Home » world bank » Job: Information Security Analyst

Job: Information Security Analyst

, , , 09:08
Location: Chennai, India
Deadline: Monday, 04 November 2013
Background / General description:
The World Bank Group (WBG) Office of Information Security (OIS) provides information security services to the World Bank Group (WBG). OIS's mission is to protect the WBG's information assets in a manner that supports the WBG's mission to have a world free of poverty. The office develops strategy, standards and processes to protect the confidentiality, integrity and availability of WBG information assets in a manner that is aligned with their values and risk appetite. OIS maintains an information security program in a way that respects the rights and privacy of those it serves and addresses the needs of the WBG's business units. OIS is responsible for managing security strategy, operations and compliance activities for the WBG's four (IBRD, IDA, MIGA & IFC) member institutions. In addition, OIS manages security across remote sites in over 180 countries across the globe.
OIS has established Information Security Operations (ISOC) in India which is a 24x7x365 days and is responsible for the following areas:
  • Monitor multiple security alert sources, identify and triage significant security events, determine impact and threat severity, escalate according to established procedures, and create incident tickets using the internal Case Management System.
  • Review automated daily security reports for key security controls, escalate critical security events to the appropriate stakeholders and follow-up as required.
  • Review vulnerability scan reports, determine the false positive and follow-up with the appropriate IT teams on critical vulnerabilities and remediation status.
  • Provide ongoing analysis and review for indications of attacks, including Forensic Incident Response, Triage and Repair in coordination with OIS
Incident Response Team.
ISOC Chennai lead oversees and provides vision and leadership for the development and execution of our information security strategy ensuring that business operations and client assets are not compromised. OIS is in search of an onsite deputy to the ISOC Chennai lead who would maintain Business continuity and develop the security operations to a maturity level defined by World Bank HQ.
OIS wants to hire an Information Security professional that can handle the team during shift hours. The individual should be multi-disciplined and comfortable in operating and maintaining secured solutions for platforms running mission critical business applications in a homogeneous environment, at the enterprise level.
Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year term appointment.
Duties and Accountabilities:
Technical:
  • Review alerts from various monitoring tools (IDS, Antivirus Management Consoles, Honeypot, Distribution List, SIEM, and so on), determine false positives, determine impact of an incident and accordingly prioritize it.
  • Review raw logs and help SIEM Manager in developing actual content for event monitoring and correlating events from multiple sources.
  • Perform investigation on the cases assigned in SCMIN. Based on the workload and shift-schedule reassign the tickets.
  • Assist ISOC team lead and HQ-IR team in forensic investigation
  • Assist ISOC team lead in developing and maintaining ISMS procedures (related to ISOC) for complying with global ISMS policy defined by the organization.
  • Maintain technical proficiency in information security concepts and related technologies through on the job training, performing individual research and attending training courses as necessary.
  • Train existing resources on various monitoring tools and remediation techniques on periodic basis.
  • Assist ISOC Team lead in developing periodic status reports and monthly metrics for global reporting purposes
  • Build R&D lab using virtual machines and monitor the new 0-day, irc channels and submit malwares to the Antivirus company to develop signatures. Also assist the engineering team in preparing the IDS signature for the 0-day exploit.
Administrative:
  • Manage the swing / night shift and escalate issues wherever required to the OnCall IR.
  • Monitor the shift-turnover and on monthly-basis provide the statistics on the emails received on DLs, Quarantine, SCMIN, IDS and ePO.
  • Provide support to the resources and the ISOC team lead on a 24x7x365 basis by shift work with rotation
  • Demonstrate experience in making sound, high impact business decisions supported by sound analysis and information security strategy.
Selection Criteria:
  • Master's degree with 2 years relevant experience or Bachelor's Degree with a minimum of 4 years relevant experience.
Mandatory Skillsets / Requirements
  • Preferred minimum 5 years of Information Security experience required; out of which the individual has worked with Security Operations Centre for a minimum period of 1 year.
  • Certified SANS GCIH / GCFA / GCIA / GREM
  • Experience in access controls (network, systems, file, and application)
  • Ability to work on multiple projects and efforts with limited supervision.
  • Ability to analyze network captures.
  • Knowledge of common hacking tools and techniques
  • Experience in understanding and analyzing various log formats from various sources.
  • Experience in analyzing reports generated of SIM/SEM tools
  • Hands on experience with security technologies like antivirus, IDS/IPS, VPN, firewalls and application security methodologies
  • Performed penetration testing, vulnerability management and application security code reviews
Competencies:
  • Business Enterprise Knowledge - Develops and implements technical solutions that meet operational improvement needs.
  • Knowledge of Emerging Technology - Tests new technology to evaluate capability compared to specifications.
  • Risk Management - Reduces risk by solving day-to-day problems as they arise.
  • Systems Thinking - Investigates the critical relationships among primary business, technology and systems platforms.
  • Strategic Technology Planning - Asks questions and assesses aspects of the strategic technology plan.
  • Client Orientation - Takes personal responsibility and accountability for timely response to client queries, requests or needs, working to remove obstacles that may impede execution or overall success.
  • Drive for Results - Takes personal ownership and accountability to meet deadlines and achieve agreed-upon results, and has the personal organization to do so.
  • Teamwork (Collaboration) and Inclusion - Collaborates with other team members and contributes productively to the team's work and output, demonstrating respect for different points of view.
  • Knowledge, Learning and Communication - Actively seeks knowledge needed to complete assignments and shares knowledge with others, communicating and presenting information in a clear and organized manner.
  • Business Judgment and Analytical Decision Making - Analyzes facts and data to support sound, logical decisions regarding own and others' work.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)