Penetration Testing Officer

Duty Station Brindisi, Rome (Italy); Valencia, (Spain)

Organizational Location/Unit Cybersecurity Assurance and Architecture Section (CSA)

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

Purpose of the Position:

The Cybersecurity team provides Red Team services amongst the different types of penetration testing services for the United Nations organizations and agencies. The incumbent will undertake a wide arrange of deliveries, such as simulation of real-world attackers, intrusions and purple team exercises.

Objectives of the Programme:

UNICC provides the digital foundations that support the digital transformation and future of the UN system and other international organizations.

Main duties and responsibilities:

The incumbent will work under the direct supervision and guidance of the Cybersecurity Specialist and will be in close collaboration with the Cybersecurity Assurance and Architecture Section (CSA) and wider Cybersecurity Division (CS). The incumbent could be requested to do any other tasks of similar level in related fields.

• Conduct white, grey, and black box penetration testing of web, mobile, API, network, and cloud environments, using both manual and automated techniques
• Design and execute adversary emulation scenarios informed by threat intelligence to assess real-world resilience against advanced threats
• Prepare high-quality, standardized security assessment reports, including technical findings, mapped severity ratings (e.g., CVSS), business impact analysis, and prioritized remediation guidance
• Coordinate communication process with clients, delivering clear, concise, and professional presentations of testing results to both technical and executive stakeholders
• Lead the design and implementation of standardized processes, templates, and best practices to ensure consistent quality across security assessments, reporting, and client deliverables, promoting a culture of integrity, professionalism, and data confidentiality in all interactions and deliverables
• Drive continuous improvement initiatives focused on elevating the team’s performance, reporting homogeneity, and client satisfaction
• Comply with all corporate and departmental privacy and data security policies and practices (e.g., OWASP, NIST, ISO 27001)
• Other: Provide ad hoc support either within the team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full-time basis upon request from the senior management.

Experience and Skills required:

• Minimum of five (5) years of proven experience in Cybersecurity roles, with a strong focus on offensive security, ethical hacking, or penetration testing
• Prior experience conducting penetration tests, Red Team, and Purple Team exercises in a team setting, though not necessarily in a leadership role
• Prior experience working in highly regulated environments, such as government agencies, defence, or major private sector organizations, with hands-on experience in at least one compliance or audit standard (e.g., ISO 27001, NIST, GDPR, PCI-DSS, SWIFT)
• Proficiency in attack simulation using both automated and manual tools
• Ability to independently conduct:
  • Large Language Model (LLM) penetration test.
  • Web application penetration test
  • API application penetration test
  • Mobile application penetration test
  • Network penetration test
  • Cloud penetration test
• Demonstrated ability to integrate AI-based solutions into cybersecurity environments to optimize performance, improve results, and enhance service quality for clients
• Intermediate proficiency in Python, Bash and PowerShell
• Conduct a culture of integrity, professionalism, and data confidentiality in all interactions and deliverables
• Proven experience participating in international vulnerability disclosure programs or bug bounty platforms, with public recognition in security halls of fame or published CVEs
• Experience as a speaker, trainer, or author at cybersecurity events, conferences, or courses
• Knowledge of DevSecOps principles and familiarity with Kubernetes and container security
• Experience working in an international and globally distributed environment

*Education:

• First University Degree in Cybersecurity, Information Security, Computer Science, Telecommunications or related area
• Penetration test certifications from one of the following vendors: Offensive Security, Zero Point Security, Mobile Hacking Lab, Crest, PortSwigger, eLearnSecurity, CompTIA, etc.

Languages:

• English: Expert knowledge is required
• Spanish: Intermediate knowledge is desirable
• Knowledge of another UN official language will be an advantage
• Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
• Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
• Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
• Setting an example: Acts within UNICC’s / WHO’s professional, ethical and legal boundaries and encourages others to adhere to these. Behaves consistently in accordance with clear personal ethics and values.
• Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.

Compensation:

Annual Salary Estimation (net of tax at single rate):

• Brindisi (Italy), including post adjustment (22,7% on April 2025): US$ 86,150.
• Rome (Italy), including post adjustment (28,5% on April 2025): US$ 90,222.

UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grant, dependency allowance, language allowance, or education grant.

Closing date for applications:

Applications will be accepted until midnight (Geneva Time) on 28 May 2025.

Notes:

• Technical and/or personality tests may be carried out as part of the selection process
• Only short-listed candidates will be contacted
• Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

* For UNICC staff members who do not meet the minimum educational qualifications, please refer to the applicable WHO e-Manual Annex 6 – Guidelines on Standard Minimum Experience Exposure and Education Requirements

Please inform us should you require any specific accommodation to facilitate your application

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

For applications to be valid, they must contain a motivation letter and the filled Personal History Form.

Title *

First Name *

Last Name *

Email *

Country of Origin *

Date of Birth *

Current Location *

Where have you heard first about this Vacancy? *