What we do

The International Committee of the Red Cross (ICRC) works worldwide to provide protection and humanitarian assistance to people affected by conflict and armed violence. We take action in response to emergencies and, at the same time, promote respect for international humanitarian law. We are an independent and neutral organization, and our mandate stems essentially from the Geneva Conventions of 1949. We work closely with National Red Cross and Red Crescent Societies and with their International Federation in order to ensure a concerted, rational and rapid humanitarian response to the needs of the victims of armed conflict or any other situation of internal violence. We direct and coordinate the international activities conducted in these situations.

Our Values

At the ICRC, we value impact, collaboration, respect, and compassion. We seek candidates who demonstrate behaviors based on these shared values. For more information on the ICRC values, please visit this

Purpose

Security Operations Center Engineer provides day-to-day operation of the ICRC's hybrid Security Operations Center (SOC), working under the supervision of the ICRC's SOC Coordinator and the overall ICRC Chief Security Information Officer function (CISO).

As part of a dedicated team based in Belgrade, the SOC engineer works as a Cyber Security Operations Center (SOC) analyst to prevent, detect, analyze, respond to, and report on cyber security incidents across the global ICRC IT landscape.

Accountabilities & Functional responsibilities

• Supports the SOC coordinator and CISO function in the delivery of the overall ICRC cyber security strategy.
• Contributes to the continuous improvement and evolution of the overall SOC mission.
• Cyber security monitoring:
  • Interfaces with SOC Service provider for suspected cyber security incidents
  • Acts as the contact point behind standard reporting channels for suspected cyber security incidents.
• Cyber security incident response:
  • Validates, triages, prioritizes, and manages Tier 1 cases
  • Manages specific Tier 2 tasks assigned by the SOC coordinator
  • Provides cyber security incident handling assistance to ICRC constituents and support teams
  • Disseminates incident-related information to constituents and concerned parties via the given process, tooling, and communication channels
  • Appropriately preserves evidence from impacted computing environments
  • Ensures containment, eradication and recovery tasks are appropriately performed
  • Escalates unresolved, persistent, or repetitive cases to the SOC Coordinator
• Vulnerabilities management:
  • Supports the operation of the global vulnerability management process
  • Coordinates remediation activities
  • Validates and verifies remediation activities.

Professional Experience required

• At least 2 years of relevant professional experience related to enterprise IT operations.
• Ability to manage workflows within dedicated case management and common service management tooling.
• Working knowledge with common desktop and server OS, container technology, databases, and network administration/management.
• Working knowledge of OSI network stack including major IPv4/IPv6 protocols using TCP/UDP including SMTP, HTTP, DNS, SNMP, LDAP, etc.
• Fluency in 1 or more scripting languages.
• Basic knowledge of enterprise security architecture and engineering.
• Solid sense of integrity, limits, and understanding of the overall SOC organization and wider mission.
• Basic knowledge of digital forensics.
• Proven experience using a corporate service-management (ticketing) tool.
• Extensive experience with Microsoft-based solutions. Active Directory and other elements of the Microsoft ecosystem (other technologies may be needed on an ad-hoc basis).

Certifications / Education required

• University degree in Computer Science, Engineering, or related field.
• ITIL certification.
• Familiarity with core FOSS tools (e.g.: tcpdump, Wireshark)
• Basic knowledge of core crypto solutions including AES, RSA, DH, SHA, Kerberos, NTLMv2, TLS, OpenSSL.
• Excellent command (spoken and written) of English.
• Microsoft Certified System Engineer (MCSE) certification or equivalent experience.
• Certification relevant to computer network defense such as SANS GIAC, CEH, Security+, and/or Offensive Security is an asset.
• Python and/or PowerShell/PowerShell Core is an asset.

Additional information

• Type of role: Second Level Support System Administrator (800731)
• Working rate:100%
• Location: BSSC
• Job level: B3
• Length of assignment: Open-ended contract
• Type of position: Resident
• Application deadline: 10/11/2023

What we offer

• Work and progressive professional development in an exciting international environment
• An inspiring opportunity to practice your profession in a humanitarian and multicultural organization
• Stimulating benefits package