Information Security Operations Officer

The Information Security Operations Officer is responsible for operational information security activities including incident management, threat hunting, forensics, and vulnerability management within the ILO's Technology Management Services Branch. The role supports the design and maintenance of security platforms and tools to ensure organizational cybersecurity resilience.

Responsibilities

• Champion information security operations, including incident assessment, categorization, triage and escalation, in line with established Incident Response playbooks and procedures and in collaboration with the SOC (Security Operations Center).
• Provide expertise in Information Security Incident Response. Drive detection, threat hunting and incident analysis; identify and track escalations and lateral movements; support containment, eradication and recovery stage; write post-mortem documentation and lesson learned.
• Monitor and assess the ILO threat landscape on a routine basis; identify and assess emerging risks, participate in mitigation activities; design and implement appropriate mitigating controls, detection analytics and alerting capabilities where applicable.
• Drive the hardening and baselining of assets; monitor and investigate deviations from recognised security baselines, including Centre for Internet Security (CIS) benchmarks and Security Technical Implementation Guidelines (STIG); define and implement technical measures through Group Policy, Intune, Azure or Configuration Manager; and perform post-implementation reviews and audits to identify and implement improvements to operational systems.
• Participate in planning and deliver simulation exercises, including tabletop and purple-team exercises, to test preparedness, validate response capabilities and strengthen organisational resilience against cyber-attacks.
• Contribute to data analysis and reporting capabilities to collect and analyse logs, metrics, and events from multiple sources; Proactively suggest and create alerts and reports on potential risks and compliance deviations.
• Conduct targeted digital forensics services to acquire images and reconstruct intrusion timelines, events, vectors, tools and techniques from compromised assets; extract artifacts and indicators of compromise.
• Support Threat and Vulnerability management. Ensure IT systems, platforms and web applications assets are discovered and regularly scanned. Analyse and triage scan results, based on likelihood and impact. Discuss findings and solutions with the team and provide support to the system owners, in the remediation process.
• Closely monitor technology developments within the domain to anticipate shifts, identify opportunities and propose tools or processes evolutions.
• Advocate for information security standards and best practices across the Organization; contribute to the development and continuous improvement of internal guidelines, procedures and standards in collaboration with other INFOTEC units.
• Perform any other relevant duties as assigned.

Requirements

• Advanced level university degree in computer science or other closely related field.
• A first-level university degree (Bachelor’s or equivalent) in computer science or other relevant field with an additional two years of relevant experience, in addition to the experience stated below, will be accepted in lieu of an advanced university degree.
• One or more industry-recognized certifications covering IT security such as CISSP, BTL1/2, GCIH, TryHackMe SOC, Microsoft Certified Security Operations Analyst Associate, any relevant SANS certifications, or equivalent.
• At least five years of professional experience in the cyber security field.
• Excellent command of one working language (English, French, Spanish) of the Organization and a working knowledge of a second working language of the Organization. One of these languages must be English.
• Expertise with Microsoft Sentinel SIEM or equivalent; Defender EDR or equivalent; Microsoft E5 security stack.
• Expertise in Threat hunting, log parsing and log analysis, detection rules using query: KQL, Sigma or equivalent; and scripting languages: Python and PowerShell.
• Knowledge of network security concepts and tools: NDR, network packet capture and analysis; micro-segmentation, firewalling.
• Advanced knowledge of the cybersecurity kill chain, MITRE, and Incident Response frameworks such as NIST, SANS or equivalent.
• Working knowledge of Forensics tools and standard procedures.
• Understanding of Vulnerability management and OWASP Top 10, especially Web Application scanning and OS/Platform scanning, preferably with Qualys.
• Working knowledge of offensive techniques and tools to validate and triage findings.
• Ability to communicate effectively with technical and non-technical people at different levels of the organization.
• Ability to work on own initiative as well as a member of a team.
• Strong communication, interpersonal and presentation skills.
• Ability to balance and prioritize work.
• Good analytical skills.
• Ability to work effectively in a multicultural environment and to demonstrate gender-responsive, non-discriminatory and inclusive behaviour and attitudes.

Skills

• Cybersecurity
• Incident Management
• Threat Hunting
• Log Analysis
• KQL Query
• Sigma Detection Rules
• Python Scripting
• PowerShell Scripting
• Microsoft Sentinel SIEM
• Defender EDR
• Microsoft E5 Security Stack
• Network Security
• Network Packet Analysis
• Micro-segmentation
• Firewalling
• Cybersecurity Kill Chain
• MITRE Framework
• Incident Response Frameworks
• NIST Framework
• SANS Framework
• Forensics Tools
• Vulnerability Management
• OWASP Top 10
• Web Application Scanning
• OS/Platform Scanning
• Qualys
• Offensive Security
• IT Security certifications

Languages

English, French, Spanish