Information Security Operations Officer

Grade: P2 

Vacancy no.:  RAPS/2/2024/INFOTEC/02
Publication date: 6th May 2024
Application deadline (midnight Geneva time):   6th June 2024

Job ID: 11945 
Department: INFOTEC 
Organization Unit: TMS 
Location: Geneva
Contract type: Fixed Term 

The following are eligible to apply:

ILO Internal candidates in accordance with paragraphs 31 and 32 of Annex I of the ILO Staff Regulations. External candidates.

Staff members with at least five years of continuous service with the Office are encouraged to apply.

Applications from candidates who have already separated from ILO service upon retirement or early retirement, will not be considered.

The ILO welcomes applicants with experience in working within ILO constituents (governments, employers’ and business membership organizations, and workers’ organizations).

Applicants from non- or under-represented member States, or from those member States which staffing forecasts indicate will become non- or under-represented in the near future would be particularly welcome. A list of these countries can be found here: ILO Jobs: Non- and under-represented Member States

In addition to the interviews and tests that any candidate may be required to take, successful completion of the ILO Assessment Centre is required for all external candidates and any internal candidate applying to a higher category.

Notwithstanding the general considerations set out in the ILO Staff Regulations, this vacancy announcement is the only authoritative document pertaining to the qualifications required for this position. The minimum required qualifications were determined in view of the specific duties and responsibilities of this position.

The specific language requirements for this position are detailed hereunder. However, candidates applying for the professional category vacancies who have not already successfully completed their probationary period within the ILO and whose mother tongue is not one of the working languages of the Office (English, French and Spanish), shall be required to possess a fully satisfactory working knowledge of at least one of the ILO working languages. If appointed they may be required to acquire a knowledge of a second working language of the Office during their initial years of service.

Introduction

The position is located in the Technology Management Services (TMS) Branch within the Information and Technology Management Department (INFOTEC). INFOTEC provides modern, secure, and reliable IT infrastructure, technologies, applications and services to enable the ILO to effectively use technology to perform its mission.
The position participates in operational aspects of information security across the Organization. This includes day-to-day information security events monitoring, incident management, threat hunting, threat intelligence and vulnerability management. Additionally, the position contributes to the design, implementation, and maintenance of the security platform and tools supporting operational activities.
The incumbent will be a hands-on information security professional working in a small team of internal staff and with external security partners. 
The position reports to the Information Security Operations Lead, TMS. 

Specific Duties

1. Assist with information security operations, including assessment, categorization, triage and escalation, according to the established procedures and in collaboration with the internal security operations team and the SOC (Security Operations Center).
2. Participate in Information Security Incident Response. Provide detection, threat hunting and incident analysis; support containment, eradication and recovery stage; provide input to post-mortem documentation and lessons learned.
3. Support Threat and Vulnerability management. Ensure IT systems, platforms and web applications assets are discovered and regularly scanned. Analyse and triage scan results. Review findings and suggest solutions to the supervisor. Provide support to the system owners, in the remediation process.
4. Contribute to big data analysis and reporting capabilities to collect, analyse logs, metrics, and events from multiple sources. Assist the supervisor in the creation of alerts and reports on potential risks and compliance breaches.
5. Assist with the hardening and baselining of assets, continuously monitor deviation from industry-standard security baselines such as those from the Centre for Internet Security (CIS) or Security Technical Implementation Guidelines (STIG). Provide input to implementation options using Group policies, Intune, Azure or Configuration Manager.
6. Routinely monitor and contribute to the analysis of the global threat landscape. Support risk identification and mitigation efforts. Assist in developing analytics and alerting capacity when applicable. 
7. Closely monitor technology developments, assist in identifying opportunities and making suggestions for future evolutions.
8. Provide information security guidance to ILO departments and field offices on security standards and best practices. Provide input to guidelines and standards in collaboration with other INFOTEC units.
9. Perform other relevant duties as assigned.

Required qualifications

Education

First-level university degree (Bachelor’s or equivalent) in computer science, electronics or other closely related field.
One or more industry-recognized certifications covering IT security such as CISSP, SSCP, Associate of (ISC)2, Security+, eJPT, BLT1, GCIH, TryHackMe SOC1, Microsoft Certified Security Operations Analyst Associate, any relevant SANS certifications, or equivalent.

Experience

At least three years of professional experience in the field of information technology, including at least two years in information security and cybersecurity.

Languages

Excellent command of one working language (English, French, Spanish) of the Organization and a working knowledge of a second working language of the Organization. One of these languages must be English.

Competencies

In addition to the ILO core competencies, this position requires:

Technical competencies
- Proficiency in using SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), NDR (Network Detection and Response).
- Working knowledge of the cybersecurity kill chain and the MITRE frameworks. 
- Good knowledge of Vulnerability management and OWASP Top 10, especially Web Application scanning and OS/Platform scanning, preferably with Qualys. Practical knowledge of offensive techniques and tools to validate and triage findings.
- Working knowledge of Threat hunting, log parsing and log analysis, detection rules using query and scripting languages: KQL, Python, PowerShell.
- Ability to communicate effectively with technical and non-technical people at different levels of the organization.

Behavioural Competencies
- Ability to work on own initiative as well as a member of a team.
- Strong communication, interpersonal and presentation skills.
- Ability to balance and prioritize work.
- Good analytical skills.
- Ability to work effectively in a multicultural environment and to demonstrate gender-responsive, non-discriminatory and inclusive behaviour and attitudes. 

Conditions of employment

Any appointment/extension of appointment is subject to ILO Staff Regulations and other relevant internal rules. Any offer of employment with the ILO is conditional upon certification by the ILO Medical Adviser that the person concerned is medically fit to perform the specific inherent requirements of the position offered. In order to confirm an offer from the ILO the successful candidate will be required to undergo a medical examination. The first contract will be issued for a twenty-four month period. A successful external candidate will be on probation for the first two years of assignment. Any extension of contract beyond the probation period is subject to satisfactory conduct and performance.

For more information on conditions of employment, please visit the ILO Jobs International Recruitment page.

Important Information

Recruitment process

---