E T Consultant

Job #: req37075
Organization: World Bank
Sector: Information Technology
Grade: EC1
Term Duration:  1 year 0 months
Recruitment Type: Local Recruitment
Location: Chennai,India
Required Language(s): English
Preferred Language(s):
Closing Date: 6/23/2026 (MM/DD/YYYY) at 11:59pm UTC

Description

Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org
ITS Vice Presidency Context 
The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video: https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w
Unit Context
The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives.  ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy.   ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards;  develops and engineers the WBG’s information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance. 
Duties and Accountabilities:
ITSIS is seeking to fill the position of ET Consultant within ISOC. The ET Consultant serves across all areas of threat intelligence to help inform and defend the business and protect brand reputation. As a trusted member of the cybersecurity team and industry community, the analyst works closely with internal technical teams, business units and external entities aligned with the business, including private intelligence-sharing groups, law enforcement, government agencies and public affiliation peers. The IT Analyst is responsible for conducting in-depth research, documenting threats, understanding the risk to the business, and sharing information with those who need to know. The analyst will also distill threat intelligence so technical and non-technical contacts can understand it and make educated decisions about next-step actions. In addition to applied experience, the individual will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus.
Scope of Work
• Research current and emerging threats facing the business and industry sector. 

• Lead production and delivery of recurring threat intelligence reports, summarizing relevant cyber threats to WBG infrastructure.

•Conduct and publish in-depth risk assessments to evaluate and categorize the risk posture of detected cyber threats while supporting development and refinement of risk assessment methodologies and tools used for threat categorization

• Maintain a current understanding of advanced persistent threats (APTs), threat actor tactics, techniques, and procedures (TTPs), and cyber threat trends. 

• Collaborate with internal and external stakeholders, to gather and share relevant threat intelligence.

• Develop and maintain threat profiles and reports to enhance detection and response capabilities.

• Continuously update and refine existing threat intelligence processes and methodologies to ensure the organization remains at the forefront of cyber defense.

• Centralize multiple threat sources (premium, industry-shared, open-source, dark web), correlate indicators and threats, and distill actionable intelligence. 

• Use automation to efficiently streamline and de-duplicate threats for playbooks, but use human analysis for actionable decision-making. 

• Document threats into contextual reports outlining severity, urgency and impact, and ensure they can be understood by both management and technical teams.  

• Serve as a trusted advisor to establish credibility with business unit leadership and technical teams. 

• Use and assign indicator severity and impact ratings to determine appropriate plans of action. 

• Evaluate and implement deception techniques designed to thwart adversaries.  

• Work closely with security leadership to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure. 

• Be readily available to participate in collaborative threat analysis meetings with internal and external trusted entities.  

• Maintain an up-to-date level of knowledge related to security threats, vulnerabilities and mitigations to reduce attack surface, and circulate it through business units.  

• Create and deliver data driven reports and presentations for management and other stakeholders. 

• Liaison with threat hunting, infrastructure, IT, vulnerability management, threat intelligence and software engineer team members.  

• Leverage operational results to identify, communicate, and mitigate identified threats as well as implement knowledge sharing across various teams.

• Bring an applied understanding of relevant and emerging technologies, begin to identify opportunities to provide input to the team and coach others, and embed learning and innovation in the day-to-day

• Be readily available to participate in collaborative threat analysis meetings with internal and external trusted entities.  

• Familiarity with using OpenAI's GPT models via Azure, including fine-tuning, deploying, and scaling these models.

• Understanding of various generative models (e.g., GPT, GANs) and their applications.

• Plan and execute the implementation of threat management solutions through a data driven and agile approach.

• Perform other duties as assigned.

Selection Criteria

• Bachelor’s or Master’s degree with 2 years of experience or equivalent combination of education and experience (for example, in the IT field: Bachelor’s Degree with a minimum of 1 year of related work experience). 

• Minimum 5 years of Information Security experience required with majority of time in a SOC. 

• Strong written and verbal communication skills across all levels of the organization. 

• Applicable knowledge of adversary tactics, techniques and procedures (TTPs), MITRE ATT&ACK framework, CVSS, open source intelligence (OSINT) and deception techniques.  

• Demonstrated ability to investigate, handle and track incidents. 

• Proficient in SIEM, intrusion detection and prevention systems (IDS/IPS), threat intelligence platforms and security orchestration, automation and response (SOAR) solutions to centralize and manage incident and remediation workflow. 

• Ability to analyze incident logs, assess malware, and understand vulnerabilities and exploits, along with strong operating systems knowledge. 

• Experience in incident handling, vulnerability management, hacking tools, intelligence gathering and kill chain methodology. 

• Proven threat hunting experience and ability to track adversaries.

• Demonstrated experience conducting tabletop exercises and adversary emulation.  

• Capable of working with diverse teams and promoting an enterprise-wide positive security culture. 

• Ability to maintain a high level of integrity, trustworthiness and confidence, with the highest level of professionalism.  

• Strong project management, multitasking and organizational skills.  

• Ability to preserve credibility with the team and external constituents through sustained industry knowledge.  

• Ability to motivate teammates to achieve excellence and willingly shares knowledge. 

• Proven experience executing cyber threat hunting, incident response, or other relevant security operations.

• Familiarity with common enterprise scripting languages (PowerShell, Python, Bash, etc.).

• Leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization.

• Excellent problem solving, communication and collaboration skills.

• Understanding of how operating systems work and how malware exploits them.

• Past exposure to handle malware and financial crime malware related incidents.

• Familiarity with industry-standard processes defined for systems design, database design, development, testing, and integration phases of a project, including Agile-based implementations.

• Experience working in Agile environments, participating in Agile ceremonies, and utilizing Agile methodologies for security operations and threat investigations.

• Knowledge of common hacking tools and techniques

Preferred Skillsets / Requirements
• GIAC Certified Incident Handler (GCIH), GIAC Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware Certification (GREM), Certified Information Systems Security Professional (CISSP) preferred, but not required. 
Competencies 
• Client Understanding and Advising - Looks at issues from the client’s perspective and takes action beyond normal expectations to ensure client satisfaction.

• Learning Orientation - Stays abreast of new trends and developments in own specialty area, the broader industry, and exposes self to increasingly more challenging projects and opportunities to learn.

• Broad Business Thinking - Maintains an in-depth understanding of the long term implications of decisions both for department and the client’s business. Ensures that decisions are supported by relevant stakeholders as well as sound performance data.

• Compliance with Standards - Monitors and maintains records on requests for information and assistance.

• Knowledge of Emerging Technology - Tests new technology to evaluate capability compared to specifications.

WBG Culture Attributes:

1. Sense of urgency: Anticipate and quickly respond to the needs of internal and external stakeholders.
2. Thoughtful risk-taking: Challenge the status quo and push boundaries to achieve greater impact.
3. Empowerment and accountability: Empower yourself and others to act and hold each other accountable for results.

World Bank Group Core Competencies

As per WBG policy, an Extended Term (ET) appointment is subject to a lifetime maximum of three (3) years. Former and current ET staff who have completed or are in the process of completing their third-year ET appointment are not eligible for future ET appointments.

We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.

Learn more about working at the World Bank and IFC including our values and inspiring stories. 

At Impactpool we do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
Before applying, please make sure that you have read the requirements for the position and that you qualify. Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.