Associate Cybersecurity Operations Administrator (Vulnerability Management)
JOB DETAIL
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.
Purpose of the Position:
The incumbent will provide support and guidance to UNICC and its partner organizations in relation to the Vulnerability Management Service and related activities.
Objectives of the Programme:
The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.
Main duties and responsibilities:
The incumbent will work under the direct supervision and guidance of the Head, Cybersecurity Operations (CSO) within the Cybersecurity Division (CS) and in close collaboration with the Vulnerability Management team. The incumbent could be requested to do any others tasks of similar level in related fields.
- Work within UNICC’s Information Security team, interacting directly with both internal and external stakeholders to address issues related to remediation of vulnerability scanning and security assessment
- Propose recommendations for system improvements
- Under guidance, manage vulnerability platform, license utilization, agent deployments, system components, and integrations
- Participate in the expansion of the Vulnerability Management scope to new platforms and technologies (i.e. cloud infrastructure, DevSecOps and containerization)
- Develop vulnerability reports and dashboards to provide new insight into existing vulnerabilities
- In close collaboration with the team mmebers, implement basic levels of automation among tools in the SOC’s cyber security ecosystem and/or the UNICC infrastructure to improve the effectiveness and efficiency of vulnerability management
- Contribute to the analysis and update of vulnerability management documentation, including security policies, plans, and procedures
- Conduct vulnerability scanning and assessment functions relating to various clients, environments, technologies, systems and contexts
- Support the focal points for customers and BRMs, contributing to the preparation of Vulnerability Management Service commercial proposals
- Provide other ad hoc support either within the team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full time basis upon request from the senior management
- Perform other related duties and fulfil responsibilities as required.
Recruitment Profile
Experience and Skills required:
Essential:
- At least (5) years of relevant IT experience
- Proven experience with network vulnerability scanning and vulnerability management products (e.g. Qualys Guard, Rapid7, Nessus)
- Working knowledge of UNIX/Linux and Windows operating systems including web server technologies like IIS, Apache
- Knowledge of IT security architecture/infrastructure best practices for both on premise and cloud environments
- Knowledge of public-key cryptography, encoding, encryption, and hashing techniques
- Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
Desirable:
- Experience with web application security testing tools (e.g. Burp Suite, NetSparker, Paros, Acunetix, Qualys WAS)
- Experience with configuration management/ hardening tools based on CIS Benchmarks (e.g. CIS-CAT Pro, Qualys SCA App, Nessus audit files, etc…)
- Experience in scripting languages and automation (i.e. Python, Powershell)
- Proven experience in the cybersecurity field
- Strong analytical and problem-solving skills
- Project management skills and ability to manage multiple projects under strict timelines
- Experience in implementing cyber security controls to achieve compliance with ISO 27001 and other cyber security control frameworks
Education*:
Essential:
- Graduation from secondary school supplemented by specialized training and work experience in Cyber security/IT Security
Desirable:
- Any of the following certifications: GCIH, GCIA, GPEN, GWAPT, GAWN, GMOB, OSCP, OSEP, OSWP, OSWE, OSCE, CISSP, CCSP, ITIL
Languages:
- English: Expert knowledge is required
- Knowledge of the local language of the Duty Station would be an advantage
UNICC Global Competencies:
- Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
- Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
- Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
- Moving forward in a changing environment: Is open to and proposes new approaches and ideas Adapts and responds positively to change.
- Building and promoting partnerships across the Organization and beyond: Develops and strengthens internal and external partnerships that can provide information, assistance and support to UNICC. Identifies and uses synergies across the Organization and with external partners.
Other Information
Eligibility:
This position is subject to local recruitment pursuant to staff rule 4.4 of the United Nations Staff Rules. All staff in the General Service and related categories shall be recruited in the country or within commuting distance of each office, irrespective of their nationality and of the length of time they may have been in the country. A staff member subject to local recruitment shall not be eligible for the allowances or benefits exclusively applicable to international recruitment.
Compensation:
Annual Salary Estimation (net of tax at single rate):
- Valencia: EUR 39,799
UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grant, dependency allowance, language allowance, or education grant.
Closing date for applications:
Applications will be accepted until midnight (Geneva Time) on 31 July 2023.
Notes:
- Technical and/or personality tests may be carried out as part of the selection process
- Only short-listed candidates will be contacted
- Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.
For applications to be valid, they must contain a motivation letter and the filled Personal History Form.
