UNICEF works in over 190 countries and territories to save children's lives, defend their rights, and help them fulfill their potential, from early childhood through adolescence.
At UNICEF, we are committed, passionate, and proud of what we do for as long as we are needed. Promoting the rights of every child is not just a job – it is a calling.
UNICEF is a place where careers are built. We offer our staff diverse opportunities for professional and personal development that will help them reinforce a sense of purpose while serving children and communities across the world. We welcome everyone who wants to belong and grow in a diverse and passionate culture. coupled with an attractive compensation and benefits package.
Visit our website to learn more about what we do at UNICEF.
For every child,
a digital future
UNICEF's Information Security section is advancing its strategic initiative to strengthen the organization's cybersecurity architecture and engineering capabilities. This effort is critical to ensure that digital platforms, ICT systems, and cloud-based services are designed and operated with robust, scalable, and sustainable security controls. As part of this initiative, the organization is modernizing its security architecture, conducting in-depth assessments of infrastructure and applications, and embedding security into the software development lifecycle through DevSecOps practices. Given the technical complexity and cross-functional nature of this work—spanning secure design, threat modeling, infrastructure hardening, and automation—dedicated expertise is required to accelerate implementation and ensure architectural consistency across systems.
How can you make a difference?
The organization seeks to engage a consultant with deep experience in security architecture, cloud security, and secure engineering practices. The consultant will work closely with internal teams to design secure solutions, conduct assessments, develop hardened deployment templates, and automate security operations. This role will also support the integration of detection capabilities and contribute to the development of reusable security blueprints and governance models. The consultant will play a key role in operationalizing secure design principles across the organization's digital ecosystem, ensuring that security is embedded by design and aligned with both technical and business objectives.
Objectives Of This Engagement
* Strengthen cybersecurity architecture and engineering practices across the organization.
* Integrate security practices into the software development lifecycle.
* Support the modernization and secure migration of applications to cloud environments.
* Conduct security assessments and threat modeling for ICT systems and applications.
* Automate security reviews and hardening tasks using scripting and infrastructure-as-code.
* Promote organization-wide adoption of secure development and threat detection practices.
* Contribute to the implementation of security monitoring and detection capabilities.
Scope Of Work
The consultant will work under the direction of the Security Architecture and Engineering manager and collaborate closely with technical teams and business stakeholders. The scope of work includes the following responsibilities:
* Security Architecture
* Conduct security architecture reviews for ICT systems, platforms, and applications.
* Design and document secure architecture blueprints, including CI/CD pipelines, Azure Policies, and Infrastructure-as-Code (IaC) templates.
* Modernize and re-architect legacy ICT systems and applications to align with secure design principles.
* Coordinate and support the migration of legacy applications to cloud environments.
* Develop reusable deployment templates and configuration baselines for critical systems.
* Conduct infrastructure and platform security assessments.
* Utilize scripting languages and low-code/no-code tools (e.g., PowerShell, Python, LogicApps) to automate hardening tasks, security assessments and architecture reviews.
* Application Security
* Support the adoption of the Application Security Framework across the organization.
* Develop threat modeling guidelines and conduct threat modeling exercises for ICT systems and applications.
* Conduct application security assessments and penetration tests.
* Support the adoption of DevSecOps tools and best practices by development teams.
* Integrate security testing into CI/CD pipelines and provide secure coding guidance.
* Integrations, Automations and Detection Engineering
* Support the implementation of security monitoring and threat detection capabilities in applications and ICT systems.
* Integrate relevant data sources into the organization's SIEM solution.
* Contribute to detection engineering efforts by building rules, analytics and dashboards.
* Global Cyber Resilience Initiative
* Support field offices in developing their security roadmaps and implementation of planned mitigations.
* Coordinate and support the migration of legacy applications to cloud environments.
* Other areas
* Perform routine and ad hoc security assessments and risk analyses. Prepare reports including assessment findings, outcomes, and recommendations.
* Deliver targeted training sessions and webinars on security related matters.
Work Assignments Overview
Deliverables/Outputs
Delivery deadline
Security Architecture
Security architecture reviews report of ICT systems including findings and recommend mitigations
Ongoing, at least 1 per month
Infrastructure and cloud platform security assessments
Ongoing, at least 1 per month
Contribute to the Secure architecture reference library with at least 10 reusable templates and blueprints
Month 1-12
Design and document the organization's Threat modeling methodology
Month 1-12
Completed threat modeling for ICT systems and initiatives
Ongoing, at least 2 per month
Automatize and operationalize architecture and platform reviews in the cloud
Month 1-12
Support the adoption and implementation of the new system classification process (classi)
Month 1-12
Knowledge