Cybersecurity Incident Handling Consultant

18 December, 2025

  • Share via email

    • Position Summary

    Position Description

    UNICC is committed to achieving diversity and inclusion within its workforce, providing an environment that reflects the values enshrined in the Charter of the United Nations and encourages all qualified applicants, irrespective of gender, nationality, disabilities, sexual orientation, culture, religious and ethnic backgrounds to apply. UNICC is dedicated to the SDGs, making SDG-5 (Gender Equality) and SDG-10 (Reduce Inequalities) the organization goals.

    https://www.un.org/sustainabledevelopment/sustainable-development-goals/

    The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.

    Background information:

    Deliver front-line cybersecurity support to UNICC Partners by serving as a Security Incident Handler in a global follow-the-sun model.

    Main duties and responsibilities:

    The incumbent will work under the direct supervision and guidance of the Cybersecurity Operations Officer (Incident Response and Malware Analysis) within the Cybersecurity Operations Section (CSO). The incumbent could be requested to do any other tasks of similar level in related fields. The incumbent will perform the following duties:

    • Following the unit’s best practices, execute security incident response activities, including initial triage, evidence collection, containment of malicious activity, eradication of threats, and verification that affected systems are restored to a secure operational state
    • Support the coordination of security incident response efforts by working closely with system administrators and business stakeholders to ensure timely communication, efficient remediation, and alignment with established response procedures during active security incidents
    • Conduct proactive threat-hunting activities by analyzing endpoint, network and cloud telemetry with the objective of identifying signs of compromise
    • Collaborate in the delivery of clear, audience-appropriate presentations of incident findings, translating technical details into business-relevant information for business, summarizing risk and remediation steps for management, and providing deeper technical briefings for engineering and security teams
    • Collaborate closely with SOC analysts to refine alerting criteria, ensuring detection rules, correlation logic, and playbooks accurately reflect current threat behaviors and reduce false positives, while allowing faster and more accurate escalation into full incident response
    • Provide feedback and lessons learned from security incident investigations back to the SOC, helping enhance analyst training, improve triage methodologies, and guide continuous tuning of security monitoring
    • Support the development and implementation of KPIs to measure the effectiveness of cybersecurity operations capabilities
    • Support the definition and maintenance of detection rules and response logic by translating incident learnings, and new attacker techniques into actionable SIEM detections rules that enable the SOC to identify new threats quickly and more accurately
    • The incumbent is expected to reside and provide cybersecurity services in time zones within either Americas or Asia
  • Following the unit’s best practices, execute security incident response activities, including initial triage, evidence collection, containment of malicious activity, eradication of threats, and verification that affected systems are restored to a secure operational state
  • Support the coordination of security incident response efforts by working closely with system administrators and business stakeholders to ensure timely communication, efficient remediation, and alignment with established response procedures during active security incidents
  • Conduct proactive threat-hunting activities by analyzing endpoint, network and cloud telemetry with the objective of identifying signs of compromise
  • Collaborate in the delivery of clear, audience-appropriate presentations of incident findings, translating technical details into business-relevant information for business, summarizing risk and remediation steps for management, and providing deeper technical briefings for engineering and security teams
  • Collaborate closely with SOC analysts to refine alerting criteria, ensuring detection rules, correlation logic, and playbooks accurately reflect current threat behaviors and reduce false positives, while allowing faster and more accurate escalation into full incident response
  • Provide feedback and lessons learned from security incident investigations back to the SOC, helping enhance analyst training, improve triage methodologies, and guide continuous tuning of security monitoring
  • Support the development and implementation of KPIs to measure the effectiveness of cybersecurity operations capabilities
  • Support the definition and maintenance of detection rules and response logic by translating incident learnings, and new attacker techniques into actionable SIEM detections rules that enable the SOC to identify new threats quickly and more accurately
  • The incumbent is expected to reside and provide cybersecurity services in time zones within either Americas or Asia

    • Recruitment Profile

    Experience and Skills required:

    Essential:

    • Proven experience of minimum five (5) years in conducting operational cybersecurity incident response activities
    • Strong understanding of SIEM technologies and experience in developing and fine-tuning SIEM use cases
    • Strong understanding of EDR technologies
    • Proven experience in reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
  • Proven experience of minimum five (5) years in conducting operational cybersecurity incident response activities
  • Strong understanding of SIEM technologies and experience in developing and fine-tuning SIEM use cases
  • Strong understanding of EDR technologies
  • Proven experience in reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)

    • Desirable:

    • Experience of Mobile Threat Analysis
    • Experience in malware reversing engineering techniques and tools
    • Experience in scripting languages such as Python, PowerShell, or Bash for automation purposes
    • Knowledge of static and dynamic code analysis on x86
  • Experience of Mobile Threat Analysis
  • Experience in malware reversing engineering techniques and tools
  • Experience in scripting languages such as Python, PowerShell, or Bash for automation purposes
  • Knowledge of static and dynamic code analysis on x86

    • Education:

    Essential:

    • First university level degree in Computer Science or related field
  • First university level degree in Computer Science or related field

    • Desirable:

    • At least one of the following technical certifications: GCFE, OSCP, GCIH, GCIA, GPEN, GCFA or other GIAC/similar certifications
  • At least one of the following technical certifications: GCFE, OSCP, GCIH, GCIA, GPEN, GCFA or other GIAC/similar certifications

    • Languages:

    • English: Expert knowledge is required
    • French: Beginner knowledge is desirable
  • English: Expert knowledge is required
  • French: Beginner knowledge is desirable

    • UNICC Global Competencies:

    • Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
    • Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
    • Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
    • Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
    • Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
    • Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
  • Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
  • Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
  • Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
  • Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
  • Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
  • Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
    • Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
  • Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.

    • Please find below a link to the UNICC Privacy Notice for Applicants.

    Other Information

    Compensation:

    Fee will be based either on the National Officer salary scales or the Individual Consultancy band levels (for Headquarters) 

  • National Officer Salary Scale
  • For headquarters, Individual Consultancy band levels will be used

    • Closing date for applications:

    Applications will be accepted until midnight (Geneva Time) on the 8 February 2026

    Notes:

    • Technical and/or personality tests may be carried out as part of the selection process
    • Only short-listed candidates will be contacted
    • Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position
  • Technical and/or personality tests may be carried out as part of the selection process
  • Only short-listed candidates will be contacted
  • Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

    • The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

    For applications to be valid, they must contain a motivation letter and the filled Personal History Form.

    Apply For This Job

    At Impactpool we do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
    Before applying, please make sure that you have read the requirements for the position and that you qualify. Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.