The United Nations Relief and Works Agency for Palestine Refugees in the Near East (UNRWA) is undertaking a major digital transformation to enhance its healthcare services. This initiative involves replacing the network connections of Health centers with modern, secure connection providing significantly improved quality of services. Cybersecurity Operations consultant will be responsible for implementing, maintaining and improving vulnerability management program focusing on infrastructure and application related vulnerabilities as well as externally identified vulnerabilities and threat intelligence feeds. The consultant is actively supporting SOC operations in the detection, analysis, containment, and remediation of security incidents as per the followings

Amman

12 months

Specific Outputs/Tasks include but not limited to: Vulnerability Management - Aggregate, analyze, and prioritize vulnerabilities identified from multiple sources, including Application security testing, Infrastructure and network vulnerability scans, External attack surface monitoring and threat intelligence feed - Perform risk-based triage of vulnerabilities considering exploitability, business impact, and threat context. - Coordinate remediation activities with IT, infrastructure, and application owners. - Track remediation progress and validate closure of vulnerabilities. - Maintain vulnerability metrics, dashboards, and regular status reporting. Incident Handling & Response - Actively support SOC operations in the detection, analysis, containment, and remediation of security incidents as per the followings: - Monitor SIEM, EDR, and security tools in real time; triage and classify incoming alerts as true/false positives - Execute predefined playbooks and SOPs for common alert types (phishing, malware, brute force) - Perform basic IOC lookups using threat intelligence platforms and open-source tools - Document all incidents in the ticketing system with accurate severity, context, and initial findings - Escalate confirmed or complex incidents to Tier 2 with complete supporting evidence - Report recurring false positives and log ingestion gaps to support detection tuning Governance & Continuous Improvement - Ensure alignment of vulnerability and incident management activities with internal security policies and risk management practices. - Identify systemic weaknesses and recurring issues, and propose pragmatic improvement actions. - Provide regular reporting to security leadership on vulnerability trends, incident insights, and risk exposure. - Provide active support during security incidents and events that affect organizational assets, including intellectual property, sensitive data and the organization’s reputation. - Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls. - Ensure that security programs are in compliance with relevant rules, regulations, policies and standards to minimize or eliminate risks and audit findings. - Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action. - Perform technical security assessments and develop strategies for remediating vulnerabilities and risks identified. - Provide active support to users for daily security requests including SASE requests, web flittering, firewall requests 1. Deliverables - Prioritized vulnerability backlog with remediation tracking - Periodic vulnerability and incident management reports - Incident analysis summaries and lessons learned

University degree from accredited educational institution in computer sciences or information technology or other related discipline. • Minimum 6 years of experience for a bachelor’s degree and a minimum of 5 years for a master’s degree. • Deep domain expertise in vulnerability management • Varied experience in application development, SOC, system/infrastructure management • Excellent command of English, with proven communication skills • Cybersecurity certification related to vulnerability management like CEH, Comptia Security+ / Pentest+, GIAC or OSCP is desirable.

English and Arabic are the working languages of UNRWA. For this assignment, fluency in both Arabic and English are required.

CONDITIONS OF SERVICE • The consultancy is based in UNRWA HQA Amman - Jordan. • The selected candidate will receive a monthly remuneration that is equivalent to A16 Step 1 amounting to JOD 1,190.43 for every fully completed month. • The duration of the Contract is up to 12 months, and the possibility of extension is subject to the availability of funds and continuing need and satisfactory performance. • As part of Digital Impact, Technology and Innovation Department (DITID)and digital workspace the role works under the overall supervision of the Chief Digital Risk Officer.

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.