Information Security Operations Officer
JOB DETAIL
Grade: P2
Vacancy no.: RAPS/2/2024/INFOTEC/02
Publication date: 6th May 2024
Application deadline (midnight Geneva time): 6th June 2024
Job ID: 11945
Department: INFOTEC
Organization Unit: TMS
Location: Geneva
Contract type: Fixed Term
The following are eligible to apply:
- ILO Internal candidates in accordance with paragraphs 31 and 32 of Annex I of the ILO Staff Regulations.
- External candidates.
Staff members with at least five years of continuous service with the Office are encouraged to apply.
Applications from candidates who have already separated from ILO service upon retirement or early retirement, will not be considered.
The ILO values diversity among its staff and welcomes applications from qualified female candidates. We also encourage applicants with disabilities. If you are unable to complete our online application form due to a disability, please send an email to ilojobs@ilo.org.
The ILO welcomes applicants with experience in working within ILO constituents (governments, employers’ and business membership organizations, and workers’ organizations).
Applicants from non- or under-represented member States, or from those member States which staffing forecasts indicate will become non- or under-represented in the near future would be particularly welcome. A list of these countries can be found here: ILO Jobs: Non- and under-represented Member States
In addition to the interviews and tests that any candidate may be required to take, successful completion of the ILO Assessment Centre is required for all external candidates and any internal candidate applying to a higher category.
Notwithstanding the general considerations set out in the ILO Staff Regulations, this vacancy announcement is the only authoritative document pertaining to the qualifications required for this position. The minimum required qualifications were determined in view of the specific duties and responsibilities of this position.
The specific language requirements for this position are detailed hereunder. However, candidates applying for the professional category vacancies who have not already successfully completed their probationary period within the ILO and whose mother tongue is not one of the working languages of the Office (English, French and Spanish), shall be required to possess a fully satisfactory working knowledge of at least one of the ILO working languages. If appointed they may be required to acquire a knowledge of a second working language of the Office during their initial years of service.
Introduction
The position is located in the Technology Management Services (TMS) Branch within the Information and Technology Management Department (INFOTEC). INFOTEC provides modern, secure, and reliable IT infrastructure, technologies, applications and services to enable the ILO to effectively use technology to perform its mission.
The position participates in operational aspects of information security across the Organization. This includes day-to-day information security events monitoring, incident management, threat hunting, threat intelligence and vulnerability management. Additionally, the position contributes to the design, implementation, and maintenance of the security platform and tools supporting operational activities.
The incumbent will be a hands-on information security professional working in a small team of internal staff and with external security partners.
The position reports to the Information Security Operations Lead, TMS.
Specific Duties
1. Assist with information security operations, including assessment, categorization, triage and escalation, according to the established procedures and in collaboration with the internal security operations team and the SOC (Security Operations Center).
2. Participate in Information Security Incident Response. Provide detection, threat hunting and incident analysis; support containment, eradication and recovery stage; provide input to post-mortem documentation and lessons learned.
3. Support Threat and Vulnerability management. Ensure IT systems, platforms and web applications assets are discovered and regularly scanned. Analyse and triage scan results. Review findings and suggest solutions to the supervisor. Provide support to the system owners, in the remediation process.
4. Contribute to big data analysis and reporting capabilities to collect, analyse logs, metrics, and events from multiple sources. Assist the supervisor in the creation of alerts and reports on potential risks and compliance breaches.
5. Assist with the hardening and baselining of assets, continuously monitor deviation from industry-standard security baselines such as those from the Centre for Internet Security (CIS) or Security Technical Implementation Guidelines (STIG). Provide input to implementation options using Group policies, Intune, Azure or Configuration Manager.
6. Routinely monitor and contribute to the analysis of the global threat landscape. Support risk identification and mitigation efforts. Assist in developing analytics and alerting capacity when applicable.
7. Closely monitor technology developments, assist in identifying opportunities and making suggestions for future evolutions.
8. Provide information security guidance to ILO departments and field offices on security standards and best practices. Provide input to guidelines and standards in collaboration with other INFOTEC units.
9. Perform other relevant duties as assigned.
Required qualifications
Education
First-level university degree (Bachelor’s or equivalent) in computer science, electronics or other closely related field.
One or more industry-recognized certifications covering IT security such as CISSP, SSCP, Associate of (ISC)2, Security+, eJPT, BLT1, GCIH, TryHackMe SOC1, Microsoft Certified Security Operations Analyst Associate, any relevant SANS certifications, or equivalent.
Experience
At least three years of professional experience in the field of information technology, including at least two years in information security and cybersecurity.
Languages
Excellent command of one working language (English, French, Spanish) of the Organization and a working knowledge of a second working language of the Organization. One of these languages must be English.
Competencies
In addition to the ILO core competencies, this position requires:
Technical competencies
– Proficiency in using SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), NDR (Network Detection and Response).
– Working knowledge of the cybersecurity kill chain and the MITRE frameworks.
– Good knowledge of Vulnerability management and OWASP Top 10, especially Web Application scanning and OS/Platform scanning, preferably with Qualys. Practical knowledge of offensive techniques and tools to validate and triage findings.
– Working knowledge of Threat hunting, log parsing and log analysis, detection rules using query and scripting languages: KQL, Python, PowerShell.
– Ability to communicate effectively with technical and non-technical people at different levels of the organization.
Behavioural Competencies
– Ability to work on own initiative as well as a member of a team.
– Strong communication, interpersonal and presentation skills.
– Ability to balance and prioritize work.
– Good analytical skills.
– Ability to work effectively in a multicultural environment and to demonstrate gender-responsive, non-discriminatory and inclusive behaviour and attitudes.
Conditions of employment
- Any appointment/extension of appointment is subject to ILO Staff Regulations and other relevant internal rules. Any offer of employment with the ILO is conditional upon certification by the ILO Medical Adviser that the person concerned is medically fit to perform the specific inherent requirements of the position offered. In order to confirm an offer from the ILO the successful candidate will be required to undergo a medical examination.
- The first contract will be issued for a twenty-four month period.
- A successful external candidate will be on probation for the first two years of assignment.
- Any extension of contract beyond the probation period is subject to satisfactory conduct and performance.
For more information on conditions of employment, please visit the ILO Jobs International Recruitment page.
Important Information
Any officials of the General Service category interested in applying to this position are hereby informed that, if selected, they will be offered the salary and allowances applicable to the grade of the position applied for, which may result in substantial changes in their take-home remuneration. In accordance with Article 3.4 of the Staff Regulations, the salary of an official, upon promotion, shall in no case be greater than the maximum salary of the grade to which he or she was promoted. For any questions or clarifications, please contact your HR partner at hrpartner@ilo.org
Recruitment process
Please note that all candidates must complete an on-line application form. To apply, please visit the ILO Jobs website. The system provides instructions for online application procedures.
Evaluation (which may include one or several written tests and a pre-interview competency-based assessment centre) and the interviews will tentatively take place during the 3 to 4 months following the application deadline. Candidates are requested to ensure their availability should they be short listed for further consideration.
Depending on the location and availability of candidates, assessors and interview panel members, the ILO may use communication technologies such as Skype, Video or teleconference, e-mail, etc. for the assessment and evaluation of candidates at the different stages of the recruitment process, including assessment centres, technical tests or interviews.
The ILO has zero tolerance for acts of sexual exploitation and abuse (SEA) and is determined to ensure that all staff members and all beneficiaries of ILO assistance do not suffer, directly or indirectly, from sexual exploitation and abuse.
To ensure that individuals with a substantiated history of SEA, sexual harassment or other types of abusive conduct are not hired by the Organisation, the ILO may conduct a background verification of candidates under consideration.
Fraud warning
The ILO does not charge any fee at any stage of the recruitment process whether at the application, interview, processing or training stage. Messages originating from a non ILO e-mail account – @ilo.org – should be disregarded. In addition, the ILO does not require or need to know any information relating to the bank account details of applicants.
