Position Summary Job CategoryVacancy Vacancy Notice NumberICC/25/MUL/6 Position TitlePenetration Testing Officer Position TypeTemporary - 12 months Number of Positions1 Date of Issue12/05/2025 Date of Closing28/05/2025 GradeP3 Annual Salary EstimationBrindisi: USD 86,150; Rome: USD 90,222; Valencia: USD 91,907 (single rate, including post adjustment) Duty StationBrindisi, Rome (Italy); Valencia, (Spain) Organizational Location/UnitCybersecurity Assurance and Architecture Section (CSA)
Position Description
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.
Purpose of the Position:
The Cybersecurity team provides Red Team services amongst the different types of penetration testing services for the United Nations organizations and agencies. The incumbent will undertake a wide arrange of deliveries, such as simulation of real-world attackers, intrusions and purple team exercises.
Objectives of the Programme:
UNICC provides the digital foundations that support the digital transformation and future of the UN system and other international organizations.
Main duties and responsibilities:
The incumbent will work under the direct supervision and guidance of the Cybersecurity Specialist and will be in close collaboration with the Cybersecurity Assurance and Architecture Section (CSA) and wider Cybersecurity Division (CS). The incumbent could be requested to do any other tasks of similar level in related fields.
Conduct white, grey, and black box penetration testing of web, mobile, API, network, and cloud environments, using both manual and automated techniques Design and execute adversary emulation scenarios informed by threat intelligence to assess real-world resilience against advanced threats Prepare high-quality, standardized security assessment reports, including technical findings, mapped severity ratings (e.g., CVSS), business impact analysis, and prioritized remediation guidance Coordinate communication process with clients, delivering clear, concise, and professional presentations of testing results to both technical and executive stakeholders Lead the design and implementation of standardized processes, templates, and best practices to ensure consistent quality across security assessments, reporting, and client deliverables, promoting a culture of integrity, professionalism, and data confidentiality in all interactions and deliverables Drive continuous improvement initiatives focused on elevating the teamโs performance, reporting homogeneity, and client satisfaction Comply with all corporate and departmental privacy and data security policies and practices (e.g., OWASP, NIST, ISO 27001) Other: Provide ad hoc support either within the team or in other teams as required โ this includes the participation in special projects or support to service delivery for short period of time on a part-time or full-time basis upon request from the senior management.Recruitment Profile
Experience and Skills required:
Essential:
Minimum of five (5) years of proven experience in Cybersecurity roles, with a strong focus on offensive security, ethical hacking, or penetration testing Prior experience conducting penetration tests, Red Team, and Purple Team exercises in a team setting, though not necessarily in a leadership role Prior experience working in highly regulated environments, such as government agencies, defence, or major private sector organizations, with hands-on experience in at least one compliance or audit standard (e.g., ISO 27001, NIST, GDPR, PCI-DSS, SWIFT) Proficiency in attack simulation using both automated and manual tools Ability to independently conduct: Large Language Model (LLM) penetration test. Web application penetration test API application penetration test Mobile application penetration test Network penetration test Cloud penetration test Demonstrated ability to integrate AI-based solutions into cybersecurity environments to optimize performance, improve results, and enhance service quality for clients Intermediate proficiency in Python, Bash and PowerShell Conduct a culture of integrity, professionalism, and data confidentiality in all interactions and deliverablesDesirable:
Proven experience participating in international vulnerability disclosure programs or bug bounty platforms, with public recognition in security halls of fame or published CVEs Experience as a speaker, trainer, or author at cybersecurity events, conferences, or courses Knowledge of DevSecOps principles and familiarity with Kubernetes and container security Experience working in an international and globally distributed environment*Education:
Essential:
Desirable:
Penetration test certifications from one of the following vendors: Offensive Security, Zero Point Security, Mobile Hacking Lab, Crest, PortSwigger, eLearnSecurity, CompTIA, etc.Languages:
English: Expert knowledge is required Spanish: Intermediate knowledge is desirable Knowledge of another UN official language will be an advantageUNICC Global Competencies:
Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts. Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared. Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute. Setting an example: Acts within UNICCโs / WHOโs professional, ethical and legal boundaries and encourages others to adhere to these. Behaves consistently in accordance with clear personal ethics and values. Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.Other Information
Compensation:
Annual Salary Estimation (net of tax at single rate):
Valencia (Spain), including post adjustment (30,9% on April 2025): US$ 91,907. Brindisi (Italy), including post adjustment (22,7% on April 2025): US$ 86,150. Rome (Italy), including post adjustment (28,5% on April 2025): US$ 90,222.UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grant, dependency allowance, language allowance, or education grant.
Closing date for applications:
Applications will be accepted until midnight (Geneva Time) on 28 May 2025.
Notes:
Technical and/or personality tests may be carried out as part of the selection process Only short-listed candidates will be contacted Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position* For UNICC staff members who do not meet the minimum educational qualifications, please refer to the applicable WHO e-Manual Annex 6 โ Guidelines on Standard Minimum Experience Exposure and Education Requirements
Please inform us should you require any specific accommodation to facilitate your application
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.
For applications to be valid, they must contain a motivation letter and the filled Personal History Form.