Penetration Testing Officer

The UNICC workforce consists of many diverse nationalities cultures languages and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race ethnicity sex national origin age religion disability sexual orientation and gender identity.

Purpose of the Position:

The Cybersecurity team provides Red Team services amongst the different types of penetration testing services for the United Nations organizations and agencies. The incumbent will undertake a wide arrange of deliveries such as simulation of realworld attackers intrusions and purple team exercises.

Objectives of the Programme:

UNICC provides the digital foundations that support the digital transformation and future of the UN system and other international organizations.

Main duties and responsibilities:

The incumbent will work under the direct supervision and guidance of the Cybersecurity Specialist and will be in close collaboration with the Cybersecurity Assurance and Architecture Section (CSA) and wider Cybersecurity Division (CS). The incumbent could be requested to do any other tasks of similar level in related fields.

• Conduct white grey and black box penetration testing of web mobile API network and cloud environments using both manual and automated techniques
• Design and execute adversary emulation scenarios informed by threat intelligence to assess realworld resilience against advanced threats
• Prepare highquality standardized security assessment reports including technical findings mapped severity ratings (e.g. CVSS) business impact analysis and prioritized remediation guidance
• Coordinate communication process with clients delivering clear concise and professional presentations of testing results to both technical and executive stakeholders
• Lead the design and implementation of standardized processes templates and best practices to ensure consistent quality across security assessments reporting and client deliverables promoting a culture of integrity professionalism and data confidentiality in all interactions and deliverables
• Drive continuous improvement initiatives focused on elevating the teams performance reporting homogeneity and client satisfaction
• Comply with all corporate and departmental privacy and data security policies and practices (e.g. OWASP NIST ISO 27001)
• Other: Provide ad hoc support either within the team or in other teams as required this includes the participation in special projects or support to service delivery for short period of time on a parttime or fulltime basis upon request from the senior management.

Recruitment Profile

Experience and Skills required:

Essential:

• Minimum of five (5) years of proven experience in Cybersecurity roles with a strong focus on offensive security ethical hacking or penetration testing
• Prior experience conducting penetration tests Red Team and Purple Team exercises in a team setting though not necessarily in a leadership role
• Prior experience working in highly regulated environments such as government agencies defence or major private sector organizations with handson experience in at least one compliance or audit standard (e.g. ISO 27001 NIST GDPR PCIDSS SWIFT)
• Proficiency in attack simulation using both automated and manual tools
• Ability to independently conduct:
  • Large Language Model (LLM) penetration test.
  • Web application penetration test
  • API application penetration test
  • Mobile application penetration test
  • Network penetration test
  • Cloud penetration test
• Demonstrated ability to integrate AIbased solutions into cybersecurity environments to optimize performance improve results and enhance service quality for clients
• Intermediate proficiency in Python Bash and PowerShell
• Conduct a culture of integrity professionalism and data confidentiality in all interactions and deliverables

Desirable:

• Proven experience participating in international vulnerability disclosure programs or bug bounty platforms with public recognition in security halls of fame or published CVEs
• Experience as a speaker trainer or author at cybersecurity events conferences or courses
• Knowledge of DevSecOps principles and familiarity with Kubernetes and container security
• Experience working in an international and globally distributed environment

*Education:

Essential:

• First University Degree in Cybersecurity Information Security Computer Science Telecommunications or related area

 Desirable:

• Penetration test certifications from one of the following vendors: Offensive Security Zero Point Security Mobile Hacking Lab Crest PortSwigger eLearnSecurity CompTIA etc.

Languages:

• English: Expert knowledge is required
• Spanish: Intermediate knowledge is desirable
• Knowledge of another UN official language will be an advantage

UNICC Global Competencies:

• Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
• Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
• Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
• Setting an example: Acts within UNICCs / WHOs professional ethical and legal boundaries and encourages others to adhere to these. Behaves consistently in accordance with clear personal ethics and values.
• Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.

Other Information

Compensation:

Annual Salary Estimation (net of tax at single rate):

• Valencia (Spain) including post adjustment (309% on April 2025): US$ 91907.
• Brindisi (Italy) including post adjustment (227% on April 2025): US$ 86150.
• Rome (Italy) including post adjustment (285% on April 2025): US$ 90222.

UNICC also offers generous leave and absence allowances flexible working hours overtime compensation teleworking access to training and depending on eligibility other benefits such as relocation grant dependency allowance language allowance or education grant.

Closing date for applications:

Applications will be accepted until midnight (Geneva Time) on 28 May 2025.

Notes:

• Technical and/or personality tests may be carried out as part of the selection process
• Only shortlisted candidates will be contacted
• Though you may not be selected for this advertised position the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

* For UNICC staff members who do not meet the minimum educational qualifications please refer to the applicable WHO eManual Annex 6 Guidelines on Standard Minimum Experience Exposure and Education Requirements

Please inform us should you require any specific accommodation to facilitate your application

The UNICC workforce consists of many diverse nationalities cultures languages and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race ethnicity sex national origin age religion disability sexual orientation and gender identity.

For applications to be valid they must contain a motivation letter and the filled Personal History Form.

Remote Work :

No

Employment Type :

Fulltime