Global RolesGlobal Roles

Security Analyst/Senior Security Analyst (Cloud Security Assurance)

International Monetary Fund

Location:
Washington DC, USA
Grade:
A11, A12
Category:
Professional Staff
Posted Jun 25, 2026Apply by Jul 9, 2026 (12d left)

The IMF's Information Technology Department (ITD) is seeking a Security Analyst/Senior Security Analyst (Cloud Security Assurance) to provide expertise in defining, designing, engineering, and validating security configurations of technology platforms in cloud and on-premises environments. The role involves working with project teams, service providers, and business units to ensure secure technology operations and risk management.

Responsibilities

  • Provide cybersecurity assurance expertise for IT initiatives focusing on Microsoft Azure, Entra ID and hybrid cloud environments.
  • Define, guide engineering and validate implementation of technology agnostic security control standards, technology-specific configuration baselines and implementation guidelines for cloud and on-premises platforms and services, emphasizing automation for security configuration and posture management, policy-as-code (Azure Policy, Terraform).
  • Maintain impartiality around IT systems to produce unbiased reports on information security risk.
  • Conduct quality assurance reviews of security requirements and audit recommendations for implementation of identified solutions.
  • Communicate requirements and provide guidance to staff and stakeholders on appropriate security design and technical configuration of controls on IT platforms throughout their lifecycle.
  • Work closely with IT project teams to develop and implement security controls for new and existing cloud services including Microsoft Azure, Entra ID and Microsoft 365 ecosystem.
  • Advocate information security by working proactively with IT stakeholders, service providers, and business units to provide security-related technical solutions.
  • Identify opportunities to improve business practices or IT security-related processes including automation, compliance, and secure integration.
  • Prioritize, monitor, and assess compliance and audit recommendation results to ensure comprehensiveness and quality.
  • Support Zero Trust initiatives promoting identity-centric access, device health posture, segmentation, and continuous verification across services.
  • Develop and maintain scripts and templates (PowerShell, Python, Azure Policy, Terraform) to perform compliance checks and generate reporting across Azure and Entra ID.
  • Support logging and monitoring efforts using Azure Monitor, Log Analytics (KQL), and Microsoft Sentinel.
  • Contribute to secure design, architecture and configuration of services such as Azure Kubernetes, Functions, APIM, Key Vault, and Power Platform.
  • Design and validate security configuration baselines for SaaS platforms (e.g., ServiceNow, Workday, Salesforce) ensuring alignment with organizational policies and compliance requirements.
  • Support audit and compliance initiatives such as ISO 27001 certification, IT General Controls relevant for ICFR, internal and external audits, promoting self-compliance to policies and standards by IT staff and managers.
  • Keep abreast of international standards, best practices and regulations in information security, artificial intelligence, and data privacy and their impact on IMF information assets.
  • Analyze, recommend, and implement process improvements within information security context.

Requirements

  • Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 10 years of relevant experience working in cloud security, assurance, or architecture roles; OR Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 4 years of relevant experience working in cloud security, assurance, or architecture roles.
  • Certifications: CISSP or CISM (minimum required).
  • Microsoft Certified: Azure Security Engineer Associate (minimum required).
  • Preferred certifications: CCSP, Microsoft Certified: Cybersecurity Architect Expert, Microsoft Certified: Azure Solutions Architect Expert, Microsoft Certified: Azure Administrator Associate, Microsoft Certified: Azure DevOps Engineer Expert, other Microsoft cloud security related certifications at the Expert level, GIAC cloud security related certifications.
  • Proven track record delivering technical security assurance and engineering solutions, with hands-on experience in operational security for regulated environments, especially in Azure and Microsoft cloud platforms.
  • Experience with multi-cloud security posture management and familiarity with tools like Wiz, Orca, Prisma Cloud, Microsoft Defender for Cloud.
  • Extensive technical hands-on security experience across a broad range of Microsoft cloud services including Azure IaaS/PaaS, Entra ID, Conditional Access Policies, PIM; Azure Policy and Defender for Cloud; Intune; Graph API, Azure Monitor and Microsoft Sentinel; Microsoft 365 security (Exchange Online, Teams, SharePoint/OneDrive), and other key components of the Microsoft security ecosystem such as Purview.
  • Advanced working knowledge and preferably hands-on experience in Windows/Linux administration fundamentals, Firewalls, Active Directory/Entra hybrid concepts, and Azure networking (VNets, subnets, NSGs, Private Link, Application Gateway).
  • Knowledge of Zero Trust principles; Azure Firewall/WAF and cloud edge controls; SIEM/SOAR (Microsoft Sentinel preferred); familiarity with enterprise security tooling and NDR concepts.
  • Proficiency in PowerShell scripting to automate compliance checks, configuration, and reporting across Azure and Entra ID.
  • Deep expertise with Entra ID app registrations, OAuth 2.0/OIDC flows, delegated vs. application permissions, Graph API consent models, admin/user consent workflows, and permission governance.
  • Experience with Power Automate, Power Apps, Power BI, Data Factory.
  • Expertise in securing infrastructure, application and database components through tailored hardening approaches, employing modern tools and techniques to protect the full technology stack.
  • Hands-on experience with Infrastructure as Code (IaC) security scanning (e.g., Checkov, tfsec).
  • Experience securing Kubernetes clusters and containerized workloads (e.g., AKS).
  • Experience with serverless security (e.g., Azure Functions) and related risks.
  • Automation of security controls and compliance checks using scripting (Python, Bash, PowerShell).
  • Ability to balance security demands with business reality and commitment to continuous learning to stay current with evolving cybersecurity landscape.
  • Strong knowledge of security solutions, emerging threats, and effective countermeasures.
  • Analytical skills enabling synthesis of inputs from many sources and strategic thinking and tactical implementation.
  • Excellent spoken and written communication skills to articulate complex technical ideas to non-technical stakeholders.
  • Ability to think laterally and propose detailed, complex solutions to technical issues.
  • Interpersonal skills that create openness and trust among colleagues.
  • Ability to work well under pressure and meet tight deadlines with high motivation, confidence, integrity, and responsibility.
  • Organizational skills, responsiveness, and ability to multi-task with focus on driving results.
  • Excellent interpersonal and relationship management skills, ability to work independently and in teams, including with senior staff and managers.
  • Facilitation and conflict management skills enabling effective working relationships.

Skills

  • Cloud Security Assurance
  • Security Architecture
  • CISSP Certification
  • CISM Certification
  • Azure Security Engineer
  • CCSP
  • Microsoft Certified Cybersecurity Architect Expert
  • Microsoft Certified Azure Administrator Associate
  • Microsoft Certified Azure DevOps Engineer Expert
  • GIAC Cloud Security Certifications
  • Azure IaaS/PaaS
  • Entra ID
  • Conditional Access Policies
  • Privileged Identity Management
  • Azure Policy
  • Defender for Cloud
  • inTune
  • Graph API
  • Azure Monitor Configuration
  • Microsoft Sentinel
  • Microsoft 365 Security
  • Purview
  • Windows Administration
  • Linux OS Administration
  • Firewall Management
  • Active Directory Hybrid Concepts
  • Azure Networking
  • Zero Trust principles
  • Azure Firewall
  • Web Application Firewall
  • SIEM
  • SOAR Platforms
  • Network Detection and Response
  • PowerShell Scripting
  • OAuth 2.0
  • OIDC Flows
  • Power Automate
  • Power Apps
  • Power BI
  • Data Factory
  • Infrastructure as Code
  • Checkov
  • tfsec
  • Kubernetes Security
  • Azure Kubernetes Service
  • Serverless Security
  • Azure Cloud Functions
  • Python Scripting
  • Bash Scripting
  • Security Controls Automation
  • Security Compliance Automation
  • Security Hardening
  • Security Risk Management

Languages

English

View on Global Roles — see your AI match

Source: original IMF posting ↗