Application Security Consultant

18 December, 2025

  • Share via email

    • Position Summary

    Position Description

    UNICC is committed to achieving diversity and inclusion within its workforce, providing an environment that reflects the values enshrined in the Charter of the United Nations and encourages all qualified applicants, irrespective of gender, nationality, disabilities, sexual orientation, culture, religious and ethnic backgrounds to apply. UNICC is dedicated to the SDGs, making SDG-5 (Gender Equality) and SDG-10 (Reduce Inequalities) the organization goals.

    https://www.un.org/sustainabledevelopment/sustainable-development-goals/

    The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.

    Background information:

    The Cybersecurity team provides application security assurance services amongst the different types of application testing and assurance services for the United Nations organizations and agencies. Application security includes technical testing i.e. static and dynamic analysis, additionally security controls, compliance and vulnerability testing activities.

    Main duties and responsibilities:

    The incumbent will work under the direct supervision and guidance of the Cybersecurity Specialist within the Cybersecurity Assurance & Architecture Section (CSA) and in close collaboration with other Cybersecurity teams. The incumbent could be requested to do any other tasks of similar level in related fields.

    • Support the development and execution of a comprehensive DevSecOps strategy, aligning security initiatives with business objectives and ensuring the integration of security into all aspects of the software development lifecycle
    • Collaborate in the design and implementation of secure architectures for applications and infrastructure
    • Support the development and implementation of advanced security automation solutions, optimizing processes for vulnerability management, incident response, and continuous monitoring
    • Establish and maintain key security metrics to measure the effectiveness of security controls, providing regular reports to executive leadership and stakeholders
    • Collaborate with cross-functional teams, including development, operations, and risk management, to ensure a holistic approach to security across the organization
    • Stay abreast of industry trends, emerging threats, and security technologies, and provide guidance on the adoption of innovative security solutions to strengthen the organization’s security posture
    • Provide guidance and mentorship to other members, participate in knowledge sharing initiatives, and contribute to the professional development of the AppSec team
    • Ensure compliance with relevant industry regulations and standards, acting as a subject matter expert on security matters during audits and assessments
    • The incumbent is expected to reside and provide cybersecurity services in time zones within either Americas or Europe
  • Support the development and execution of a comprehensive DevSecOps strategy, aligning security initiatives with business objectives and ensuring the integration of security into all aspects of the software development lifecycle
  • Collaborate in the design and implementation of secure architectures for applications and infrastructure
  • Support the development and implementation of advanced security automation solutions, optimizing processes for vulnerability management, incident response, and continuous monitoring
  • Establish and maintain key security metrics to measure the effectiveness of security controls, providing regular reports to executive leadership and stakeholders
  • Collaborate with cross-functional teams, including development, operations, and risk management, to ensure a holistic approach to security across the organization
  • Stay abreast of industry trends, emerging threats, and security technologies, and provide guidance on the adoption of innovative security solutions to strengthen the organization’s security posture
  • Provide guidance and mentorship to other members, participate in knowledge sharing initiatives, and contribute to the professional development of the AppSec team
  • Ensure compliance with relevant industry regulations and standards, acting as a subject matter expert on security matters during audits and assessments
  • The incumbent is expected to reside and provide cybersecurity services in time zones within either Americas or Europe

    • Recruitment Profile

    Experience and Skills required:

    Essential:

    • Minimum of five (5) years of proven experience in cybersecurity roles, with a strong focus on application security, DevSecOps, or application development
    • Sound knowledge of the application security and testing field, with an ethical attacker’s mindset
    • Proficiency in attack simulation using both automated and manual tools
    • Ability to independently conduct:
      • Static Code Analysis
      • Application Dynamic Analysis
      • Mobile application analysis
      • SBOM analysis
      • DevSecOps integration and security testing
      • API analysis
      • Threat modelling of large applications
      • Large Language Model (LLM) application testing
    • Experience conducting application assurance and assessment exercises in a team setting
    • Knowledge of DevSecOps principles and familiarity with Kubernetes and container security
    • Knowledge of commercial products and open-source products for SAST, SCA and DAST solutions
    • Willingness to share knowledge and work with the team to enhance the security posture of the United Nations Organizations
  • Minimum of five (5) years of proven experience in cybersecurity roles, with a strong focus on application security, DevSecOps, or application development
  • Sound knowledge of the application security and testing field, with an ethical attacker’s mindset
  • Proficiency in attack simulation using both automated and manual tools
  • Ability to independently conduct:
    • Static Code Analysis
    • Application Dynamic Analysis
    • Mobile application analysis
    • SBOM analysis
    • DevSecOps integration and security testing
    • API analysis
    • Threat modelling of large applications
    • Large Language Model (LLM) application testing
    • Static Code Analysis
    • Application Dynamic Analysis
    • Mobile application analysis
    • SBOM analysis
    • DevSecOps integration and security testing
    • API analysis
    • Threat modelling of large applications
    • Large Language Model (LLM) application testing
  • Static Code Analysis
  • Application Dynamic Analysis
  • Mobile application analysis
  • SBOM analysis
  • DevSecOps integration and security testing
  • API analysis
  • Threat modelling of large applications
  • Large Language Model (LLM) application testing
  • Experience conducting application assurance and assessment exercises in a team setting
  • Knowledge of DevSecOps principles and familiarity with Kubernetes and container security
  • Knowledge of commercial products and open-source products for SAST, SCA and DAST solutions
  • Willingness to share knowledge and work with the team to enhance the security posture of the United Nations Organizations

    • Desirable:

    • Prior experience working in highly regulated environments, such as government agencies, defense, or major private sector organizations, with hands-on experience in at least one compliance or audit standard (e.g., ISO 27001, NIST, GDPR, PCI-DSS, SWIFT)
    • Proven experience participating in international vulnerability disclosure programs or bug bounty platforms, with public recognition in security halls of fame or published CVEs
    • Experience as a speaker, trainer, or author at recognized cybersecurity events, conferences, or courses.
    • Good proficiency in Python, Bash and PowerShell
    • Experience in academic environments, such as postgraduate teaching or mentoring in cybersecurity master’s programs.
    • Experience working in an international and globally distributed environment
    • Knowledge of threat modeling and risk assessment techniques
    • Demonstrated ability to integrate AI-based solutions into cybersecurity environments to optimize performance, improve results, and enhance service quality for clients
  • Prior experience working in highly regulated environments, such as government agencies, defense, or major private sector organizations, with hands-on experience in at least one compliance or audit standard (e.g., ISO 27001, NIST, GDPR, PCI-DSS, SWIFT)
  • Proven experience participating in international vulnerability disclosure programs or bug bounty platforms, with public recognition in security halls of fame or published CVEs
  • Experience as a speaker, trainer, or author at recognized cybersecurity events, conferences, or courses.
  • Good proficiency in Python, Bash and PowerShell
  • Experience in academic environments, such as postgraduate teaching or mentoring in cybersecurity master’s programs.
  • Experience working in an international and globally distributed environment
  • Knowledge of threat modeling and risk assessment techniques
  • Demonstrated ability to integrate AI-based solutions into cybersecurity environments to optimize performance, improve results, and enhance service quality for clients

    • Education:

    Essential:

    • First university degree in Information Technology, Cybersecurity, Computer Science or related field
  • First university degree in Information Technology, Cybersecurity, Computer Science or related field

    • Desirable:

    • Hold application security test certifications from one of the following vendors: Offensive Security, GIAC, Zero Point Security, Mobile Hacking Lab, Crest, PortSwigger, eLearnSecurity, CompTIA, other vendors
  • Hold application security test certifications from one of the following vendors: Offensive Security, GIAC, Zero Point Security, Mobile Hacking Lab, Crest, PortSwigger, eLearnSecurity, CompTIA, other vendors

    • Languages:

    • English: Expert knowledge is required
  • English: Expert knowledge is required

    • UNICC Global Competencies:

    • Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
    • Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
    • Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
    • Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
    • Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
    • Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
  • Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
  • Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
  • Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
  • Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
  • Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
  • Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.

    • Please find below a link to the UNICC Privacy Notice for Applicants.

    Other Information

    Compensation:

    Fee will be based either on the National Officer salary scales or the Individual Consultancy band levels (for Headquarters) 

  • National Officer Salary Scale
  • For headquarters, Individual Consultancy band levels will be used

    • Closing date for applications:

    Applications will be accepted until midnight (Geneva Time) on the 8 February 2026

    Notes:

    • Technical and/or personality tests may be carried out as part of the selection process
    • Only short-listed candidates will be contacted
    • Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position
  • Technical and/or personality tests may be carried out as part of the selection process
  • Only short-listed candidates will be contacted
  • Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

    • The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

    For applications to be valid, they must contain a motivation letter and the filled Personal History Form.

    Apply For This Job

    At Impactpool we do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
    Before applying, please make sure that you have read the requirements for the position and that you qualify. Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.