Title of Assignment: iSOC Tier 2 Analyst

Name of unit/sector: Information Security Section, Security and Information Assurance Division, Administration, Finance and Management Sector

Place of Assignment: Near-shore or Hybrid/WIPO HQ Geneva (desirable)

Expected duration of assignment: Up to 24 months maximum

1. Objective of the assignment

WIPO is looking to develop and improve its interactions with its digital products and services to support and facilitate users of intellectual property systems in their pursuit of most effective and efficient protection of their intellectual assets and ideas.
The Information Security Operations Centre (ISOC) is responsible for improving WIPO’s information security posture by monitoring, detecting, and responding to information security incidents, by managing key security technologies, analyzing and monitoring current and future threats to WIPO, and by continually managing and reporting on vulnerabilities.
The primary objective of the iSOC Tier 2 (T2) Analyst is to manage the detections and alerts that are generated through SIAD’s security programme, apply a business context and escalate to various business units.

2. Deliverables/services

a) Investigate and remediate escalations from WIPO’s MDR Vendor‘s SIEM / XDR / Monitoring platform and internal tickets.
b) Investigate and remediate escalations from internal departments.
c) Co-manage the Vulnerability Management service at WIPO.
d) Actively contribute to the tuning of existing, and creation of new incident playbooks.
e) Provide support for incidents.
f) Contribute to the SIAD security initiatives.
g) Work with existing WIPO departments and teams to ensure smooth transitions of knowledge and tickets.
h) Work to reduce iSOC overhead by applying automation.
i) Research, create and develop internal iSOC tools to help automate repetitive tasks and reduce MTTR.
j) Carry out any other related duties as required.

3. Reporting 

The incumbent will work under the direct supervision of the iSOC Manager.
4. Profile (e.g. area of specialization/expertise, specific knowledge/skills/experience)

Essential:
a) At least three years’ relevant professional experience working in a Security or Network Operations Centre. Or one year working in a SOC or NOC, plus two years of relevant experience working in an information security discipline.
b) At least 1 year of experience working with handling detections and escalations in a public cloud environment.
c) At least 1 year of experience working with CrowdStrike’s EDR and Anti-Virus products.

Desirable:
a) Experience working with AWS native security technology – GuardDuty, Security Hub.
b) Experience working in an M365 environment and using Microsoft M365 technologies.
c) Experience or knowledge of a CrowdStrike technology outside of their EDR and Anti-Virus products.
d) Experience working with a commercial SIEM.
e) Experience with powershell, both writing and reviewing.

Languages

Essential:
Excellent written and spoken knowledge of English.

Desirable:
Knowledge of other UN official languages, particularly French.

Job-Related Competencies

Essential
a) Excellent analytical skills
b) Knowledge of common information security models such as MITRE ATT&CK and D3FEND, OODA Loop and the Lockheed Martin Kill Chain.
c) Familiarity with common threat hunting models such as Attack and Data based hunting Anomaly Detection and Timeline Analysis.
d) Familiarity with a broad range of security technologies supplemented by in-depth knowledge in specific areas of relevance.
e) Excellent communication and interpersonal skills and ability to maintain effective partnerships and working relations in a multi-cultural environment with sensitivity and respect for diversity.

Desirable
Knowledge of:
a) enterprise and security architecture principles and models;
b) identity and access management technologies;
c) infrastructure security: n-tier architectures, PKI, firewalls, intrusion detection/prevention tools, endpoint security, API security, server and network security, database security (SQL DB/Oracle);
d) application development and DevSecOps;
e) cloud-based technologies in AWS, Microsoft or other CSPs.

5. Duration of contract and payment

a) The contract duration will adhere to WIPO ICS terms and conditions thus will have a contractual limit of two years.

b) Financial compensation will align with the organisation’s published ICS rates for near-shore or Geneva, Switzerland depending on the ICS’s location. Applicants are requested to provide an indication of their remuneration expectations in Swiss francs (daily rate).