Curious? Please click here to learn more about working at SIB.
SIB Swiss Institute of Bioinformatics
Type of contract
The Security Engineer establishes, develops, implements and monitors a comprehensive information security management system and performs IT risk management.
- Perform security risk assessment, threat modeling, and handle practical aspects of information security topics, including but not limited to:
- perform security scans and reviews of the different SIB-managed networks and systems;
- implement regular penetration tests on BioMedIT infrastructures and SIB systems;
- Manage and monitor network security aspects, firewall configurations and user activities;
- assist software developers to apply secure programming methods.
- Maintain and improve SIB’s global security strategy. Contribute to strategic SIB security policies, procedures, guidelines, and standards, disseminate them and oversee their implementations.
- Actively collaborate with IT security specialists in the SPHN/BioMedIT network:
- contribute to coordinated practical tests (e.g. penetration testing) and reporting;
- participate in technical working groups defining and implementing common security guidelines.
- Enhance processes to manage security issues and incidents.
- Organize and teach security awareness trainings for the SIB employees and members.
- Assist and advise relevant stakeholders (including partners institutions) on aspects of operational and strategic security issues.
- Degree in information technology, computer science, engineering or equivalent;
- Industry recognized security qualifications such as CISM, CISSP, SABSA, SANS, COBIT, TOGAF or OSCP;
- Sound knowledge and experience of security standards (such as ISO 27001/2 or NIST and OWASP TOP 10) in various contexts (e.g. application operation, software development);
- Demonstrated track record as security professional with 3-5 years of experience in a similar position, preferably in biomedical research, healthcare or other regulated environment;
- In-depth understanding of Linux security-related services (SSH, authentication (2FA), key management, VPNs, SELinux, logging, monitoring, auditing,..);
- Good knowledge of Docker, Operating System hardening, firewalls, IDS/IPS, vulnerability assessment tools;
- Experience in writing security related documentation;
- Experience in code review with respect to security aspects;
- Excellent knowledge of computer networking;
- Experience in data protection regulations (e.g. GDPR, Federal Act of Data Protection) an asset;
- Very good command of English (written and spoken), French or German an asset.