Overview
Consultancy: Security Architecture and Engineering Consultant, ICTD Digital Core - Information Security Section (remote)
UNICEF’s Information Security section is advancing its strategic initiative to strengthen the organization’s cybersecurity architecture and engineering capabilities. The consultant will design secure solutions, conduct assessments, develop hardened deployment templates, automate security operations, and contribute to reusable security blueprints and governance models. The role supports integration of detection capabilities and embedding security into the software development lifecycle through DevSecOps practices.
Responsibilities
* Security Architecture: conduct security architecture reviews for ICT systems, platforms, and applications; design and document secure architecture blueprints, including CI/CD pipelines, Azure Policies, and Infrastructure-as-Code templates; modernize legacy ICT systems; coordinate migration of legacy applications to cloud; develop reusable deployment templates and configuration baselines; conduct infrastructure and platform security assessments; automate hardening tasks, security assessments and architecture reviews using scripting and low-code/no-code tools (e.g., PowerShell, Python, LogicApps).
* Application Security: support adoption of the Application Security Framework; develop threat modeling guidelines and conduct threat modeling exercises; conduct application security assessments and penetration tests; support adoption of DevSecOps tools and best practices; integrate security testing into CI/CD pipelines and provide secure coding guidance.
* Integrations, Automations and Detection Engineering: support implementation of security monitoring and threat detection capabilities; integrate data sources into the organization’s SIEM; contribute to detection engineering with rules, analytics and dashboards.
* Global Cyber Resilience Initiative: support field offices in security roadmaps and mitigations; coordinate migration of legacy applications to cloud; through documentation and guidance.
* Other areas: perform routine and ad hoc security assessments and risk analyses; prepare reports with findings, outcomes and recommendations; deliver targeted training sessions and webinars on security topics.
* Deliverables & Timeline: security architecture reviews and reports (ongoing, at least monthly); infrastructure and cloud security assessments (ongoing, at least monthly); contribute to a secure architecture reference library with reusable templates (month 1-12); threat modeling methodology design (month 1-12); completed threat modeling for ICT systems (ongoing); automate architecture and platform reviews (month 1-12); support system classification process; knowledge transfer sessions (month 1-12); application security framework guidelines with metrics (month 6-12); onboard up to 15 applications into Veracode and operationalize SAST/SCA/DAST (month 6-12); ongoing application security assessment reports (monthly); security training sessions (monthly); red-teaming for GenAI apps (monthly); process vulnerability analysis and remediation (monthly).
Qualifications
* Minimum Requirements
* Education: Required: Bachelor's degree or equivalent in Computer Science, Information Technology, Cybersecurity, Engineering, or related technical field. Desirable: Master’s degree in Cybersecurity, Information Security, Computer Science, or related discipline; additional relevant qualifications (e.g., graduate certificates).
* Knowledge/Skills: Proficiency with security assessment tools (e.g., OpenVAS, OWASP ZAP, Metasploit, Burp Suite); proficiency with SAST/DAST/IAST tools (e.g., GitHub Advanced Security, Veracode); strong understanding of application security, threat modeling, and risk management; cloud security expertise (Azure, AWS); strong collaboration and stakeholder management; ability to handle multiple assignments and work under pressure.
* Language: Fluency in English (verbal and written).
UNICEF values and safeguarding commitments apply, including equal opportunity employment and the protection of children. Background checks and medical clearances may be required for appointment.
#J-18808-Ljbffr