DEADLINE FOR APPLICATIONS5 July 2025-23:59-GMT+01:00 Central European Time (Rome)
WFP celebrates and embraces diversity. It is committed to the principle of equal employment opportunity for all its employees and encourages qualified candidates to apply irrespective of race, colour, national origin, ethnic or social background, genetic information, gender, gender identity and/or expression, sexual orientation, religion or belief, HIV status or disability.
ABOUT WFP
The World Food Programme is the worldโs largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change.
At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.
To learn more about WFP, visit our website: https://www.wfp.org and follow us on social media to keep up with our latest news: YouTube, LinkedIn, Instagram, Facebook, Twitter, TikTok.
WHY JOIN WFP?
WFP is a 2020 Nobel Peace Prize Laureate.
WFP offers a highly inclusive, diverse, and multicultural working environment.
WFP invests in the personal & professional development of its employees through a range of training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities.
A career path in WFP provides an exciting opportunity to work across the various country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe.
We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement).
JOB TITLE: Cybersecurity Consultant - Adversarial Exposure Validation & Vulnerability Management (VM) Specialist
TYPE OF CONTRACT: Regular Consultant (CST2)
DUTY STATION: Remote (Rome HQ)
DURATION: 11 months
BACKGROUND AND PURPOSE OF THE ASSIGNMENT:
Under the general supervision of the Chief TECI and the direct supervision of the Head of Cybersecurity Operations, the incumbent will lead efforts to enhance the organization's threat exposure & vulnerability management practices. This includes coordinating adversarial validation initiatives - such as penetration testing, threat exposure assessments, red/purple teaming - to identify and assess exploitable vulnerabilities in IT infrastructure and systems. The role focuses on validating risks and gaps, prioritizing remediation and controls, and aligning efforts with business priorities.
The incumbent will collaborate with teams to integrate validation results into threat exposure and detection processes, while continuously monitoring, reporting, and refining adversarial validation practices to minimize organizational risk by addressing critical vulnerabilities and detection gaps.
ACCOUNTABILITIES/RESPONSIBILITIES:
Main responsibilities include, but not limited to:
- Design and coordinate adversarial validation activities such as penetration tests, threat exposure assessments, and red/purple team exercises to identify detection gaps, exploitable weak points and assess their risk impact in real-world scenarios.
- Validate findings to confirm exploitability, assess risk levels, and guide prioritization of remediation efforts, leveraging team input and expertise and guiding integration into WFPโs threat exposure management program.
- Collaborate with relevant teams and provide technical direction to ensure timely mitigation of validated vulnerabilities or detection gaps.
- Develop clear reports and dashboards that highlight key findings, including critical vulnerabilities, attack paths, and remediation progress for stakeholder visibility.
- Communicate adversarial validation findings, risks, and remediation strategies effectively to senior leadership and stakeholders.
- Continuously refine validation techniques based on emerging threat intelligence, vulnerabilities, and attack methods to maintain program relevance and effectiveness.
- Prioritize vulnerabilities based on adversarial validation outcomes, focusing on those posing the highest risk to the organizationโs operations, and coordinate team efforts accordingly.
- Perform other cybersecurity related duties as assigned.
DELIVERABLES AT THE END OF THE CONTRACT:
- Comprehensive Adversarial Validation Reports: Developed in coordination with a small technical team, including findings, attack paths, categorized vulnerabilities, proof of concept, and real-world risk impact.
- Prioritized Mitigation Recommendations: Actionable strategies based on business impact and organizational risk, incorporating team-driven insights to address critical gaps and improve security posture.
- Integrated Workflows & Threat Exposure Alignment: Team-supported automation and structured processes for embedding validation results into vulnerability management and threat intelligence programs.
- Stakeholder Communication Briefs: Executive-level summaries and presentations reflecting the teamโs findings and strategic recommendations, tailored based on different audiences.
- Refined Validation Methodology: Updated adversarial validation techniques and documentation, developed collaboratively and incorporating lessons learned across the team.
QUALIFICATIONS & EXPERIENCE REQUIRED:
Education:
- University Degree in Information Technology, Information Systems, Cybersecurity, or related fields or a combination of relevant education and experience.
Experience:
- At least 5 years of experience in cybersecurity, with focus on vulnerability management and threat exposure management.
Knowledge & Skills:
- Sound IT Security skills, with both academic background and practical hands-on experience
- In-depth understanding of vulnerability management frameworks, processes, and best practices.
- Experience with vulnerability scanning processes, tools and remediation workflows.
- Familiarity with security concepts such as threat modeling, asset classification, and risk-based decision-making.
- Experience with penetration testing, and adversarial emulation activities that aid in identifying potential attack vectors and their impact.
- Previous experience in international or UN environments is valued, but not essential.
- IT Audit and/or PM certifications are desirable, though equivalent hands-on experience is equally appreciated.
- Strong organisational and communication skills.
Languages:
Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language desirable: Arabic, Chinese, French, Russian, Spanish, and/or WFPโs working language, Portuguese.
WFP LEADERSHIP FRAMEWORK
WFP Leadership Framework guides to the common standards of behavior that guide HOW we work together to accomplish our mission.
Click here to access WFP Leadership Framework
REASONABLE ACCOMMODATION
WFP is committed to supporting individuals with disabilities by providing reasonable accommodations throughout the recruitment process. If you require a reasonable accommodation, please contact: global.inclusion@wfp.org
NO FEE DISCLAIMER
The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it. Furthermore, please note that emblems, logos, names and addresses are easily copied and reproduced. Therefore, you are advised to apply particular care when submitting personal information on the web.
REMINDERS BEFORE YOU SUBMIT YOUR APPLICATION
We strongly recommend that your profile is accurate, complete, and includes your employment records, academic qualifications, language skills and UN Grade (if applicable).
Once your profile is completed, please apply, and submit your application.
Please make sure you upload your professional CV in the English language
Kindly note the only documents you will need to submit at this time are your CV and Cover Letter
Additional documents such as passport, recommendation letters, academic certificates, etc. may potentially be requested at a future time
Please contact us at global.hrerecruitment@wfp.org in case you face any challenges with submitting your application
Only shortlisted candidates will be notified
All employment decisions are made on the basis of organizational needs, job requirements, merit, and individual qualifications. WFP is committed to providing an inclusive work environment free of sexual exploitation and abuse, all forms of discrimination, any kind of harassment, sexual harassment, and abuse of authority. Therefore, all selected candidates will undergo rigorous reference and background checks.
No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.
- At least 5 years of experience in cybersecurity, with focus on vulnerability management and threat exposure management.
- University Degree in Information Technology, Information Systems, Cybersecurity, or related fields or a combination of relevant education and experience.