Tiered Approach

In line with the commitment to safeguard capacity and support personnel already in the Organization, a majority of UNDP UNCDF/UNV vacancies are advertised using a tiered application process whereby:

• Tier 0: UNDP/UNCDF/UNV IP staff holding permanent (PA) and fixed-term (FTA) appointments, whose posts will be abolished, or contracts will be terminated or not renewed during 2026.
• Tier 1: Other UNDP/UNCDF/UNV staff holding permanent (PA) and fixed-term (FTA) appointments
• Tier 2: UNDP/UNCDF/UNV staff holding temporary appointments (TA), personnel on regular PSA contracts, and Expert and Specialist UN Volunteers
• Tier 3 or no tier indicated: All other contract types from UNDP/UNCDF/UNV and other agencies, and other external candidates

Please make note of the Tier(s) indicated in the vacancy title, if any, and ensure that you satisfy the eligibility to apply.

Background

UNDP works in about 170 countries and territories, helping to eradicate poverty, reduce inequalities and exclusion, and build resilience so countries can sustain progress. As the UN’s development agency, UNDP plays a critical role in helping countries achieve the Sustainable Development Goals. Our people are united by a common call to action: building a fairer and more inclusive world for those in need through sustainable development.

The Cybersecurity Engineer plays a vital role within the Office of Information Management and Technology (IMT), ensuring that UNDP’s information assets are protected across multi-cloud environments. This position contributes to the organization's alignment with robust cybersecurity standards and policies, reinforcing risk management and compliance frameworks required by UNDP's security objectives.

Position Purpose

The Cybersecurity Engineer is a key member of UNDP’s Office of Information Management and Technology (IMT) cybersecurity team, responsible for safeguarding UNDP’s information assets across a multi-cloud environment. The role is aligned with UNDP’s ISO 27001-certified Information Security Management System (ISMS) and entails designing secure cloud architectures (primarily in Microsoft Azure and Google Cloud Platform), implementing and operating security controls in line with SecDevOps principles, and ensuring continuous compliance with international cybersecurity standards and best practices. The incumbent will also collaborate with other members of the cybersecurity team on risk management, security operations, and user awareness to maintain a robust cyber-secure environment for UNDP. All candidates are expected to embody UNDP’s values and demonstrate technical excellence in the rapidly evolving field of cybersecurity.

UNDP adopts a portfolio approach to accommodate changing business needs and leverage linkages across interventions to achieve its strategic goals. This is a recognition of interconnected nature of development risks & crises that the world is facing and that call for assembling of multidisciplinary teams for an integrated & systemic response. Therefore, UNDP personnel are expected to work across issues, units, functions, teams and projects in multidisciplinary teams in order to enhance and enable horizontal collaboration.

Duties and Responsibilities

Ensure the design and implementation of Multi-Cloud Security Architecture, and integration of SecDevOps and Security Control:

• Design, implement, and continuously improve the security architecture for UNDP’s multi-cloud infrastructure, with primary focus on Microsoft Azure and Google Cloud Platform (knowledge of AWS is an advantage).
• Ensure that cloud network configurations, services, and applications are architected securely in accordance with UNDP’s cybersecurity policies, best practices and comply with ISO 27001 requirements. Recommend and implement enhancements to cloud security architecture to address identified risks and emerging threats.
• Develop and operate security controls following SecDevOps principles. Integrate security measures into the software development lifecycle and CI/CD pipelines, ensuring that security is “built-in” from design through deployment.
• Automate security testing and infrastructure compliance checks by building scripts and pipelines to reduce manual work and human error. Collaborate with DevOps and Cloud Infrastructure teams to embed vulnerability scanning, code analysis, and configuration checks into release processes.

Ensure Cybersecurity Operations-Incident Response and Risk Assessment-Vulnerability Management:

• Operate and enhance UNDP’s cybersecurity protection systems on-premises and in the cloud, including Security Information and Event Management (SIEM) tools, Security Orchestration, Automation and Response (SOAR) platforms, intrusion detection/prevention systems (IDS/IPS), vulnerability scanners, and network monitoring tools.
• Continuously improve detection mechanisms to generate high-fidelity and low-noise security events and alerts for signs of suspicious or unauthorized activity. Act as an escalation point and assist Security Operations Center and Incident Response team to investigate and respond to security incidents by executing containment, eradication, and recovery actions. Maintain incident playbooks and ensure all security incidents are documented and lessons learned are integrated into preventive measures.
• Contribute to the regular cybersecurity risk assessments and vulnerability analyses for UNDP’s IT systems and cloud services. Identify potential vulnerabilities and control gaps in applications, infrastructure, and cloud configurations. Recommend and, where applicable, implement mitigation strategies or compensating controls for risks of high severity.
• Assist business units in defining security requirements for new ICT projects and perform security reviews to validate that proposed solutions or changes meet UNDP’s security policies and standards. Track and oversee remediation of identified vulnerabilities.

Ensure Business Continuity & Disaster Recovery Support:

• Support IT service continuity, availability, and disaster recovery planning from a cybersecurity perspective. Contribute to the development and maintenance of ITM business continuity, disaster recovery, and service continuity (BCP/DRP/SCA) plans, ensuring that cybersecurity considerations are incorporated.
• Provide guidance to UNDP business units on aligning their local DR arrangements with corporate standards and ensuring critical systems can be restored timely and securely in the event of disruptions. Participate in periodic BC/DR exercises and recommend improvements to recovery strategies.

Facilitate Security Awareness & Training:

• Develop and deliver security awareness content like webinars and periodic security advisories for both technical staff and general UNDP personnel.
• Organize and lead in-house training sessions on relevant security topics for ITM colleagues and broader UNDP IT community. Champion a culture of security by communicating risks and behaviors in a relatable way, and gather feedback to continually improve awareness initiatives.

Ensure Documentation, Reporting and Facilitate Knowledge Management:

• Ensure all security architecture designs, configurations, operational procedures, improvements, and lessons learned from incident reports are well-documented.
• Prepare regular status reports and presentations for CISO, ITM management and other UNDP stakeholders on cybersecurity posture, key risks, and project updates. Contribute to policy documentation and the development of guidelines or standards as needed.
• Provide sound contributions to knowledge networks and communities of practice

The incumbent performs other duties within their functional profile as deemed necessary for the efficient functioning of the Office and the Organisation.

Supervisory/Managerial Responsibilities: None

Competencies

• Core Competencies:

Achieve Results: LEVEL 3: Set and align challenging, achievable objectives for multiple projects, have lasting impact

Think Innovatively: LEVEL 3: Proactively mitigate potential risks, develop new ideas to solve complex problems

Learn Continuously: LEVEL 3: Create and act on opportunities to expand horizons, diversify experiences

Adapt with Agility: LEVEL 3: Proactively initiate and champion change, manage multiple competing demands

Act with Determination: LEVEL 3: Think beyond immediate task/barriers and take action to achieve greater results

Engage and Partner: LEVEL 3: Political savvy, navigate complex landscape, champion inter-agency collaboration

Enable Diversity and Inclusion: LEVEL 3: Appreciate benefits of diverse workforce and champion inclusivity

• Cross-Functional & Technical competencies:

Business Direction & Strategy-System Thinking: Ability to use objective problem analysis and judgement to understand how interrelated elements coexist within an overall process or system, and to consider how altering one element can impact on other parts of the system

Business Management-Portfolio Management: Ability to select, prioritize and control the organization’s programmes and projects, in line with its strategic objectives and capacity; ability to balance the implementation of change initiatives and the maintenance of business-as-usual, while optimizing return on investment.

Business Direction and Strategy-Business acumen: Ability to identify funding sources, match funding needs (programmes/projects/initiatives) with funding opportunities, and establish a plan to meet funding requirements.

Business Management-Customer Satisfaction/Client Management: Ability to respond timely and appropriately with a sense of urgency, provide consistent solutions, and deliver timely and quality results and/or solutions to fulfil and understand the real customers' needs. Provide inputs to the development of customer service strategy. Look for ways to add value beyond clients’ immediate requests Ability to anticipate client’s upcoming needs and concerns.

Digital-Cyber and Data Privacy Security Risk Management: Ability to anticipate, prepare for and respond to potential Risks and issues that may results in Data breach that can cause potential identity theft and personal harm and can also negatively impact UNDP's reputation

Digital-Data Engineering: Ability in programming languages such as SQL, Python, and R, be adept at finding warehousing solutions, and using ETL (Extract, Transfer, Load) tools, and understanding basic machine learning and algorithms.

Digital-Digital Privacy and digital ethics: Knowledge of ethical usage of digital technology (e.g. AI, robotics, automation) and data. Ability to assess ethical implications when using, combining or sharing data, when building or implementing AI systems, and when advising on robotisation and automation etc. Ability to design privacy protocols to ensure data is protected and used for legitimate purposes without unnecessary privacy risks.

Required Skills and Experience

Education:

• Advanced university degree (master’s degree or equivalent) in Information Systems, Computer Science, Engineering, or relevant related field is required. Or
• A first-level university degree (bachelor’s degree) of the abovementioned areas, in combination with two (2) additional years of qualifying experience will be given due consideration in lieu of the advanced university degree.
• Professional cybersecurity certifications confirming hands-on cybersecurity skills are desirable – examples include GIAC certifications such as GCIH, GCFA, or other relevant credentials.
• Certification as an ISO 27001 Lead Implementer/Auditor is an advantage.

Experience:

• A minimum of five (5) years (with master’s degree) or seven (7) years (with bachelor’s degree) of relevant professional experience in information security/cybersecurity is required.
• Experience in hands-on security engineering and operations in a large enterprise or international organization environment is required.
• Experience in managing or securing cloud platforms (with emphasis on Azure and GCP), building automated cybersecurity processes and CI/CD pipelines for SecDevOps, conducting risk assessments and vulnerability management, and responding to cybersecurity incidents at scale, is required.
• Working experience with the UN/UNDP , NGOs, or with multicultural environments is an asset.
• Proficiency in cloud computing technologies and security measures is required.
• Demonstrated experience with cloud-native security tools and services on Azure and GCP (e.g., Azure Security Center/Defender, GCP Security Command Center, identity and access management in cloud, network security groups, etc.) is desirable.
• Proven familiarity with Amazon Web Services is an asset.
• Proven knowledge of containerization and microservices security (e.g., Kubernetes security, service mesh) and modern architecture is desirable.
• Experience and solid understanding of SecDevOps practices is required.
• Proven ability to automate security controls and integrate security into CI/CD pipelines is desired.
• Proficient in scripting (Python with PowerShell being a plus) to develop tools that automate cybersecurity tasks and workflows is required.
• Experience with infrastructure as code (IaC) and configuration management for enforcing security baselines is desirable.

Language:

• Fluency in English, with excellent written and verbal communication skills is required. (The ability to convey technical information to both technical and non-technical audiences is required.)
• Working knowledge of another UN official language is an asset.

Equal opportunity

As an equal opportunity employer, UNDP values diversity as an expression of the multiplicity of nations and cultures where we operate and, as such, we encourage qualified applicants from all backgrounds to apply for roles in the organization. Our employment decisions are based on merit and suitability for the role, without discrimination.

UNDP is also committed to creating an inclusive workplace where all personnel are empowered to contribute to our mission, are valued, can thrive, and benefit from career opportunities that are open to all.

Sexual harassment, exploitation, and abuse of authority

UNDP does not tolerate harassment, sexual harassment, exploitation, discrimination and abuse of authority. All selected candidates, therefore, undergo relevant checks and are expected to adhere to the respective standards and principles.

Probation

For all new UNDP fixed term appointments (FTA), including for staff members being transferred or seconded to UNDP under the Inter-Organization Agreement concerning Transfer, Secondment or Loan of Staff, on an appointment of more than one year, continuation of the appointment beyond the initial 12 months is contingent upon the successful completion of a probationary period.

Right to select multiple candidates

UNDP reserves the right to select one or more candidates from this vacancy announcement. We may also retain applications and consider candidates applying to this post for other similar positions with UNDP at the same grade level and with similar job description, experience and educational requirements.

Use of AI by candidates

Applicants are invited to read UNDP’s guidance for candidates on using AI responsibly in UNDP recruitment and selection

Scam alert

UNDP does not charge a fee at any stage of its recruitment process. For further information, please see www.undp.org/scam-alert.