Consultant – Security Operations Center Analyst - L2, Local); (HQG

Result of Service UNRWA is an equal opportunity employer and welcomes applications from both women and men. UNRWA encourages applications from qualified women. Only those applicants shortlisted for an interview will be contacted. UNRWA is a non-smoking environment.

Work Location Gaza

Expected duration 3 months

Duties and Responsibilities - Provide analysis and trending of security log data from a large number of heterogeneous security devices - Perform deep analysis to potential security incidents to identify the full kill chain - Provide threat and vulnerability analysis as well as security advisory services - Analyze and respond to previously undisclosed software and hardware vulnerabilities - Investigate, document, and report on information security issues and emerging trends - Evaluation and prioritization of detected alerts. - Analysis of the security alerts produced by the various security controls, evaluation of the issues reported, researching the problems and possible solutions, and liaising with teams to support them with the remediation of any possible issues - Assisting in IT security investigations, exercises, and tests - Provide recommendations to end-users for containment and eradication of threats. - The configuration of the Security controls to minimize false positives and optimize detection capabilities. - Generate new use cases for emerging threats - Conduct monthly security use case reviews and correlation audits - Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences - Responsible for working in a 24x7 Security Operation centre (SOC) environment. - Produce and update security operations processes and procedures - Transfer knowledge to colleagues via delivery of training/mentoring and clear, concise documentation - Undertake forensic investigations - Support the SOC Manager in his duties (e.g., extension of SOC services to new sites) - Perform other duties as may be required.

Qualifications/special skills Academic Qualifications:

A university degree or master's degree from an accredited educational institution in information technology information management, Information systems, computer science, computer engineering, Software engineering, or other related disciplines.

Experience:

• A minimum of 2 years of experience in dealing with cybersecurity incidents and crisis.
• Experience in working and partnering with other technology teams to resolve cybersecurity incidents
• Experience in persuading technical individuals and teams who share different objectives and priorities to deliver the security activities expected of them
• Demonstrated experience of strong knowledge in information security principles (security principles applied to architecture, network & systems, cyber forensics, security risk assessment, and software development)
• Demonstrated experience leading efforts to identify and resolve systems issues
• Demonstrated experience in network analysis and advanced networking fundamentals
• Experience working with security event detection tools like IPS, SIEM, DLP, Anti-virus, EDR, UBEA, etc.
• Ability to perform event correlation and host/ network threat analysis.
• Ability to manage multiple incidents and make effective decisions under high-pressure environments.
• Understanding network infrastructure hardware and protocols (TCP/IP, switches, bridges, routers, proxy servers, VPN concentrators).
• Understanding security protocols (IPSec), and encryption technologies (3DES, AES, SHA2, TLS).
• Understanding basic security principles such as Confidentiality, Availability, and Integrity and familiarity with security best practices.
• The ability to demonstrate a dynamic interest in solving information security issues; analytical ability to break down problems into constituent parts.

DESIRABLE EXPERIENCE

• Experience of performing threat hunting and digital forensic on computers, servers or network assets
• Experience of developing scripts (Python, REGEX, Powershell, Shell, etc.) quickly in reaction to incidents or for proof of concepts
• Experience with Splunk

Competencies:

• Actionable knowledge of MITRE ATT&CK framework
• Effective communicator with a positive and confident attitude, both written and verbally, to both technical without the expertise and non-technical personnel like senior management
• Excellent planning and organizing skills;
• Strong troubleshooting, reasoning, and problem-solving skills.
• Team player, excellent communication skills, good time management.
• Knowledge of the NIST framework and OWASP
• Well understanding of Azure Cloud Technologies
• Flexibility to handle several information security issues simultaneously.
• Aptitude for solving problems and acting on own initiative.
• Highly motivated with a willingness to learn new technologies.
• Strong ability to drive for results, to manage and deliver against multiple priorities on time;
• Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Exposure and experience working with security applications such as firewall, anti-virus, patch management, and vulnerability management;

Language:

• Fluency in spoken and written English.

DELIVERABLES:

• Reports on security alerts: Many security alerts that need to be reviewed, follow-up actions need to be executed and summery reports must be issued. 3 summary reports to be delivered.

• Azure IDPS configuration: A key part of UNRWA's digital transformation process is migrating all servers to Azure Cloud. This created a new security need related to the proper configuration of the IDPS module. Risk analysis report for alerts and updated configuration of the Azure IDPS to be delivered.

• Azure risky sign-ins configuration: Azure Active Directory is being adopted as a center for the security authentication process within all UNRWA applications. This created a new security need related to the proper configuration of the risky sign-ins module. Risk analysis report and a plan to update the Azure Active directory risky sign-in configuration to be delivered.

Service conditions:

• The duration of the consultancy is 3 months, extendable according to performance and availability of funds.
• Remuneration for this consultancy is $1,259.30 monthly, and it will depend on the qualifications and experience of the candidate.

• The consultant will be based in Gaza;

  Additional Information UNRWA Information Management and Technology Department (IMTD) is seeking an information security analyst that will be responsible for security monitoring and incident response of the UNRWA Cyber environment, your background should include exposure to security technologies including firewalls, IPS/IDS, logging, monitoring and vulnerability management. You should have an understanding of network security practices. Excellent customer service while solving problems should be a top priority for you. Scalar is a fast-paced, entrepreneurial environment so to be successful you’ll need to be a pro-active individual, take direction well, communicate succinctly and collaborate effectively.

The consultant The consultant will report administratively to Head Information Technology Service Centre at Headquarter Gaza and technically to the Head, Information Security Office at Headquarters Amman.

¿ Please indicate if you are a Palestinian Refugee and provide your registration card number if applicable.

No Fee THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.