Cybersecurity Emergency Operations & Incident Management Analyst

Contract

This is a P-2 contract. This kind of contract is known as Professional and Director staff. It is normally internationally recruited only. It's a staff contract. It usually requires 2 years of experience, depending on education.

Salary

The salary for this job should be between 57,661 USD and 78,318 USD.

Please keep in mind that the salary displayed here is an estimation by UN Talent based on the location and the type of contract. It may vary depending on the organization. The recruiter should be able to inform you about the exact salary range. In case the job description contains another salary information, please refer to this one.

OBJECTIVES OF THE PROGRAMME

The department of Information Management and Technology has an operational and strategic role. On the one hand, the department provides relevant, quality, reliable, and cost-effective IT services in order for the Organization to achieve its health mandate. On the other hand, it aims to be a strategic enabler for WHO by creating partnerships with business units (administrative and health technical), capturing business needs, establishing and managing projects to address these requirements. The work of the department is categorized under the WHO's programme of Corporate services and enabling functions (Category 6) with specific focus on Effective management and administration established across the organization (6.4). The Cybersecurity team provides and develops secure and resilient digital assets which enable and advance WHO's mission.

DESCRIPTION OF DUTIES

• Conduct logging (users, applications, networks, systems, access to physical assets, etc.).
• Collect sources of intelligence (adversary behaviors, active incidents, national and international events, etc.).
• Assist in security audits, application and infrastructure level vulnerability testing.
• Assist in monitoring logs and other sources of information (users, applications, networks, systems, access to physical assets, etc.).
• Collaborate in the development of solutions to help mitigate security vulnerabilities related to process, people and technology.
• Participate in situational awareness based on intelligence and threat information, and formulate and report an operational view of the external environment.
• Provide responsive information to Computer Security Incident Response Teams (CSIRT's).
• Participate in research activities to identify vulnerabilities and their impact, risk analysis, advise on criticality.
• Assist in the implementation of critical security updates.
• Assist in the management of Cybersecurity incident response related activities.
• Perform all other related duties as assigned.

REQUIRED QUALIFICATIONS

Education

Essential:

• University degree in Computer Science, IT Security, Information Security or a closely related field.
• One or more Industry certifications covering IT security such as CISSP, SSCP, Associate of (ISC)2, CEH, GCIH or equivalent.

Desirable:

• Certificate in ITIL Service Management.
• Internationally recognized Project Management Certification such as PMI, PMP or Prince 2 are highly desirable.

Experience

Essential:

• A minimum of 2 years IT experience focused on IT security.
• In-depth knowledge of the cybersecurity attack process and phases.
• Demonstrated track record of ethical behavior.
• Hands-on experience with the following: technical system access control capabilities; vulnerability scanning, firewall principles and administration (log types, rule attributes and understanding of security zones), network data collection and analysis (the use of WireShark/TShark etc as the analysis tool), antivirus; malware analysis, proxy, IDS/IPS, log correlation tools, SIEM, DLP, NAC.
• Forencics principles (following the order of volatility, establishing and maintaining Chain of Custody).
• Hands-on experience with security vulnerability assessment and incident and patch management.
• Experience using Microsoft Office and Visio to create documents, presentations, and detailed drawings.
• Good technical writing, documentation, and communication skills are required.
• Experience in working across geographic and cultural boundaries.

Desirable:

• Experience in working across multiple time zones without the need for face to face meetings in International environments.
• Experience working in an environment where work hours are scheduled shifts corresponding to forecasted activity.
• Experience working outside of core business hours, including early morning, late evening, overnight, weekends, and/or holidays as needed.

Skills

• Functional Skills and Knowledge Possession of a diverse IT background with demonstrated continued professional development training path.
• Strong knowledge and significant experience working with various hardware platforms, network protocols and services (SSH, HTTP/S, DNS, SMB, FTP, SMTP, SNMP, TCP/IP, ARP, OSPF etc), various Operating Systems, Identity and Access Management (IAM).
• Advanced technical knowledge of mainstream anti-malware solutions, automated policy compliance tools, and desktop security tools.
• Ability to adapt to rapidly changing technology and apply it to business needs.
• Strong analytical and problem solving skills.
• Strong team oriented interpersonal skills with a strong ability to interface wide variety of people and teams in a cross functional environment.
• Ability to support Organisation Policy enforcement.
• Experience analysing application behaviour.
• Essential Skills Knowledge of ICT security standards, frameworks and best practices
• Knowledge and understanding on the creation/implementation of secure networks, firewalls and intrusion-detection systems.
• Understanding of common network attacks, attack methods, and network defence architectures.
• Developing, and implementing new security components and integrations.
• Excellent knowledge of ICT security practices and industry trends, particularly those pertaining to information security.
• Proficiency in vulnerability assessments.
• Strong knowledge and understanding of information risk concepts and principles.
• Knowledge of and experience in developing and documenting security architecture and plans.
• Good understanding of hacking or perimeter breach techniques and able to stay in tune with the changes in this area.
• Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation in a cross-functional environment.
• Understanding of risk assessment methods and technologies.
• Strong understanding of business applications, including ERP and financial systems.
• Excellent understanding of WEB Application security and OWASP Top 10.

WHO Competencies

Teamwork Respecting and promoting individual and cultural differences Communication Producing results Moving forward in a changing environment

Use of Language Skills

Essential: Expert knowledge of English. Desirable: Beginners knowledge of French.

REMUNERATION

WHO salaries for staff in the Professional category are calculated in US dollars. The remuneration for the above position comprises an annual base salary starting at USD 49,254 (subject to mandatory deductions for pension contributions and health insurance, as applicable), a variable post adjustment, which reflects the cost of living in a particular duty station, and currently amounts to USD 874 per month for the duty station indicated above. Other benefits include 30 days of annual leave, allowances for dependent family members, home leave, and an education grant for dependent children.

ADDITIONAL INFORMATION

• This vacancy notice may be used to fill other similar positions at the same grade level

• Only candidates under serious consideration will be contacted.

• A written test may be used as a form of screening.

• In the event that your candidature is retained for an interview, you will be required to provide, in advance, a scanned copy of the degree(s)/diploma(s)/certificate(s) required for this position. WHO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU)/United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/. Some professional certificates may not appear in the WHED and will require individual review.

• Any appointment/extension of appointment is subject to WHO Staff Regulations, Staff Rules and Manual.

• Staff members in other duty stations are encouraged to apply.

• For information on WHO's operations please visit: http://www.who.int.

• WHO is committed to workforce diversity.

• WHO prides itself on a workforce that adheres to the highest ethical and professional standards and that is committed to put the WHO Values Charter into practice.

• WHO has zero tolerance towards sexual exploitation and abuse (SEA), sexual harassment and other types of abusive conduct (i.e., discrimination, abuse of authority and harassment). All members of the WHO workforce have a role to play in promoting a safe and respectful workplace and should report to WHO any actual or suspected cases of SEA, sexual harassment and other types of abusive conduct. To ensure that individuals with a substantiated history of SEA, sexual harassment or other types of abusive conduct are not hired by the Organization, WHO will conduct a background verification of final candidates.

• WHO has a smoke-free environment and does not recruit smokers or users of any form of tobacco.

• WHO has a mobility policy which can be found at the following link: http://www.who.int/employment/en/. Candidates appointed to an international post with WHO are subject to mobility and may be assigned to any activity or duty station of the Organization throughout the world.

• Applications from women and from nationals of non and underrepresented Member States are particularly encouraged.

• *For WHO General Service staff who do not meet the minimum educational qualifications, please see e-Manual III.4.1, para 220.