Description

Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 120 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit http://www.worldbank.org

ITS Vice Presidency Context:

The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video: https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w

Unit Context

The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the WorldBank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards; develops and engineers the WBG’s information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance.

Roles & Responsibility :

ITSIS is seeking to fill a vacant Senior IT Assistant, Security, Risk and Compliance position within the TVM (Threat and Vulnerability Management) team. The successful candidate will be responsible for routine tasks in the areas of infrastructure vulnerability management, DevOps vulnerability management, and vulnerability intelligence.

The primary responsibilities will include, but are not limited to, the following:

•Conduct regular vulnerability assessment scans on all enterprise IT assets and troubleshoot any problems encountered.

•Perform manual penetration testing using open source and commercial security tools.

•Work closely with system/network administrators, and software vendors to remediate any vulnerabilities discovered.

•Work with commercial security tool vendors to resolve any bugs and false positives in their products.

•Produce and maintain appropriate documentation and dashboards detailing the enterprise vulnerability posture.

•Track relevant security metrics and key performance indicators, analyze test results and vulnerability trends, and prepare status reports.

•Review vulnerability intelligence, create and send advisories to relevant teams.

•Stay abreast of newer trends in tools and technologies used for vulnerability management and assessment.

Selection Criteria

•Bachelor's degree in Computer Science, Information technology, systems engineering, or a related field with no experience required or equivalent combination of education and relevant experience in Information Security with majority of time in infrastructure vulnerability management and DevOps vulnerability management including infrastructure-level penetration testing.;

•Good understanding of operating system and application security.

•Experience using and customizing open source security tools.

•Good level knowledge of programming languages (including interpreted languages) such as Java, Perl, Python, PowerShell, or Bash.

•Basic level knowledge of TCP/IP networking concepts and protocols, advanced technical knowledge of common network protocols (DNS, HTTP/HTTPS) and network security concepts.

•Previous good experience in using vulnerability scanning tools.

•Previous good experience in using centralized management consoles of vulnerability scanning tools (preferable Tenable SecurityCenter).

•Previous good experience in using vulnerability intelligence tools.

•Previous good experience in using penetration testing tools.

•Intermediate-level knowledge in common attacks against servers and endpoints.

•Intermediate-level knowledge in common attacks against web applications and OWASP Top 10.

•Intermediate-level knowledge in hardening platforms like Windows, Linux, Network devices etc.

•Risk Management - Reduces risk by solving day-to-day problems as they arise.

•Client Orientation - Takes personal responsibility and accountability for timely response to client queries, requests or needs, working to remove obstacles that may impede execution or overall success.

•Drive for Results - Takes personal ownership and accountability to meet deadlines and achieve agreed-upon results and has the personal organization to do so.

•Team player with strong technical and user support skills.

•Good oral and written communication skills.

World Bank Group Core Competencies

The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.

We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.

Learn more about working at the World Bank and IFC, including our values and inspiring stories.