Penetration Testing Officer
3 settimane fa
**Purpose of the Position**
The Cybersecurity team provides Red Team services amongst the different types of penetration testing services for the United Nations organizations and agencies.
The incumbent will undertake a wide arrange of deliveries, such as simulation of real-world attackers, intrusions and purple team exercises.
**Objectives of the Programme**
UNICC provides the digital foundations that support the digital transformation and future of the UN system and other international organizations.
**Main duties and responsibilities**:
The incumbent will work under the direct supervision and guidance of the Cybersecurity Specialist and will be in close collaboration with the Cybersecurity Assurance and Architecture Section (CSA) and wider Cybersecurity Division (CS).
The incumbent could be requested to do any other tasks of similar level in related fields.
- Conduct white, grey, and black box penetration testing of web, mobile, API, network, and cloud environments, using both manual and automated techniques
- Design and execute adversary emulation scenarios informed by threat intelligence to assess real-world resilience against advanced threats
- Prepare high-quality, standardized security assessment reports, including technical findings, mapped severity ratings (e.g., CVSS), business impact analysis, and prioritized remediation guidance
- Coordinate communication process with clients, delivering clear, concise, and professional presentations of testing results to both technical and executive stakeholders
- Lead the design and implementation of standardized processes, templates, and best practices to ensure consistent quality across security assessments, reporting, and client deliverables, promoting a culture of integrity, professionalism, and data confidentiality in all interactions and deliverables
- Drive continuous improvement initiatives focused on elevating the team's performance, reporting homogeneity, and client satisfaction
- Comply with all corporate and departmental privacy and data security policies and practices (e.g., OWASP, NIST, ISO 27001)
- **Other**: Provide ad hoc support either within the team or in other teams as required - this includes the participation in special projects or support to service delivery for short period of time on a part-time or full-time basis upon request from the senior management.
Recruitment Profile
**Experience and Skills required**:
**Essential**:
- Minimum of five (5) years of proven experience in Cybersecurity roles, with a strong focus on offensive security, ethical hacking, or penetration testing
- Prior experience conducting penetration tests, Red Team, and Purple Team exercises in a team setting, though not necessarily in a leadership role
- Prior experience working in highly regulated environments, such as government agencies, defence, or major private sector organizations, with hands-on experience in at least one compliance or audit standard (e.g., ISO 27001, NIST, GDPR, PCI-DSS, SWIFT)
- Proficiency in attack simulation using both automated and manual tools
- Ability to independently conduct:
- Large Language Model (LLM) penetration test.
- Network penetration test
- Cloud penetration test
- Demonstrated ability to integrate AI-based solutions into cybersecurity environments to optimize performance, improve results, and enhance service quality for clients
- Intermediate proficiency in Python, Bash and PowerShell
- Conduct a culture of integrity, professionalism, and data confidentiality in all interactions and deliverables
**Desirable**:
- Proven experience participating in international vulnerability disclosure programs or bug bounty platforms, with public recognition in security halls of fame or published CVEs
- Experience as a speaker, trainer, or author at cybersecurity events, conferences, or courses
- Knowledge of DevSecOps principles and familiarity with Kubernetes and container security
- Experience working in an international and globally distributed environment
**Education**:
**Essential**:
- First University Degree in Cybersecurity, Information Security, Computer Science, Telecommunications or related area
**Desirable**:
- Penetration test certifications from one of the following vendors: Offensive Security, Zero Point Security, Mobile Hacking Lab, Crest, PortSwigger, eLearnSecurity, CompTIA, etc.
**Languages**:
- **English**: Expert knowledge is required
- **Spanish**: Intermediate knowledge is desirable
- Knowledge of another UN official language will be an advantage
**UNICC Global Competencies**:
- **Teamwork**:Develops and promotes effective relationships with colleagues and team members.
Deals constructively with conflicts.
- **Communicating**:Expresses oneself clearly in conversations and interactions with others; listens actively.
Produces effective written communications.
Ensures that information is shared.
- **Respecting and promoting individual and cultural differences**:Demonstrates the ability to work constr
-
IT Application Development Officer
2 giorni fa
Brindisi, Puglia, Italia UNICC A tempo pienoPosition DescriptionPurpose of the Position:The purpose of this position is to:- Provide quality assurance and management roles for UNICCs Application Delivery Unit (CPD) managed projects as part of the Clients and Projects Division- Build, implement and support best practices to ensure Application Development processes are managed in compliance with UNICC...