Get Pro

Cybersecurity Operations and Analytics Engineer

This opening expired 1 year ago. Do not try to apply for this job.

WHO - World Health Organization

Open positions at WHO
Logo of WHO
HU Budapest (Hungary)
Mid Senior
Show advice for this position

Application deadline 1 year ago: Wednesday 22 Mar 2023 at 22:59 UTC

Open application form

Contract

This is a P-3 contract. This kind of contract is known as Professional and Director staff. It is normally internationally recruited only. It's a staff contract. It usually requires 5 years of experience, depending on education.

Salary

The salary for this job should be between 74,649 USD and 97,747 USD.

Salary for a P-3 contract in Budapest

The international rate of 74,649 USD, with an additional 0% (post adjustment) at this the location, applies. Please note that depending on the location, a higher post adjustment might still result in a lower purchasing power.

Please keep in mind that the salary displayed here is an estimation by UN Talent based on the location and the type of contract. It may vary depending on the organization. The recruiter should be able to inform you about the exact salary range. In case the job description contains another salary information, please refer to this one.

More about P-3 contracts and their salaries.

UN Fraud

How to check if a job offer is a scam

UN Fraud
Details

OBJECTIVES OF THE PROGRAMME

The Information Management and Technology (IMT) function strives to leverage technology to innovate, collaborate and transform WHO for a healthier world. The IMT Department at HQ leads IT teams across the Organization to deliver the common mission of connecting and empowering people, automating and optimizing digital WHO to deliver its strategic goals. The Department has teams based in Geneva, Kuala Lumpur and Budapest. The Cybersecurity team as part of it is in the centre of excellence within the department, that defines the technology roadmap for cybersecurity infrastructure and applications, develops architectural strategy and design, implements security measures to protect WHO's information assets, manages the network and telecommunication services, and identifies the appropriate and cost-effective technological solutions based on functional requirements for the business.

DESCRIPTION OF DUTIES

  • Work with sources of intelligence (adversary behaviours, active incidents, national and international events, etc.) to identify possible attack vectors and threat actors targeting WHO.
  • Perform regular analysis of existing cybersecurity measures and how they compare to possible attack vectors.
  • Perform regular audits of effectiveness of cybersecurity measures by identifying weaknesses and provide mitigation plans.
  • Identify and test key threat scenarios using adversarial tactics, techniques, and procedures.
  • Replicate sophisticated cyber-attacks to continuously test and improve the capability of the WHO Cybersecurity Operations Centre (CSOC).
  • Validate cyber defences and hardening of critical systems to mitigate future cyber risk.
  • Perform security audits, application and infrastructure level vulnerability test using known red teaming tools.
  • Perform Risk assessments for WHO applications.
  • Monitor and respond to incidents raised by Cybersecurity Operations Center.
  • Develop solutions to help mitigate security vulnerabilities related to people, process, and technology.
  • Conduct situational awareness based on intelligence and threat information and formulate and report an operational view of the external environment.
  • Provide responsive information to Computer Security Incident Response Teams (CSIRT's).
  • Conduct research to identify vulnerabilities and their impact, risk analysis, advise on criticality.
  • Coordinate implementation of critical security updates.
  • Perform other related duties as assigned.

REQUIRED QUALIFICATIONS

Education

Essential:

  • University degree in Computer Science, IT Security, Information Security or a closely related field.
  • One or more Industry certifications covering IT security such as CISSP, CISM, SSCP, OSCP, GCIH or equivalent.

Desirable:

One or more advanced Industry certifications covering IT security such as CISA, CRISC, ISO 27001 Implementer; ITIL Service Management; Internationally recognized Project Management Certification such as PMP or Prince 2 are highly desirable.

Experience

Essential:

A minimum of 5 years IT experience which at least 2 years at the international level and five years focused on IT security.

Desirable:

  • Extensive experience in working across multiple time zones without the need for face-to-face meetings.
  • Experience in ICT audit, compliance or governance.
  • Experience working in an environment where work hours are scheduled shifts corresponding to forecasted activity.
  • Experience working outside of core business hours, including early morning, late evening, overnight, weekends, and/or holidays as needed.

Skills

Functional Skills and Knowledge

  • Possession of a diverse IT background with demonstrated continued professional development training path.
  • Advanced knowledge and extensive experience working with various hardware platforms, network protocols and services (SSH, HTTP/S, DNS, SMB, FTP, SMTP, SNMP, TCP/IP, ARP, etc.), various Operating Systems, Identity and Access Management (IAM).
  • Excellent technical knowledge of mainstream anti-malware solutions, automated policy compliance tools, and desktop security tools.
  • Ability to adapt to rapidly changing technology and apply it to business needs.
  • Strong analytical and problem solving skills.
  • Strong team oriented interpersonal skills with a strong ability to interface wide variety of people and teams in a cross functional environment.
  • Ability to articulate and enforce organization policy.
  • Experience in application behaviour-based security approach.
  • Essential Skills
  • Advanced knowledge of ICT security standards, frameworks and best practices.
  • Knowledge and strong understanding on the creation/implementation of secure networks, firewalls and intrusion-detection systems in geographically dispersed enterprise environments.
  • Experience in a technical role in the areas of Security Operations, Detection Engineering, Threat Intelligence, Penetration Testing, Red Teaming, Purple Teaming, Threat Hunting or Incident Response.
  • Experience working with Windows security logging in either a forensic, threat hunt, incident response investigation, or red team operational security research capacity.
  • Strong understanding of specifically how they gain access, move laterally, privilege escalate, set persistence, and evade defenses to achieve objectives.
  • Capability to critically evaluate Organization Security measures from threat actor perspective and clearly articulate the risk.
  • Proficiency in vulnerability assessments, assign severity levels, recommend remediation plans and retest to confirm closureIn-depth knowledge and understanding of information risk concepts and principles.
  • Experience with red team security assessments, web application and infrastructure penetration testing and able to stay in tune with the changes in this area.
  • Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation in a cross-functional environment.
  • In-depth knowledge of risk assessment methods and technologies.
  • Strong understanding of business applications, including ERP and financial systems.
  • Excellent understanding of web application security and OWASP Top 10.

WHO Competencies

  • Teamwork
  • Respecting and promoting individual and cultural differences
  • Communication
  • Producing results
  • Moving forward in a changing environment

Use of Language Skills

Essential: Expert knowledge of English. Desirable: Beginners knowledge of WHO official language.

REMUNERATION

WHO salaries for staff in the Professional category are calculated in US dollars. The remuneration for the above position comprises an annual base salary starting at USD 62,692 (subject to mandatory deductions for pension contributions and health insurance, as applicable), a variable post adjustment, which reflects the cost of living in a particular duty station, and currently amounts to USD 1113 per month for the duty station indicated above. Other benefits include 30 days of annual leave, allowances for dependent family members, home leave, and an education grant for dependent children.

ADDITIONAL INFORMATION

  • This vacancy notice may be used to fill other similar positions at the same grade level

  • Only candidates under serious consideration will be contacted.

  • A written test may be used as a form of screening.

  • In the event that your candidature is retained for an interview, you will be required to provide, in advance, a scanned copy of the degree(s)/diploma(s)/certificate(s) required for this position. WHO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU)/United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/. Some professional certificates may not appear in the WHED and will require individual review.

  • Any appointment/extension of appointment is subject to WHO Staff Regulations, Staff Rules and Manual.

  • Staff members in other duty stations are encouraged to apply.

  • For information on WHO's operations please visit: http://www.who.int.

  • WHO is committed to workforce diversity.

  • WHO prides itself on a workforce that adheres to the highest ethical and professional standards and that is committed to put the WHO Values Charter into practice.

  • WHO has zero tolerance towards sexual exploitation and abuse (SEA), sexual harassment and other types of abusive conduct (i.e., discrimination, abuse of authority and harassment). All members of the WHO workforce have a role to play in promoting a safe and respectful workplace and should report to WHO any actual or suspected cases of SEA, sexual harassment and other types of abusive conduct. To ensure that individuals with a substantiated history of SEA, sexual harassment or other types of abusive conduct are not hired by the Organization, WHO will conduct a background verification of final candidates.

  • WHO has a smoke-free environment and does not recruit smokers or users of any form of tobacco.

  • WHO has a mobility policy which can be found at the following link: http://www.who.int/employment/en/. Candidates appointed to an international post with WHO are subject to mobility and may be assigned to any activity or duty station of the Organization throughout the world.

  • Applications from women and from nationals of non and underrepresented Member States are particularly encouraged.

  • *For WHO General Service staff who do not meet the minimum educational qualifications, please see e-Manual III.4.1, para 220.

Apply now
Added 1 year ago - Updated 1 year ago - Source: who.int

Recent jobs in Budapest

Fleet Management Associate

UNHCR - UN High Commissioner for Refugees
HU Budapest (Hungary)
Expires in 1 day

Transport Optimization Associate

UNHCR - UN High Commissioner for Refugees
HU Budapest (Hungary)
Expires soon

Assistant Transport Optimization Officer

UNHCR - UN High Commissioner for Refugees
HU Budapest (Hungary)
Expires soon
Every open position in the UN located in Budapest