FULL-TIME JOB VACANCY
INFORMATION SECURITY TECHNOLOGIST
Information Security Program
Multiple Locations Considered
Application Deadline: 30 June 2022

The Information Security Program of Human Rights Watch (HRW) supports the organization in responding to near- and far-term security threats, incorporating security into our existing processes and architecting new ones, and ensuring that HRW makes informed decisions about the responsible use of technology.

The Information Security Program is seeking an?Information Security Technologist?to work on securing HRW’s IT systems, devices, and assets. This position will work closely with IT and stakeholders across HRW to ensure systems and processes have technical security controls in place that are responsive to our threat landscape while also meeting our operational, ethical, legal, and regulatory requirements.

The Technologist will work in collaboration with the Information Security team to monitor systems for compromise, conduct investigations and incident response. This position can be based in any office location with a preference for working hours that overlap with the US Eastern time zone. The Technologist reports to the Director for Information Security based in Berlin.

Due to COVID-19, many of our global offices are currently operating in reduced capacities. The successful candidate may be required to work remotely if local mandates necessitate. We recognize that this moment, during the pandemic, is a uniquely difficult time for most people, particularly those with caregiving responsibilities, and we aim to be as flexible and supportive as possible in both the recruitment for and onboarding of this position.

Responsibilities:

1. Endpoint Security – review laptops and smart phones for indications of compromise, create and tune detection rules for malicious activity, and contribute to device hardening guidelines.

2. Identity and Access Management– review user account activity for indications of compromise, create and tune detection rules for malicious activity, and help strengthen access controls.

3. Incident Response – assist with incident handling, perform response and containment actions, collect digital forensics, and create detailed incident documentation.

4. Technology Evaluation – assist with performing research and evaluations of the software, hardware, and online services and platforms used by HRW.

5. Vulnerability Management – assist with evaluating and mitigating vulnerabilities within HRW systems and devices.

6. Threat Intel – assist with researching existing and emerging threats against HRW, and help create detection, mitigation, and response strategies.

7. Security Tools – assist with managing, operating, and automating the tools and platforms used to secure HRW’s systems and devices.

8. Infrastructure – help identify security gaps in HRW’s IT environment and recommend improvements.

9. Collaboration – work with the Safety and Security team, IT, and HRW staff to resolve issues.

10. Documentation – create and maintain high-quality, accurate, and in-depth data and documents on information security processes, technologies, and/or related coverage areas.

11. Reporting – support the development of reports and key metrics of IT and information security programs.

12. Perform other duties as required.

Education:

A level of education that when combined with your professional experience will adequately show you have the capability to contribute meaningfully to HRW's information security program.

Candidates who have relevant academic degrees or security certifications are encouraged to apply, but this is a plus - not a requirement

Required Experience and Skills:

1. A minimum of 3 years of relevant professional security experience;

2. Hands-on experience with securing and defending Windows devices; experience with Apple devices strongly desired;

3. Knowledge of IT and security technologies – firewalls, IDS, anti-malware, VPN, MFA, RBAC, encryption, operating system processes, VMs, LAN/WAN networking, TCP/IP protocols;

4. Knowledge of email security gateways and message authentication (such as SPF, DKIM, DMARC);

5. Knowledge of industry security controls, standards, and frameworks;

6. Working knowledge of the risks associated with human rights and/or civil society activism and/or journalism globally;

7. Experience in making risk-based assessment of context and defensive measures to inform security controls and settings & guidance to users;

8. Ability to handle multiple projects simultaneously and adjust to changing priorities;

9. Ability to make progress independently toward short- and long-term projects;

10. Ability to work collaboratively with both technical and non-technical staff;

11. Ability to respectfully engage with people from different countries and cultures; and

12. Excellent organization, communication, and interpersonal skills.

Desired Experience and Skills:

1. Fluency or proficiency in additional languages;

2. Experience with Azure AD, Microsoft 365, and related apps and services;

3. Experience in managing and supporting Identity and Access Management products;

4. Experience with a SIEM, preferably Azure Sentinel;

5. Ability to identify key risks in IT systems and determine appropriate mitigations; and

6. Demonstration of a desire to share knowledge or research, such as through contributing to an open-source project or repo, speaking at a security conference, or writing blog posts or articles on technical subjects.

Salary and Benefits: HRW seeks exceptional applicants and offers comprehensive compensation and benefits. HRW can offer a relocation assistance package and immigration support for this role if required, and people of all nationalities are encouraged to apply.

How to Apply: Please apply immediately or before 30 June 2022 by visiting our online job portal at careers.hrw.org and submitting a cover letter and resume or CV. No calls or email inquiries, please. Only complete applications will be reviewed, and only shortlisted candidates will be contacted.

If you are experiencing technical difficulties with your application submission, or if you require accommodations during the application process, please email?recruitment@hrw.org. Due to the large response, application submissions via email will not be accepted and inquiries regarding the status of applications will go unanswered.

Human Rights Watch is strong because it is diverse.?We actively seek a diverse applicant pool and encourage candidates of all backgrounds to apply. Human Rights Watch does not discriminate on the basis of disability, age, gender identity and expression, national origin, race and ethnicity, religious beliefs, sexual orientation, or criminal record. We welcome all kinds of diversity. Our employees include people who are parents and nonparents, the self-taught and university educated, and from a wide span of socio-economic backgrounds and perspectives on the world. Human Rights Watch is an equal opportunity employer.

Human Rights Watch is an international human rights monitoring and advocacy organization known for its in-depth investigations, its incisive and timely reporting, its innovative and high-profile advocacy campaigns, and its success in changing the human rights-related policies and practices of influential governments and international institutions.