International Committee of the Red Cross (ICRC)
Job
Opportunity: Cyber
Security Engineer
The
International Committee of the Red Cross (ICRC) is an impartial, neutral and
independent organisation with the exclusively humanitarian mission to protect
the lives and dignity of victims of war and other forms of violence and provide
them with assistance.
It
also endeavours to prevent suffering by promoting and strengthening
International Humanitarian Law and universal humanitarian principles.
The
ICRC’s Regional Delegation in Nairobi is a hub that co-ordinates the
institution’s humanitarian activities in Kenya, Tanzania and Djibouti and hosts
the organizations’ regional logistics, technical and training support units
serving the Horn and Great Lakes Region.
OVERALL
RESPONSIBILITY
ICRC Nairobi Regional Delegation is seeking to appoint a talented and experienced Cyber Security Engineer, reporting to the Chief Information Security Officer (CISO), based in HQ, Geneva and to the Head of ICT Region based in Nairobi.
The
ICRC provides technology services to more than 15,000 employees globally,
external partners and our beneficiaries. Protecting our digital operations from
cyber-attacks is a core element of the institutional cyber security strategy.
As
Cyber Security Engineer, you will play a key role to support the mission of
managing the security of the ICRC information systems in AFRICA Region,
according to institutional expectations and work closely with other
cybersecurity experts and diverse teams of IT professionals worldwide. In
addition, contribute to the overall delivery of the institutional cyber
security strategy with knowledge, experience, technical expertise and
situational awareness over the broad range of the cyber security domains.
We
look forward to hearing from you to help support our humanitarian action
worldwide.
TASKS
AND RESPONSIBILITIES
Support
the Security Operation Center coordinator and CISO function in the delivery of
the overall ICRC cyber security strategy.
Cyber
security incident response:
· Provide
cyber security incident handling assistance to ICRC constituents and support
teams
· Disseminate
incident-related information to constituents and concerned parties via the
given process, tooling and communication channels
· Appropriately
preserve evidence from impacted computing environments
· Ensure
containment, eradication and recovery tasks are appropriately performed
· Escalate
unresolved, persistent or repetitive cases to SOC Coordinator
Vulnerabilities
management:
· Support
operation of the global vulnerability management process
· Coordinate
remediation activities
· Validate
and verify remediation activities
· Escalate
unresolved, persistent or repetitive vulnerabilities to SOC Coordinator
· Technical
support for security local/regional projects, Feasibility Studies, Out of
Catalog requests and other similar initiatives.
· On-Demand
security assessment in delegations.
· Local
support during forensic activities.
· Point
of contact for security questions at the regional level.
· Contribution
to user awareness (communities/newsletter, cyber security events, etc.).
· Security
dashboard follow-up and reporting.
· Enforcement
(compliance with ICT security policies).
MINIMUM
REQUIREMENTS AND COMPETENCIES
· A
University degree in Computer Science, Engineering or related field (with major
in security is an asset),
· Minimum
4 years of relevant professional experience related to enterprise IT security
operations,
Certification relevant to computer network defence such as SANS GIAC, CEH,
Security+ and/or Offensive Security is an asset;
· Ability
to manage workflows within dedicated case management and common service
management tooling.
· Working
knowledge with common desktop,server and mobile OS, container technology,
databases and network administration/management.
· Working
knowledge of OSI network stack including major IPv4/IPv6 protocols using
TCP/UDP including SMTP, HTTP, DNS, SNMP, LDAP etc.
· Familiarity
with core FOSS tools (e.g.: tcpdump, Wireshark) is an asset.
· Basic
knowledge of core crypto solutions including AES, RSA, DH, SHA, Kerberos,
NTLMv2, TLS, OpenSSL.
· Basic
knowledge of enterprise security architecture and engineering, security
frameworks (NIST, ISO, ENISA, etc.) and digital forensics.
· Solid
sense of integrity, limits and understanding of the overall SOC organisation
and wider mission.
· Ability
to work in English (written and spoken). French and/or Spanish is an asset.
· Experience
in technical security assessment.
APPLICATION
The
interested candidates should fill up a form by clicking the link below on or
before 16th February 2023 at 4:30 pm then submit their CV, motivation letter,
including references details, supporting documents (Certificates, Diplomas,
Degree etc) and current and expected remuneration to ICRC Nairobi Delegation,
HR Department via the email address provided below:
– Application Link
– Email: nai_hrrec_services@icrc.org
The
reference Cyber Security Engineer must be stated in the application to be
valid. If you do not fill out the required information as per the link provided
or clearly state the position for which you are applying and attach the
required certificates & other supporting documents, your application may
not be considered. Only shortlisted candidates will be contacted.
Applicants
must have the permanent right to work in Kenya.
ICRC
does not charge a fee at any stage of the recruitment process. All applications
are free for all candidates and no one should require any payment or
compensation during the recruitment process. May the candidate be asked for any
fee, he/she must report to ICRC HR Department through the recruitment contact.
ICRC
is committed to diversity and welcomes applications from qualified candidates
regardless of disability, gender identity, marital or civil partnership status,
race, colour or ethnic and national origins, religion or belief, or sexual
orientation.
In
processing your personal data for recruitment purposes, we follow the
information notice as explained HERE.
