Security Analyst/Senior Security Analyst (Cloud Security Assurance) - ITDSGGR (Contractual) jobs in United States
cer-icon
Apply on Employer Site
company-logo

International Monetary Fund · 1 day ago

Security Analyst/Senior Security Analyst (Cloud Security Assurance) - ITDSGGR (Contractual)

positionWashington, DC
timeFull-time
remoteOnsite
seniorityMid, Senior Level
date4+ years exp

The International Monetary Fund (IMF) is seeking a Security Analyst/Senior Security Analyst (Cloud Security Assurance) to join their Information Technology Department. This role involves providing expertise in defining, designing, engineering, and validating security configurations for technology platforms in both cloud and on-premises environments, while advising project teams and stakeholders on safeguarding information and managing risks.

FinanceFinancial ExchangesFinancial Services

Responsibilities

Senior individual contributor to provide cybersecurity assurance expertise for a broad range of IT initiatives with a focus on Microsoft Azure, Entra ID and hybrid cloud environments. This includes but is not limited to defining, guiding the engineering and validating implementation of technology agnostic security control standards, technology-specific configuration baselines (security hardening) and implementation guidelines for technology platforms (both cloud and on-prem) and services, with emphasis on automation for security configuration and posture management, policy-as-code (Azure Policy, Terraform)
Maintain impartiality around IT systems to produce unbiased reports on information security risk
Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions
Effectively communicates requirements and provides guidance to staff and stakeholders in different IT teams on appropriate security design and technical configuration of related controls on IT platforms throughout their lifecycle
Works closely with IT project teams to develop and implement security controls for new and existing cloud services, including but not limited to Microsoft Azure, Entra ID and Microsoft 365 ecosystem
As an advocate of information security, works closely and proactively with IT stakeholders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes, including automation, compliance, and secure integration
Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality
Support Zero Trust initiatives, by promoting identity-centric access, device health posture, segmentation, and continuous verification across services
Develops and maintains scripts and templates (e.g. PowerShell, Python, Azure Policy, Terraform) to perform compliance checks and generate reporting across Azure and Entra ID
Supports logging and monitoring efforts, using Azure Monitor, Log Analytics (KQL), and Microsoft Sentinel
Contributes to secure design, architecture and configuration of services such as Azure Kubernetes, Functions, APIM, Key Vault, etc., and Power Platform
Designs and validates security configuration baselines for SaaS platforms (e.g., ServiceNow, Workday, Salesforce, etc.), ensuring alignment with organizational policies and compliance requirements
Other ad hoc responsibilities may include:
Support the information security assurance manager with audit and compliance initiatives such as the Fund's ISO 27001 certification, IT General Controls relevant for ICFR, internal and external audits, etc., promoting self-compliance to policies and standards by IT staff and managers. Keeps abreast of international standards, best practices and regulations in the areas of information security, artificial intelligence, and data privacy, and how these measures could affect information assets owned by, or administered on behalf of, the IMF
Analyzes, recommends, and implements process improvements within the context of information security

Qualification

Cloud Security AssuranceMicrosoft AzureSecurity ConfigurationCybersecurity StrategyCISSPCISMPowerShell ScriptingIncident ManagementDigital ForensicsZero Trust PrinciplesAnalytical SkillsRelationship ManagementCommunication SkillsInterpersonal SkillsTime Management

Required

Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 10 years of relevant experience working in cloud security, assurance, or architecture roles
Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 4 years of relevant experience working in cloud security, assurance, or architecture roles
CISSP or CISM (minimum required)
Microsoft Certified: Azure Security Engineer Associate (minimum required)
Proven track record delivering technical security assurance and engineering solutions, with hands-on experience in operational security for regulated environments, especially in Azure and Microsoft cloud platforms
Multi-cloud security posture management and familiarity with tools like Wiz, Orca, Prisma Cloud, Microsoft Defender for Cloud, etc
Extensive technical hands-on security experience across a broad range of Microsoft cloud services, including Azure IaaS/PaaS, Entra ID, Conditional Access Policies, PIM; Azure Policy and Defender for Cloud; Intune; Graph API, Azure Monitor and Microsoft Sentinel; Microsoft 365 security (Exchange Online, Teams, SharePoint/OneDrive), and other key components of the Microsoft security ecosystem such as Purview
Advanced working knowledge (preferably previous hands-on experience) in: Windows/Linux administration fundamentals, Firewalls, Active Directory/Entra hybrid concepts, and Azure networking (VNets, subnets, NSGs, Private Link, Application Gateway)
Zero Trust principles; Azure Firewall/WAF and cloud edge controls; SIEM/SOAR (Microsoft Sentinel preferred); familiarity with enterprise security tooling and NDR concepts
Proficiency in PowerShell scripting to automate compliance checks, configuration, and reporting across Azure and Entra ID
Deep expertise with Entra ID app registrations, OAuth 2.0/OIDC flows, delegated vs. application permissions, Graph API consent models, admin/user consent workflows, and permission governance
Experience with Power Automate, Power Apps, Power BI, Data Factory
Demonstrates expertise in securing infrastructure, application and database components through tailored hardening approaches, employing modern tools and techniques to protect the full technology stack
Hands-on experience with Infrastructure as Code (IaC) security scanning (e.g., Checkov, tfsec, etc.)
Securing Kubernetes clusters and containerized workloads (e.g., AKS, etc.)
Experience with serverless security (e.g., Azure Functions, etc.) and related risks
Automation of security controls and compliance checks using scripting (Python, Bash, PowerShell)
Pragmatic security expert with an inherent ability to balance security demands with business reality
Demonstrates a commitment to continuous learning to stay current with the evolving cybersecurity landscape and to effectively apply security controls that support business goals
Strong knowledge of security solutions, emerging threats, and effective countermeasures
Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation
Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders
Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues
Interpersonal skills that create openness and trust among colleagues
Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity, and responsibility
Ability to be organized, responsive, and to be able to effectively multi-task with a focus on driving results
Demonstrate excellent interpersonal and relationship management skills. This includes the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers
Excellent relationship management skills. Facilitation and conflict management skills that enable effective working relationships

Preferred

CCSP
Microsoft Certified: Cybersecurity Architect Expert
Microsoft Certified: Azure Solutions Architect Expert
Microsoft Certified: Azure Administrator Associate
Microsoft Certified: Azure DevOps Engineer Expert
Other Microsoft cloud security related certifications at the Expert level
GIAC cloud security related certifications

Company

International Monetary Fund

twittertwittertwitter
company-logo
International Monetary Fund works to foster global monetary cooperation, secure financial stability, and reduce poverty around the world.
dateFounded in 1945
location
Washington, District of Columbia, USA
people-size1001-5000 employees
web-link
http://www.imf.org/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Kristalina Georgieva
Managing Director
linkedin

Recent News

The Express Tribune
'Seriously embraced' reforms of federal govt already yielding ‘fruits of action’: IMF chief
2026-01-24
Hindu Business Line
Ashwini Vaishnaw rejects IMF view on India’s AI ranking at Davos
2026-01-22
KPNews.com
Ukraine Has Done Its Part, Now Ukraine’s Friends Need to Do Theirs, IMF Managing Director Says
2026-01-22
Company data provided by crunchbase