The Information Security team of Human Rights Watch (HRW) is seeking an information security technologist. The information security team supports HRW and its counterparts in being responsive to near and far term threats, ensuring that HRW makes informed decisions about the responsible use of technology, and providing technical knowledge and capacity in areas relating to targeted government hacking, censorship, surveillance, encryption, data privacy, and/or digital forensics. This fixed-term, full-time position for one year will report to the Director of Information Security. The preferred location for this position is the New York office but other major HRW offices may be considered.
We are keen to receive applications from people who consider themselves under-represented in the security and/or technology communities - even if they feel they meet only some of the qualifications.
We do NOT expect applicants to have all the qualifications or responsibilities described below. The position description provides the overall combination of responsibilities of our team. The individual technologist’s responsibilities will be largely determined by the qualifications of the final candidate. We expect this technologist to grow into their role but also to make it their own.
- Security Guidance and Support: Develop, document, and provide guidance on security controls that are appropriate for the risks HRW staff face and supportive of the unique requirements of their work.
- Technology Evaluations: Conduct initial security and privacy evaluations, and ongoing vulnerability monitoring of HRW systems, formal and informal third-party software tools, and consumer-technology of interest to HRW researchers.
- Security Monitoring and Alerts: Support the design, strategy, and implementation of HRW security monitoring practices; Produce and distribute information security alerts, warnings, and announcements to staff.
- Incident Handling and Analysis: Identify, prioritize, investigate, classify, and remediate cyber security incidents including collecting evidence and reverse engineering possibly malicious files.
- Threat Information Sharing: Work closely with our partners and counterparts to establish, maintain, and contribute to active threat information sharing channels that ensure HRW and its counterparts are responsive to near and far term threats.
- Responsible Usage Guidance and Support: Ensure our use of technology and data respond to the ethical, legal, social, and privacy-related challenges that come from using technology and data in human rights work.
- Awareness Raising: Promote a risk-aware culture across HRW by conducting information security trainings and awareness raising activities with staff.
- Thematic Support: Serve as a resource for technical knowledge, assistance, and investigative collaboration for HRW researchers in all areas relating to targeted government hacking, censorship, surveillance, encryption, data privacy, and digital forensics.
- Travel internationally, as required.
- Deliver outputs in a timely manner and be consistent with the agreed strategy and priorities of the Information Security Team.
- Carry out any other duties as required.
We do NOT expect applicants to have all the experience described below. This section contains an illustrative list of the kinds of experience that we will be looking at when evaluating applications.
- Experience in information security in the context of targeted and/or vulnerable populations, complex humanitarian crises, human rights defense, armed conflict, or widespread violence.
- Experience with threat management and incident response including direct command of incidents, prioritization of findings, evidence collection, developing remediation strategies, and measuring those strategies.
- Experience with information security risk management practices, including threat modeling, risk assessment, and/or digital security evaluations of tools, platforms, or workflows.
- Experience configuring security systems, including firewalls, intrusion detection/prevention systems, content filtering, log management, endpoints, and alerting.
- Experience in software and malware reverse engineering, including reversing mobile applications and mobile malware; detecting and reversing document based malware; reversing packed and obfuscated code; and using static and dynamic analysis tools, disassemblers, and/or debuggers.
- Experience conducting technical investigations, including open-source intelligence investigations; finding, extracting, and manipulating structured and unstructured data sets; digital security and/or privacy evaluation of software; conducting network/censorship measurement; and/or tracking and linking cyber threat and/or malware campaign activity.
Related Skills and Knowledge:
- Optimism, a sense of humor, and excitement about joining a supportive, skilled, and diverse team.
- Strong technical understanding of the internet, digital threats faced by victims of human rights abuse and human rights activists and defenders, and digital security tools and tactics that can be used to address those threats.
- Excellent ability to work collaboratively and respectfully with others in multicultural teams, across organizational boundaries and multiple time zones, and with employees at all levels. Language skills and field experience a plus.
- Ability to explain complex technical subjects clearly and respectfully to audiences of specialists in non-technical fields.
- Ability to simultaneously handle multiple projects effectively and adjust to changing priorities.
- Strong critical thinking/analytical skills, creativity, and a proven drive for quality.
HRW seeks exceptional applicants and offers competitive compensation and employer-paid benefits. HRW offers a relocation assistance package and will assist employees in obtaining necessary work authorization, if required; citizens of all nationalities are encouraged to apply.