Information Security Analyst
14 June 2012
The World Bank Group (WBG) Office of Information Security (OIS) provides information security services to the WBG. The mission of OIS is to protect the WBG’s information assets in a manner that supports the WBG\'s mission to free the world of poverty. The office develops strategy, standards and processes to protect the confidentiality, integrity and availability of WBG information assets in a manner that is commensurate with their value and risk. OIS maintains an information security program in a way that respects the rights and dignity of those it serves and addresses the needs of the WBG’s business units.
The Information Security Office has been tasked with providing technical and architectural information security solutions for The World Bank Group, and is in need of an Information Security professional who is results oriented, multi-disciplined and experienced in evaluating information security controls in web applications and complex business applications.
The Information Security Analyst (ISA), Counter APT – Data Analytics, would be expected to work primarily in the following areas:
•Interface with security operations team members to understand security requirements for complex data mining, logs, and indicators;
•Prepare and maintain the production and dissemination of ad hoc monthly and quarterly intelligence threat and warning products to Information Security, management team and external partners
Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year renewable term appointment.
The Information Security Analyst, working with the Counter APT and Cyber Intelligence team will have responsibilities for specific individual tasks and for working as an integral part of the team in executing OIS’s work program. Specific responsibilities include, but are not limited to, a combination of the following:
•Review daily feed and assist the Counter-APT team lead to identufy, track and re-prioritize the threats afffecting World Bank Group;
•Automate the daily feed process and apply artificial intelligence to identify, track, and monitor threats affecting World Bank Group;
•Write technical intelligence report by assessing the threats affecing World Bank Group and disseminate within OIS for review and feedback before it is published to the relevant stake holders;
•Assist Counter-APT Team lead in preparing briefings and maintaining current situation awareness on the threats and dissemniate within OIS;
•Based on the artifacts / data collected and identified during an Incident, prepare and maintain a repostitory of indicators of compromise and verify presence of the same within the bank\'s network;
•Provide an input to Security Engineering team and Monitoring team for developing additional preventive and detective controls.
•Develop or maintain commercial, open source or internally developed tools to assist in defining new areas of risk in an effort to create new automated methodologies that may be deployed;
•Perform research and development activities in an effort to build and deploy tools to aid in the detection of emerging threats;
•Cultivate and maintain intelligence sources pertaining to cyber-attacks, vulnerabilities and data disclosure;
•Assist Counter-APT team lead to develop adhoc reports required by the Top Management;
•Periodically liason with Incident Response team to understand current incidents, targetted users during an incident and provide inputs to Awareness & Training team for content development on security awareness to different stakeholders (end users, network administrators, system administrators, databse administrators)
1.Bachelor’s degree in Computer Science or Information Systems with a minimum of 5 years of relevant experience in Information Security. (If not, then BS/BA in Computer Science or Information Systems with a minimum of 6 years of relevant experience).
2.At least 2 years of practice as a Threat Research Analysis;
3.Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) or similar certifications;
4.Ability to work well under pressure and to meet tight deadlines. Demonstrate a high level of motivation, confidence, integrity and responsibility;
5.Demonstrated experience in understanding various log formats, network packet analysis, Operating system internals;
6.Demonstrated experience in Incident Response process, vulnerability management and exploitation techniques;
7.Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results;
8.Demonstrate excellent Analytical skills, Data mining skills and \'out-of-the-box\' thinking skills;
9.Demonstrate interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member and with staff and managers in the unit and elsewhere in the WBG;
10.Must be a self-starter, capable of focused research, collection and analysis of intelligence relevant to cyber security.
11.Ability to recognize and deal appropriately with confidential and sensitive information.
12.Experience with multiple programming (Java, C) and scripting languages (Perl, Python).
Please visit the Link
Apply by: 14 June 2012