining to effectiveness of network security controls

Qualifications and Experience

University degree in computer science or other related fields, combined with minimum of 5 years of relevant IT experience out of which at least 3 years‘ experience designing, supporting, and delivering security solutions across complex, international environments.

Experience in configuration and administration of Palo Alto security features such as Panorama, security policies, WildFire, URL filtering, APP-ID, User-ID, Threat prevention, Site-site VPN, Global protect and SSL decryption.

Knowledge of SNMP, Syslog, AAA, IP Super/sub netting, DHCP, NTP, QOS, and NetFlow as they relate to security enhancement and diagnostics.

Hand on experience in design, configuration, migrations, tuning and customization of network threat prevention controls.

Knowledge in virtualization, networking, and cloud environments.

Ability to convey complex technical IT infrastructure or IT security concepts to technical and non-technical audiences, including executives.

Good oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.


The remuneration for this consultancy is a daily fee of up to a maximum of 340, based on qualifications and experience. In case duty travel is required within the assignment, a daily subsistence allowance (DSA) and travel costs are provided. Health coverage and pension fund are the responsibility of the incumbent.

Link to the organization’s job offer: