Welcome

You are about to start your application process for:

C-2130-EXPERIENCED SECURITY AUDIT AND CONTROL ENGINEER

C-2130-EXPERIENCED SECURITY AUDIT AND CONTROL ENGINEER

Are you passionate about research? So are we! Come and join us

The Luxembourg Institute of Science and Technology (LIST) is a Research and Technology Organization (RTO) active in the fields of materials, environment and IT. By transforming scientific knowledge into technologies, smart data and tools, LIST empowers citizens in their choices, public authorities in their decisions and businesses in their strategies. 

https://www.list.lu/

You ‘d like to contribute as experienced security audit and control engineer? Join our Information Security team

At LIST, we empower citizens in their choices, public authorities in their decisions and businesses in their strategies.

And most importantly, we empower our employees, nurture our existing talents, and strive to attract new ones! We rely on a culture of transparency, high safety standards, recognition of our employees, and respect for people and decisions, and foster a spirit of entrepreneurship within our organization. Everyone at LIST has a role to play, from our researchers to our support teams, which consist of 150 experts in human resources, finance and administration, IT operations, legal affairs and communication. At LIST’s core is excellence and a passion for impact with the will to excel both nationally and internationally; we are seeking people who identify with these values, enjoy taking on the challenges of our ambitious projects and have a strong collaborative spirit.

Responsibilities

How will you contribute?

As part of our Security Information Service ad under the supervision of the Head of Information Security, you will define, implement and follow the various necessary steps required for security compliance of the management system. You will be required to propose, create and follow security indicators which translate an adapted and pertinent level of security. 

You will manage the technical audit missions (internal/external pen tests, configurations, hardening) of the information systems. Consequently, you will analyze the risks, deviations and malfunctions, as well as make proposals for improvements or correctives actions to put in place. 

Your mission also includes active participation in the implementation and maintenance of the Business Continuity Plan.

Main tasks 

  • Continuous analysis of security indicator needs and security controls 
  • Define and implement relevant KPI and dashboard
  • Participation in security technical audits
  • Definition of Action plans in cooperation with the different actors involved
  • Active contribution to the Business Continuity Plan project
  • Ensuring the collection of appropriate data to evaluate security, including the KPI updates
  • Reporting deviation identified to the appropriate contact persons
  • Implementing remediation action plan
  • Contribution to the implementation and review of security documentation
  • Contribution to the definition and control of the management of access rights
  • Active contribution to the continuous improvement of the LIST Information Security management system life cycle
  • Providing knowledge and expertise on Information Security to all staff members
  • Assessment and analysis of information security risks and threats



must have requirements


As part of our Security Information Service ad under the supervision of the Head of Information Security, you will define, implement and follow the various necessary steps required for security compliance of the management system. You will be required to propose, create and follow security indicators which translate an adapted and pertinent level of security. 

You will manage the technical audit missions (internal/external pen tests, configurations, hardening) of the information systems. Consequently, you will analyze the risks, deviations and malfunctions, as well as make proposals for improvements or correctives actions to put in place. 

Your mission also includes active participation in the implementation and maintenance of the Business Continuity Plan.

Is Your profile described below? Are you our future colleague? Apply now!

You hold an engineer degree or master specialized in security/cybersecurity in IT, with a minimum of 5 years of experience in the field of Information systems.

For this role it’s important you have a very good knowledge of:

  • Audit methodologies of security management systems (ISO27K)
  • Continuity management methodologies (ISO22301)
  • Security risks management and methodologies
  • Access and identity tools and methodologies
  • Good overall knowledge of IS, IT components of IS architectures (multi-tenant environments) and security in the area of software development lifecycle (web and database security) and IT technical areas
  • Certification: ISO27002, CISA or CEH is considered as an asset 
  • Network architecture and protocols TCP/IP, IPV6, WiFi, mobile telephony, ToIP, DNSSec, SD-WAN
  • Authentication servers AD, ADFS, LDAPS, radius, MFA
  • Office 365 security: CASB, AIP, etc.
  • Operating systems (VMWare, Windows 10, Windows Server, Linux, Ubuntu, CentOS, Mac OS)
  • Containers (docker, kubernetes, etc.)
  • System scripting language (Powershell is an asset, bash, python, etc.)
  • Databases (Oracle is an asset, MySQL, SQL)

Additionally, we expect that you have a good knowledge in domains, tools or technical aspects such as :

  • Security software and materials related to web, Cloud and mobile resources like:
  • Firewalls, NDR, WAF, IDS, IPS, NAC, DLP
  • Switches, DNS
  • CASB and security gateways for email and web accessEDR, antivirus, antispam
  • Encryption solutions

You have a proven experience in:

  • SIEM solutions – Splunk is an asset
  • Security, scanning and vulnerability detection tools for IT infrastructures or web applications components
  • Monitoring, supervision and measuring tools and methodologies of SI
  • Log collection and event analysis
  • Communication protocols: http, https, ssl, ftp, ssh, VPNs, etc.


You enjoy working autonomously, you’re organized, accurate and have a methodic approach. You have a high sense of confidentiality and ethic. You are able to take initiatives and able to work transversely, combined with positive customer service attitude, make you the ideal candidate to work within LIST. You can deal with English and French in your working place.


We offer

Your LIST benefits

An organization with a passion for impact and strong RDI partnerships in Luxembourg and Europe that works on responsible and independent research projects; 

Sustainable by design, empowering our belief that we play an essential role in paving the way to a green society;

Innovative infrastructures and exceptional labs occupying more than 5,000 square metres, including innovations such as our Viswall, high-scale incubators and top of the range 3D/4D printings that are part of our toolkit for excelling in all we do;

Multicultural and international work environment with more than 45 nationalities represented in our workforce;  

Diverse and inclusive work environment empowering our people to fulfil their personal and professional ambitions;

Gender-friendly environment with multiple actions to attract, develop and retain women in science; 

32 days’ paid annual leave, 11 public holidays, flexible working hours, 13-month salary, statutory health insurance and access to lunch vouchers; 

Personalized learning programme to foster our staff’s soft and technical skills; 

An environment encouraging curiosity, innovation and entrepreneurship in all areas. 


Your application must include:

  • A motivation letter oriented towards the position and detailing your experience;
  • A detailed CV 


Application procedure and conditions:

  • LIST is an equal opportunity employer and is committed to hiring and retaining diverse personnel. We value all applicants and will consider all competent candidates for employment without regard to national origin, race, colour, gender, sexual orientation, gender identity, marital status, religion, age or disability; 
  • Applications will be reviewed on an ongoing basis until the position is filled; 
  • An assessment committee will review the applications and select candidates based on guidelines that aim to ensure equal opportunities; The main criteria for selection will be the correspondence of the existing skills and expertise of the applicant with the requirements mentioned above.


REQUIREDLANGUAGES

To be considered for this position it is crucial that you have knowledge of the following languages
  • Read C1 Advanced
    Write C1 Advanced
    Speak C1 Advanced

OPTIONAL LANGUAGES

The following languages are optional but are considered a plus.
  • Read B2 Upper intermediate
    Write B2 Upper intermediate
    Speak B2 Upper intermediate
minimum required Education
Required work experience in years
5 or more years
Details
Employment type
Contract type
Hours per week
40
Location
Country
City
Esch-Sur-Alzette

Submit your information

Name *
Gender *
Email *
Phone *
Extra document *
CV *

Drag your file to this area

or press the button below

PDF .pdf
Max file size: Pdf - 5 MB
Other

Drag your file to this area

or press the button below

Text .docx, .doc, .pdf, .odt, .rtf, .txt, .pages
Max file size: Text - 5 MB