Work for the IMF. Work for the World.
The Information Technology Department (ITD) of the International Monetary Fund (IMF) is seeking to fill a position for a Security Ops Analyst ( Cybersecurity Ops Center). Under the general supervision of the Advanced Threat Protection/Security Operations Center Lead, the Security Ops Analyst ( Cybersecurity Ops Center) is a hands-on engineer responsible for monitoring, detecting, assisting with sensitive investigations, and responding to security incidents, threats, and vulnerabilities in real-time. S/he will collaborate with cross-functional teams and external entities to develop and implement security measures, investigate security events, facilitate eDiscovery, and provide proactive incident response services. The ideal candidate should have a strong technical background, excellent analytical and problem-solving skills, and a deep understanding of information security principles and technologies.
A key objective of this role would be to lower the IMF’s information risk profile, by proactively preventing and responding to common and advanced cyber threats.
Minimum Qualifications:
Educational development, typically acquired through the completion of an advanced university degree in Information Security, Computer Science, Information Technology, or related field from an accredited university plus a minimum of 4 years of progressive security operations work experience in regulated industries; or, Bachelor’s degree from an accredited university plus a minimum of 10 years of progressive security operations work experience in regulated industries.
- At least 2 of the following certifications: CISSP, GCIH, GDAT, GREM, GSOC, CEH, GCIA, Azure AZ-500.
- Experience working in a global Security Operations Center (SOC) environment, preferably in a senior or Tier 2/3 role with responsibility to manage the work of analysts and MSSPs.
- Security engineering and operations experience in hybrid cloud environments (Azure, AWS, GCP).
- Deep understanding of threat management, security incident response protocols, threat intelligence and vulnerability management principles, technologies and best practices.
- Experience with forensic techniques and toolsets; most major host operating systems and file system types; analysis of many different types of security logs; command line interfaces and scripting tools (powershell, grep, awk, sed, etc.); programming languages (python, perl, etc.); and/or data interchange formats (e.g. JSON)
- Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, NDR, Network Packet Analysis, XDR)
- Demonstrated experience with utilizing SIEM such as LogRhythm, Sentinel, Splunk and implementing advanced log management and automation solutions.
- Excellent analytical and problem-solving skills, with the ability to think critically and make decisions under pressure.
- Proactive mindset, with a keen interest in staying abreast of emerging cybersecurity threats and technologies.
Major Duties and Responsibilities:
- Implements security monitoring and detection mechanisms deriving from actionable threat intelligence continually identifying and integrating useful logs and from relevant sources in hybrid environments.
- Leads the investigation, analysis, and resolution of complex security incidents, applying advanced forensic techniques, tools, and methodologies. Conducts in-depth forensic analysis and reverse engineering of malware to identify its origin, capabilities, and impact.
- In close coordination with the threat intelligence analyst, collects, integrates, analyzes, and disseminates actionable intelligence on threat actors, tactics, techniques, and procedures (TTPs), and indicators of compromise (IOCs).
- Collaborates with internal teams, including network operations, security platform administrators, system administrators, cloud administrators, and software developers, to ensure the timely resolution of security issues and incidents.
- Implements and continuously matures the SOC service management capability, including change management, incident, and problem management according to established processes and procedures. Optimizes the SOC service delivery processes through automation and elimination of process waste.
- Provides expert level guidance and mentoring to Tier1 and 2 SOC analysts, assisting them in the analysis and resolution of complex security incidents. Under the direction of the SOC lead, implements strategies to ensure continuous training, and long-term retention of analysts.
- Develops, maintains and continually updates incident response plans, playbooks, and procedures, ensuring their alignment with industry best practices and IMF’s policies and standards, and Crisis Management Procedures.
- Participates in security incident response tabletop exercises, and simulations to test the effectiveness of incident response plans and follow up on lessons learned and actions.
- Supports authorized eDiscovery and investigation requests in strict compliance with agreed procedures and playbooks ensuring chain of custody, documentation and strict confidentiality.
- Manages the work of managed security service providers ensuring periodic performance reviews focusing on compliance and continuous improvement.
- Continuously identifies opportunities for process improvement and automation to enhance the efficiency and effectiveness of security operations.
This vacancy shall be filled by a 3-year Term appointment in accordance with the Fund’s new employment rules that took effect on May 1, 2015.
Department:
ITDSG Information Technology Department Information Security & Governance
Hiring For:
A11, A12
The IMF is committed to achieving a diverse staff, including age, creed, culture, disability, educational background, ethnicity, gender, gender expression, nationality, race, religion and beliefs, and sexual orientation. We welcome requests for reasonable accommodations for disabilities during the selection process.
