Senior ICT Associate

<!–

Description

–>

How can you make a difference?

The overall strategic goal of ICTD is to transform and build partnerships with our stakeholders to successfully implement UNICEF programmes globally using innovative, technology-enabled digital solutions for better outcomes for children, as well as lead and convene the organization in its digital transformation (DX) journey. A new robust cybersecurity workplan will accompany DX and is equally set to transform the way UNICEF conducts, manages, and safeguards its digital assets, which will necessitate a comprehensive engagement with our regional, country offices, and other HQ locations. As part of our strategic initiative to enhance our security posture and align cybersecurity postures of our digital platforms with our global standards, we are creating a new position for a Senior Application Security Associate. This role will be integral in conducting comprehensive cybersecurity assessments, identifying vulnerabilities, and mitigating risks associated with third-party integrations and cyber incidents.

The Senior Application Security Associate will be responsible for assessing the security and integrity of our applications and systems. This role will support projects and Digital Product owners across ICTD and Field Offices configuring and using tools and platforms for conducting various types of Application Security Tests, including dynamic application security testing (DAST) and static application security testing (SAST), and penetration testing, as well as monitoring and providing support to operationalize the organization’s Cloud Security Posture Management (CSPM) system. It will contribute to inventorying, documenting, creating roadmaps, and support internal development and IT teams to align with Global IT services for compliance and alignment. 

This Temporary Appointment is based at UNICEF ICTD, Digital Core, Valencia, Spain, and reports to the ICT Specialist (Cybersecurity architecture and engineering).   The staff will directly engage with and support other teams in ICTD, specially SCS and TAO on assigned tasks related to Applications Migrations.

To qualify as a champion for every child you will have… 

Minimum requirements

• Education: Completion of secondary education (high school diploma) is a minimum requirement, supplemented with university-level courses in Computer Science, Information Technology or related field as an asset.  
• A bachelor’s degree from a recognized academic institution in a field relevant to the position may replace three years of related work experience. A master’s degree may replace an additional two years. 

Work Experience: 

• At least 7 years of relevant work experience in application security, vulnerability management, collaboration with development teams, and security testing methodologies.   
• Out of which a minimum of 3 years of work experience in application security testing, operating security tools, conducting penetration testing, vulnerability scans and cybersecurity assessments, responding to security incidents and performing root cause analysis, or related fields.   
• Proven experience in conducting vulnerability scans, penetration testing, third-party risk assessments, and forensic analysis.   

Skills: 

• Proficiency in using security assessment tools and technologies (e.g., OpenVAS, OWAPS ZAP, Metasploit, Burp Suite).  
• Proficiency with SAST, DASN and IAST tools, such as Github Advanced Security and Veracode. 
• In-depth knowledge of application security principles, threat modeling, and risk management.     
• Strong knowledge of cloud application security and cloud hosting environments (e.g. Azure, AWS).  
• Good interpersonal skills and ability to work collaboratively within a dynamic environment, including ability to develop relationships and build trust with a diverse range of stakeholders.  
• Ability to handle multiple assignments with competing deadlines. Able to work under pressure, meet tight deadlines, and capacity to work long hours when required.  
• Language Requirements: Fluency in English is required. 

Source: https://jobs.unicef.org/cw/en-us/job/577915

<!—

<!–

–>