Work for the IMF. Work for the World.
Background
The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency.
Our commitment is to:
Maintain and elevate the performance of pivotal IT systems and infrastructure.
Fortify and mature the IMF’s cybersecurity posture, safeguarding the integrity and resilience of global financial and economic systems.
Align IT initiatives with the IMF's strategic objectives, maximizing the impact of technology on global economic policies.
Deliver unparalleled value, optimizing the blend of quality, cost-effectiveness, and stakeholder satisfaction in every project.
Empower the IMF's business technology strategy, ensuring it aligns with both current needs and future visions.
As we expand our capabilities, we seek experts in cybersecurity ready to dive deep into the complexities of capabilities that enable global finance and economics. Your expertise is vital in securing the future of international economic stability.
Job Summary
The Information Technology Department (ITD)’s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill the contractual position of Security Operations Center (SOC) Analyst- Tier 3.
Under the general supervision of the Section Chief (SOC and Threat Intelligence), the SOC analyst -Tier 3 is a hands-on analyst responsible for monitoring, detecting, assisting with sensitive investigations, and responding to security incidents, threats, and vulnerabilities in real-time. S/he will collaborate with cross-functional teams and external entities to develop and implement security measures, investigate security events, facilitate eDiscovery, and provide proactive incident response services. The ideal candidate should have a strong technical background, excellent analytical and problem-solving skills, and a deep understanding of information security principles and technologies.
Major Duties and Responsibilities
1. Implements advanced security monitoring and detection mechanisms by integrating actionable threat intelligence and identifying relevant log sources across hybrid environments.
2. Investigates, analyzes, and resolves complex security incidents, utilizing advanced forensic techniques, malware reverse engineering, and threat-hunting methodologies.
3. Works closely with the threat intelligence and vulnerability management team to process actionable intelligence, enhancing high-fidelity detection use cases and proactive defense mechanisms.
4. Collaborates with internal teams, including network operations, security platform administrators, system administrators, cloud administrators, and software developers, to ensure the timely resolution of security issues and incidents.
5. Continuously improves SOC operations by enhancing incident response, change management, and problem resolution while automating processes to reduce operational inefficiencies.
6. Provides expert-level guidance to Tier 1 & Tier 2 analysts, supporting complex investigations and contributing to ongoing training and analyst retention strategies under SOC leadership.
7. Develops, maintains, and updates incident response plans, playbooks, and procedures, ensuring alignment with industry best practices, organizational policies, and crisis management frameworks.
8. Supports authorized eDiscovery and investigation requests in strict compliance with agreed procedures and playbooks ensuring chain of custody, documentation and strict confidentiality.
9. Manages the work of managed security service providers and participates in periodic performance reviews focusing on compliance and continuous improvement.
Minimum Qualifications
Educational development, typically acquired by the completion of an advanced university degree, or equivalent, in Computer Science or a related field; or a university degree in Information Security, Computer Science, Information Technology, or related field from an accredited university plus a minimum of 6 years of progressive security operations work experience in regulated industries.
At least 2 of the following certifications preferred: OCSP, GCIH, GDAT, GREM, GSOC, CEH, GCIA, Azure AZ-500.
Experience working in a global Security Operations Center (SOC) environment, preferably in a Tier 3 role with responsibility to manage the work of analysts and MSSPs.
Knowledge and/or experience (preferred) in:
Security engineering and operations experience in hybrid cloud environments (Azure, AWS, GCP).
Understanding of threat management, security incident response protocols, threat hunting and vulnerability management principles, tools, technologies and best practices.
Experience with forensic techniques and toolsets (Volatility, Ghidra, Encase, FTK, or similar); most major host operating systems and file system types; analysis of many different types of security logs; command line interfaces and scripting tools (powershell, grep, awk, sed, etc.); programming languages (python, perl, etc.); and/or data interchange formats (e.g. JSON, XML)
Ability to perform memory analysis, malware analysis, and reverse engineering to determine threat impacts.
Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, NDR, Network Packet Analysis, EDR)
Demonstrated experience with utilizing SIEM such as LogRhythm, Sentinel, Splunk and implementing advanced log management and automation solutions.
Familiarity with attack detection methodologies and frameworks like MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration, and scoring.
Enterprise level IT service management, including continuous service improvement.
Work Management Skills:
Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance. Ability to quickly grasp how new technologies work and how they might be applied to
achieve business goals.
Excellent analytical and problem-solving skills, with the ability to think critically and make decisions under pressure.
Excellent management, organizational and interpersonal skills with or without the line of command.
Excellent written and verbal communication skills that are compelling, convincing, and reassuring.
Personal drive, ownership, and accountability to meet deadlines and achieve agreed-upon results.
Proven ability to collaborate with IT colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.
Keen interest in staying abreast of emerging cybersecurity threats and technologies.
This is a one-year contractual appointment. Contractual appointments at the IMF are renewable for up to four years of cumulative contractual service, pending incumbent's performance, budget availability and continuous business need.
Department:ITDSG Information Technology Department Information Security & Governance
Hiring For: A09, A10
The IMF is committed to hiring diverse staff, including age, creed, culture, disability, educational background, ethnicity, gender, gender expression, nationality, race, religion and beliefs, and sexual orientation. We welcome requests for reasonable accommodations for disabilities during the selection process. Information on how to request accommodations will be provided during the application process.