Hiring Organization: United Nations Relief and Works Agency (UNRWA)
Job Location: HQ Gaza
Employment: Full Time
Closing: 05 September 2022
Consultant – Application Security Specialist, Local (HQ Gaza);
Employment: Full Time
Closing: 05 September 2022
Consultant – Application Security Specialist, Local (HQ Gaza);
Job Opening Number: 22-UNRWA - Information Management - Headquarters Gaza-189227-Consultant
Result of Service
UNRWA is an equal opportunity employer and welcomes applications from both women and men.
UNRWA encourages applications from qualified women. Only those applicants shortlisted for an interview will be contacted. UNRWA is a non-smoking environment.
Result of Service
UNRWA is an equal opportunity employer and welcomes applications from both women and men.
UNRWA encourages applications from qualified women. Only those applicants shortlisted for an interview will be contacted. UNRWA is a non-smoking environment.
Work Location
Gaza, Jordan, Lebanon, Syria, or West Bank
Expected Duration
The duration of the consultancy is 6 to 11 months, extendable according to performance and availability of funds.
Remuneration for this consultancy will be $1,592.60 and depend on fund availability, qualifications, and relevant experience.
The incumbent can be in any UNRWA field of operations (Gaza, Jordan, Lebanon, Syria, or West Bank).
Gaza, Jordan, Lebanon, Syria, or West Bank
Expected Duration
The duration of the consultancy is 6 to 11 months, extendable according to performance and availability of funds.
Remuneration for this consultancy will be $1,592.60 and depend on fund availability, qualifications, and relevant experience.
The incumbent can be in any UNRWA field of operations (Gaza, Jordan, Lebanon, Syria, or West Bank).
Duties and Responsibilities
Address information security risks identified for various application projects, which may require project-specific and organization-wide effort.
Support multiple agile teams across various platforms and environments to deliver end-to-end deployment, monitoring, and infrastructure management automation in a cloud environment.
Design and implement secure automation solutions for development, testing, and production environments
Create scripts and/or templates to automate and/or bootstrap infrastructure provisioning and management tasks.
Support a diverse environment with customer-facing applications and large-scale data processing infrastructure and APIs.
Provide other ad hoc support as required.
Implement security best practices and configuration management
Provide technical leadership and direction in the DevSecOps domain
Analysis systems to confirm the effectiveness of security controls, identify gaps, and propose solutions.
The execution of vulnerability scans using the Tenable Web Application Scanner and other tools.
The analysis of reports produced by the Web Application Scanner, evaluation of the issues reported, researching the problems and possible solutions, and liaising with teams to support them with the remediation of the problems.
The coordination of penetration tests executed by a vendor.
Performs other related duties as required.Qualifications/special skills
Academic Qualifications:
¿ A university degree or master’s degree from an accredited educational institution in information technology, information management, Information systems, computer science, computer engineering, Software engineering, Business Administration, Management, or other related disciplines;
Experience:
A minimum of 5 years of experience for a bachelor’s degree and a minimum of 3 years for a master’s degree in IT Operations, Software Development,, Security, or related experience.
Varied experience working with security applications such as anti-virus, firewalls, IDS, etc.;
Exposure and experience working with security applications such as firewall, anti-virus, patch management, and vulnerability management;
Excellent aptitude for process and methodologies related to cybersecurity protection, detection, and response and an understanding of applied security concepts and best practices;
Ability to assist in the development of vulnerability management processes and workflows;
Knowledge of application security and cloud/mobile security;
Experience with ASP.net and MSSQL
Strong Scripting Experience (bash, Perl, python)
Knowledge of version control systems – Git
Employ infrastructure as code paradigm to increase automation, scalability, and reliability
Experience with virtualization technologies on-premise or cloud-based services such as Microsoft Azure, AWS VMs, VMware vCenter/ESXi, and Hyper-V
Knowledge of Tenable Web Application Scanner and SonarQube is a plus;
Licenses & Certificates: DESIRABLE QUALIFICATIONS
Information Security related certifications issued by Offensive Security, SANS or ISC2;
Previous experience in vulnerability management;
Previous experience in penetration testing;
Competency:
Applying technical expertise;
Strong ability to drive for results, to manage and deliver against multiple priorities on time;
Strong analytical and problem-solving skills;
Strong interpersonal and communication skills; verbal and written;
Excellent planning and organizing skills;
Flexibility and adaptability.
Work independently and in a collaborative team environment to meet required schedules and timelines.
Possess outstanding skills in communicating complex technical issues and providing comprehensive written, oral, and/or digital products (including document organization and technical writing).
Learn quickly new concepts and technologies.
Language:
Fluent in spoken and written English.
Fluency in spoken and written Arabic.
Additional Information
UNRWA Information Management and Technology Department (IMTD) is seeking an Application Security Specialist to provide technical leadership and guidance for the development team. s/he is responsible for ensuring that applications and services of an organization are secured and implemented with best security practices and is responsible for creating and enhancing Continuous Integration (CI)/Continuous Delivery (CD) pipelines and various kinds of automation processes.
The consultant will report administratively to Head Information Technology Service Centre at Headquarters Gaza and technically to the Senior Information Security Officer at Headquarters Amman.
Apply Now
Address information security risks identified for various application projects, which may require project-specific and organization-wide effort.
Support multiple agile teams across various platforms and environments to deliver end-to-end deployment, monitoring, and infrastructure management automation in a cloud environment.
Design and implement secure automation solutions for development, testing, and production environments
Create scripts and/or templates to automate and/or bootstrap infrastructure provisioning and management tasks.
Support a diverse environment with customer-facing applications and large-scale data processing infrastructure and APIs.
Provide other ad hoc support as required.
Implement security best practices and configuration management
Provide technical leadership and direction in the DevSecOps domain
Analysis systems to confirm the effectiveness of security controls, identify gaps, and propose solutions.
The execution of vulnerability scans using the Tenable Web Application Scanner and other tools.
The analysis of reports produced by the Web Application Scanner, evaluation of the issues reported, researching the problems and possible solutions, and liaising with teams to support them with the remediation of the problems.
The coordination of penetration tests executed by a vendor.
Performs other related duties as required.Qualifications/special skills
Academic Qualifications:
¿ A university degree or master’s degree from an accredited educational institution in information technology, information management, Information systems, computer science, computer engineering, Software engineering, Business Administration, Management, or other related disciplines;
Experience:
A minimum of 5 years of experience for a bachelor’s degree and a minimum of 3 years for a master’s degree in IT Operations, Software Development,, Security, or related experience.
Varied experience working with security applications such as anti-virus, firewalls, IDS, etc.;
Exposure and experience working with security applications such as firewall, anti-virus, patch management, and vulnerability management;
Excellent aptitude for process and methodologies related to cybersecurity protection, detection, and response and an understanding of applied security concepts and best practices;
Ability to assist in the development of vulnerability management processes and workflows;
Knowledge of application security and cloud/mobile security;
Experience with ASP.net and MSSQL
Strong Scripting Experience (bash, Perl, python)
Knowledge of version control systems – Git
Employ infrastructure as code paradigm to increase automation, scalability, and reliability
Experience with virtualization technologies on-premise or cloud-based services such as Microsoft Azure, AWS VMs, VMware vCenter/ESXi, and Hyper-V
Knowledge of Tenable Web Application Scanner and SonarQube is a plus;
Licenses & Certificates: DESIRABLE QUALIFICATIONS
Information Security related certifications issued by Offensive Security, SANS or ISC2;
Previous experience in vulnerability management;
Previous experience in penetration testing;
Competency:
Applying technical expertise;
Strong ability to drive for results, to manage and deliver against multiple priorities on time;
Strong analytical and problem-solving skills;
Strong interpersonal and communication skills; verbal and written;
Excellent planning and organizing skills;
Flexibility and adaptability.
Work independently and in a collaborative team environment to meet required schedules and timelines.
Possess outstanding skills in communicating complex technical issues and providing comprehensive written, oral, and/or digital products (including document organization and technical writing).
Learn quickly new concepts and technologies.
Language:
Fluent in spoken and written English.
Fluency in spoken and written Arabic.
Additional Information
UNRWA Information Management and Technology Department (IMTD) is seeking an Application Security Specialist to provide technical leadership and guidance for the development team. s/he is responsible for ensuring that applications and services of an organization are secured and implemented with best security practices and is responsible for creating and enhancing Continuous Integration (CI)/Continuous Delivery (CD) pipelines and various kinds of automation processes.
The consultant will report administratively to Head Information Technology Service Centre at Headquarters Gaza and technically to the Senior Information Security Officer at Headquarters Amman.
Apply Now