Under the overall guidance of the SOC Manager, the Information Security Specialist will be responsible for a broad range of tasks, including (1) defending against cybersecurity incidents, as well as identifying, analysing, communicating, and containing these incidents when they do occur. (2) day-to-day administration of cybersecurity tools and devices, as well as first-level and second-level support for SIEM, and SOAR. (3) Threat and vulnerability assessments and support for vulnerability remediation activities.
Functional Responsibilities:
Information Security Direction and Advice:
Work with the Chief Information Security Officer (CISO) and SOC Manager to develop, plan, and deliver a security program and projects aligned with the strategy and roadmap that address identified risks, and business security requirements.
Monitor and report on compliance with security policies, as well as the enforcement of policies, and control effectiveness across the organization.
Provides input on recommendations to existing policies and procedures to ensure security operation efficiency and regulatory compliance.
Assist resource owners and technology staff in understanding and responding to security audit failures reported by auditors.
Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
Work with the Information Security, IT, and business stakeholders to define metrics and reporting strategies that effectively communicate the successes and progress of the security program.
Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
Manage security projects and provide expert guidance on security matters for other projects.
Capability and Awareness Building
Threat and Vulnerability Management:
Performs threat and vulnerability assessments, followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from vulnerabilities.
Research threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
Review, assess, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure.
Recommends, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach.
Monitors security vulnerability information from vendors and third parties.
Performs system and application vulnerability testing.
Incident Response Management:
Conducts network monitoring and intrusion detection analysis using various computer network defense tools, and host-based security systems.
Conducts log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.
Works with security information and event management (SIEM) to manage/tune the system, create/manage the detection content and actively watch for alerts.
Correlates network, cloud, and endpoint activity across environments to identify attacks and unauthorized use.
Reviews alerts and data from sensors, and documents formal, technical incident reports.
Coordinates response to computer security incidents according to the computer security incident response policy and procedures.
Provides technical guidance to first responders for handling information security incidents.
Provides timely and relevant updates to appropriate stakeholders and decision-makers.
Communicates investigation findings to relevant business units to help improve the information security posture.
Validates and maintains incident response plans and processes to address potential threats.
Works with threat intelligence and/or threat-hunting teams
Compiles and analyses data for management reporting and metrics.
Analyses potential impact of new threats and communicates risks back to detection engineering functions.
Performs root-cause analysis to document findings and participate in root-cause elimination activities as required.
Provides users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary.
Research emerging threats and vulnerabilities to aid in the identification of incidents.
Perform security standards testing against computers before implementation to ensure security.
Implements or coordinates remediation required by audits, and documents exceptions as necessary.
Security Engineering:
Performs system security administration on designated technology platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines.
Performs user and access administration on designated systems and applications, in accordance with the defined policies, standards and procedures.
Performs installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.
Applies patches where appropriate and, removes or mitigates known control weaknesses, as a means of hardening systems in accordance with security policies and standards.
Develops and maintains documentation for security systems and procedures.
Research recommends, evaluates, and implements cybersecurity solutions that identify and/or protect against potential threats, and respond to security violations.
Education/Experience/Language requirements:
Education:
A bachelor’s degree preferably in business information systems, computer sciences, telecommunications, engineering, or a technology-related field is required.
A master’s degree preferably in business information systems, computer sciences, telecommunications, engineering, or a technology-related field is desirable. This can substitute 2 years of required experience
Experience:
A minimum of seven (7) years of total experience in IT, Information Security, or IT Security is required.
A minimum of 3 years of experience in Information Security, especially on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is required.
Experience with regulatory compliance and information security management frameworks (e.g., IS027000, COBIT, NIST 800, etc.) is desirable.
In-depth knowledge and experience in Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) is required, (Google Chronicle SIEM & and SOAR experience is desirable)
Good technical and trouble-shooting ability is required.
Experience in crisis management is desirable.
Languages:
Full working knowledge of English is required.
Knowledge of another official UN language (Spanish and/or French) is desirable.
