SOC Coordinator

Contract

This is a ICRC - Open-ended contract. More about ICRC - Open-ended contracts.

Reports to (role)

• Chief Information Security Officer

What we do

The International Committee of the Red Cross (ICRC) works worldwide to provide protection and humanitarian assistance to people affected by conflict and armed violence. We take action in response to emergencies and, at the same time, promote respect for international humanitarian law. We are an independent and neutral organization, and our mandate stems essentially from the Geneva Conventions of 1949. We work closely with National Red Cross and Red Crescent Societies and with their International Federation in order to ensure a concerted, rational and rapid humanitarian response to the needs of the victims of armed conflict or any other situation of internal violence. We direct and coordinate the international activities conducted in these situations.

Purpose of the position

The ICRC provides technology services to more than 20,000 employees globally, external partners and our beneficiaries. Protecting our digital operations from cyber-attacks is a core element of the institutional cyber security strategy.

Based at HQ in Geneva and reporting directly to the Chief Information Security Officer (CISO), the Security Operations Center (SOC) coordinator is responsible to ensure the ICRC is prepared to detect, respond to and recover from cyber-attacks.

By coordinating the hybrid SOC, the SOC coordinator manages cyber operations in the following domains:

• Vulnerability Management
• Threat Intelligence
• Security Monitoring
• Incident Response

The SOC coordinator participates in and oversees the day-to-day operation of the ICRC's hybrid SOC whilst ensuring agreed SOC service levels are maintained.

The SOC coordinator brings knowledge, experience, technical expertise, and situational awareness to new and evolving cyber threats and cyber incidents. In close collaboration with technical and non-technical stakeholders, they coordinate, execute, and continuously enhance the SOC processes and services.

Main duties and responsibilities (1/2)

• Support the CISO function in the delivery of the overall ICRC cyber security strategy
• Contribute to the continuous improvement and evolution of the overall SOC mission
• SOC coordination and reporting
  • Coordinate the overall operations of SOC functions (cyber security monitoring, Cyber security incident response, Vulnerability management, Cyber threat intelligence)
  • Coordinate daily interaction with MSSP
  • Coordinate a team of Cyber Security Engineers
  • Ensure SOC adherence to security policies and procedures
  • Revise and develop SOC related security policies, standards, and procedures to support the current Security Operations within the Information Security Framework
  • Deliver agreed SOC measurables and metrics to the CISO
• Cyber security monitoring
  • Ensure efficient cyber security incident identification, triage, reporting, communication and monitoring via MSSP
  • Ensure efficient operation of standard reporting channels for suspected cyber security incidents

Main duties and responsibilities (2/2)

• Cyber security incident response
  • Responsible for overall coordination and execution of the response to Tier 1,2 & 3 cases
  • Assign tasks to Cyber Security Engineers
  • Manage escalated unresolved, persistent, or repetitive cases
  • Support Cyber Security Engineers to disseminate incident-related information to constituents and concerned parties via the given process, tooling and communication channels
• Vulnerability management
  • Work closely with the Vulnerability Coordinator to ensure required corrective actions are applied appropriately and timely, notably those related to security patches
  • Contribute to the continuous improvement evolution and extended scope of the vulnerability management process
  • Manage escalated unresolved, persistent, or repetitive cases
• Cyber threat intelligence (TI)
  • Enrich the SOC detection capabilities through complementary TI feeds
  • Based on TI feeds, plan and coordinate automated responses with the Cyber Security Engineers

People management responsibilities

No

Relationships

• Report directly to the Chief Information Security Officer
• Maintain relationship with Managed Security Service Provider (MSSP) involved in SOC activities
• Lead ICRC cyber security engineers within the hybrid SOC
• Interact transversally with ICRC colleagues worldwide
• Engage with the CISO function for analysis & improvements

Education and experience required

• A university degree in Computer Science, Engineering, or related field (with major in security is an asset)
• At least 3 years of cyber security related professional experience are required
• Security certifications such as CISSP, CCSP, SANS GIAC, CEH, Security+ and/or Offensive Security are a strong asset
• Relevant experience in an international and multicultural environment
• Fluency in English is mandatory, French is an asset

Desired profile and skills

• Excellent knowledge of information security standards, frameworks and best practices (NIST, ISO, SANS, etc.)
• Solid sense of integrity, limits and understanding of the overall cyber security organization and wider ICRC mission
• Excellent knowledge of enterprise security architecture and engineering
• Ability to manage workflows within dedicated case management and common service management tooling
• Excellent knowledge of common desktop and server OS, container technology, databases and network administration/management
• Excellent knowledge of OSI network stack including major IPv4/IPv6 protocols using TCP/UDP including SMTP, HTTP, DNS, SNMP, LDAP etc.
• Fluency in 1 or more scripting languages. Python and/or Powershell/Powershell Core is an asset
• Expertise with core FOSS tools (e.g.: tcpdump, Wireshark)

Additional information

• Type of role: Open Ended
• Working rate: 100%
• Starting date: [[ASAP]]
• Location: [[Geneva]]
• Job level: [[C1]]

• Application deadline: 09/04/2023

• The ICRC values diversity and is committed to creating an inclusive working environment. We welcome applications from all qualified candidates.