Hiring.fm
IMF

Security Analyst/Senior Security Analyst (Infrastructure Security) - ITDSGGR (Contractual)

USA, Washington DC Full time

Work for the IMF. Work for the World.

 

The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency. 

 

Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand as guardians of integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to:  

  • Crafting and executing a forward-thinking and resilient Cybersecurity Strategy.  

  • Enacting inclusive governance that balances security needs with operational fluidity.  

  • Developing policies and standards that stay ahead of the threat landscape.  

  • Ensuring compliance, resilience, and agility in our cybersecurity posture.  

  • Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to the utilization of the IMF’s information assets, ensuring a secure operational framework.  

  • Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization.  

  • Administering a compliance management program dedicated to maintaining firm adherence to the IMF's information security policies and standards.  

  • Preserving a solid enterprise security reference architecture that acts as a safeguard for the IMF's information assets against pertinent threats.  

  • Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the IMF's mission.  

  • Overseeing cyber threat intelligence, incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly.  

 

As we expand our efforts to serve the IMF's staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills and expertise to address the current and forthcoming cybersecurity and business challenges faced by the IMF. 

  

Job Summary 

The Information Technology Department (ITD)’s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill a Security Analyst/Senior Security Analyst (Infrastructure Security) position.   

 

Under the general supervision of an information security assurance manager, the Security Analyst/Senior Security Analyst (Infrastructure Security) will provide expertise with definition, design, engineering, and validation of security configuration of technology platforms in the cloud and on-premises. 

 

The candidate will be required to work with project teams, service providers, and business units internal and external to the Fund’s IT function. The candidate is expected to bring pragmatic on-premises and cloud security and risk management experience, allowing the Fund to meet its present and emergent business needs. The candidate is expected to advise and influence technology and business personnel regarding the value and methods of safeguarding information, applications, systems, infrastructure, and activities to help ensure that technologies function optimally; work practices are optimized so that the information risks are managed. 

 

Minimum Qualifications 

Education 

  • Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 10 years of relevant experience working in infrastructure or enterprise security roles; OR 

  • Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 4 years of relevant experience working in infrastructure or enterprise security roles. 

Certifications: (Minimum plus at least 2 preferred) 

  • CISSP or CISM (minimum required) 

  • CCSP (preferred) 

  • Microsoft Certified: Cybersecurity Architect Expert (preferred) 

  • Microsoft Certified: Azure Solutions Architect Expert (preferred) 

  • Other Microsoft cloud security related certifications at the Expert level (preferred) 

  • GIAC certifications (preferred) 

  • Offensive security related certifications (preferred) 

  • Red Hat Certified Engineer (RHCE®)/ A Red Hat® Certified Architect (RHCA) (preferred)  

Experience should include:  

  • Proven track record in delivering technical security assurance and engineering solutions, with practical implementation experience in operational security within regulated environments. 
  • Extensive technical security experience across a broad range of core Azure services, including Microsoft 365 security controls, Entra ID, Microsoft Defender suite, Azure network security, and other key components of the Microsoft security ecosystem. 
  • Advanced working knowledge (preferably previous hands-on experience) in: 
  • Wide array of Infrastructure services e.g. Virtualization Platform, Linux and Windows Operating systems and OS applications, Active Directory and related services, Networking services – switches and routers and other supporting services Web Server e.g. Apache and IIS Applications e.g. Tomcat and other application servers Database system e.g. MSSQL, PgSQL, Oracle, MongoDB etc. 
  • Security technologies e.g. Firewall (Checkpoint, Palo Alto, Azure Firewall), IDS/IPS, Proxy service (forward and reverse), Zero trust, SIEM, SOAR, Network detection and Response (NDR) 
  • Hands-on security configuration of platforms (cloud and non-cloud). 
  • Basic IT consultancy skills. Demonstrates expertise in securing application, database, and infrastructure components through tailored hardening approaches, employing modern tools and techniques to protect the full technology stack. 
  • Pragmatic security expert with an inherent ability to balance security demands with business reality.   Demonstrates a commitment to continuous learning to stay current with the evolving cybersecurity landscape and to effectively apply security controls that support business goals. 
  • Strong knowledge of security solutions, emerging threats, and effective countermeasures. 

Required Soft Skills 

  • Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.  
  • Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.  
  • Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues.  
  • Interpersonal skills that create openness and trust among colleagues. 
  • Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity, and responsibility. 
  • Ability to be organized, responsive, and to be able to effectively multi-task with a focus on driving results. 
  • Demonstrate excellent interpersonal and relationship management skills. This includes the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers. 
  • Ability to work well under pressure and to meet tight deadlines, whilst demonstrating a high level of motivation, confidence, integrity, and responsibility. 
  • Excellent relationship management skills. Facilitation and conflict management skills that enable effective working relationships.  

 

 Major Duties and Responsibilities 

Specific responsibilities include: 

  • Senior individual contributor to provide cybersecurity assurance expertise for a broad range of IT initiatives. This includes but is not limited to defining, guiding the engineering and validating implementation of technology agnostic security control standards, technology-specific configuration baselines (Security Hardening) and implementation guidelines for technology platforms (both cloud and on-prem) and services.   
  • Maintains impartiality around IT systems to produce unbiased reports on information security risk.  
  • Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions.  
  • Effectively communicates requirements and educates stakeholders in IT divisions on appropriate security design and technical configuration of related controls on IT platforms throughout their lifecycle, 
  • Works closely with IT project teams to develop implementation plans for new security-related products, Platforms and services.  
  • As an advocate of information security, works closely and proactively with IT stakeholders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes.  
  • Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality. 

Other ad hoc responsibilities may include: 

  • Support the information security assurance manager in maintaining the Fund's ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers.
  • Keeps abreast of international information security codes of practice such as ISO 27001/27002, information security and privacy regulations and how these measures could affect information assets owned by, or administered on behalf of, the IMF.  
  • Analyzes, recommends, and implements process improvements within the context of information security. 

This is a one-year contractual appointment. Contractual appointments at the IMF are renewable for up to four years of cumulative contractual service, pending incumbent's performance, budget availability, and continuous business need. 

Department:

ITDSG Information Technology Department Information Security & Governance

Hiring For:

A11, A12

The IMF is guided by the principle that the employment, classification, promotion, and assignment of staff shall be made without discrimination against any person. We welcome requests for reasonable accommodations for disabilities during the selection process. Information on how to request accommodations will be provided during the application process.