Consultant (Software Developer / Full-Stack Developer) - UN Satellite Operator Contact Hub

• Completeness and technical quality of the delivered application against the agreed scope and milestones; • Timeliness of delivery against the approved implementation schedule and hard deadlines; • Functionality and reliability of the backend, database, authentication, role-based access control, directory, profile workflows, admin panel, imports, notifications and audit logs; • Quality of security controls, including 2FA, input validation, rate limiting, role enforcement and OWASP Top 10 baseline review; • Responsiveness to testing feedback and effectiveness in resolving bugs; • Quality, clarity and usability of administrator and developer documentation; • Successful deployment to the designated production infrastructure and readiness for UNOOSA go-live; • Professional communication, coordination and reporting to UNOOSA and technical stakeholders; • Maintainability of the source code, database design and deployment configuration.

Home-based

1 June 2026 to 31 August 2026

Under the supervision of UN-SPIDER/UNOOSA and in close coordination with designated UNOOSA focal points, technical reviewers, the hosting/infrastructure provider and any other stakeholders identified by UNOOSA, the Consultant will perform the following tasks: A. Requirements confirmation, technical planning and system design • Review the approved project proposal, prototype, clarification decisions and any additional requirements provided by UNOOSA. • Prepare a concise implementation plan confirming scope, milestones, technical stack, development workflow, dependencies, assumptions, risks and sign-off criteria. • Confirm the application architecture, database schema, role model, user journeys, data model and security controls before full implementation. • Identify any outstanding technical or operational decisions required from UNOOSA, including domain, email account, UNICC hosting parameters, admin accounts, terms and conditions text, and initial operator/testing users. B. Foundation, database and backend development • Design and implement a persistent PostgreSQL database covering users, operators, satellites, registration requests, profile-change requests, audit logs, terms acceptance records, API keys and relevant system metadata. • Replace any mock data, localStorage or prototype-only elements with a real backend and database-backed APIs. • Implement secure email/password authentication, hashed password storage, email verification, email-based two-factor authentication and secure session management using signed tokens or an equivalent secure mechanism. • Implement database-level and API-level role enforcement for the two approved user roles: Administrator and Operator. • Wire all relevant application routes and API endpoints to the persistent backend and ensure that data persists across browser sessions, page refreshes and server restarts. C. Operator registration, directory and profile management • Implement operator registration and approval workflow, including registration submission, administrator review, approval, rejection and status tracking. • Develop the restricted operator directory with search, filter and pagination functionality backed by the real database. • Implement operator profile management across the agreed profile sections, including contact information, emergency contact information, compliance, constellation, coordination, partnership and trust-related information. • Implement a profile-change workflow in which operators may save drafts, submit updates for review, and administrators may approve or reject changes. • Implement a profile completion tracker that reflects actual data completeness and supports administrative oversight. D. Satellite data management and SATCAT import • Implement operator-level satellite management, including manual entry, editing and removal of satellite records. • Implement operator-level CSV bulk import for satellite data with clear validation, error reporting and duplicate-handling rules. • Implement an administrator-level SATCAT bulk import tool for importing satellite data from external sources, to be completed after core application functionality is tested. • Ensure imported satellite records are traceable, auditable and associated with the relevant operator or administrative import action. E. Administrative panel, workflow management and notifications • Complete the administrative panel for registration review, operator management, profile-update review, satellite data oversight, audit-log review and system administration. • Implement administrator functions to approve, reject, suspend and reinstate operators. • Implement secure API key generation, storage and revocation if retained as part of the approved system scope. • Track and store acceptance of terms and conditions for relevant user actions. • Configure transactional email notifications using the UNOOSA-provided email account/domain, including registration, email verification, welcome, approval, rejection, profile-update approval/rejection and other workflow notifications approved by UNOOSA. F. Security, data protection and quality assurance • Apply secure development practices appropriate for a restricted directory containing organizational contact information and operational coordination data. • Implement input validation and sanitization across all forms and API endpoints. • Implement rate limiting and server-side access controls for all API endpoints. • Conduct an OWASP Top 10 baseline security review, including checks for authentication, authorization, injection, cross-site scripting, sensitive data exposure, insecure direct object references and misconfiguration risks. • Ensure audit logging captures material user, operator and administrator actions without exposing passwords, secrets or unnecessary sensitive data. • Prepare and execute a structured testing plan covering unit-level checks where feasible, user acceptance testing, role-based access testing, workflow testing, import testing, email notification testing and performance testing with realistic data volumes. G. Development server, phased testing and bug fixing • Deploy the application to a development/test server for review by UNOOSA and selected tester/partner operators. • Support phased testing as features are completed, including recording feedback, clarifying issues, prioritizing fixes and providing regular progress updates. • Resolve bugs identified during testing and maintain a simple issue log showing reported issues, status, resolution and date closed. • Ensure the system is sufficiently stable for tester/partner operator review before production deployment. H. Production deployment on UNICC infrastructure • Coordinate with UNOOSA and UNICC or other designated hosting/infrastructure focal points for production deployment requirements. • Prepare production configuration, environment variables, secrets management approach, database backup configuration and deployment steps. • Deploy the final application to the UNICC-provided server and configure the UNICC-provided domain, subject to access and permissions provided by the relevant infrastructure owner. • Conduct post-deployment verification to confirm that authentication, directory functions, profile workflows, imports, notifications, audit logs and administrator functions operate correctly in the production environment. I. Documentation, training and handover • Prepare an administrator user guide explaining how to manage registrations, operators, approvals, profile changes, satellite records, SATCAT imports, API keys where applicable, audit logs and common support issues. • Prepare developer documentation covering system architecture, technology stack, setup instructions, environment variables, database schema, API routes, deployment steps, backup/restore considerations and maintenance notes. • Prepare a short video walkthrough or equivalent live handover session for the UNOOSA team. • Provide an organized handover package including source code repository, documentation, configuration templates, deployment notes, known limitations and outstanding items, if any. J. Post-deployment bug-fix support • Provide post-deployment bug-fix support for six months after go-live, limited to correcting defects in the delivered functionality. • Respond to bug reports from UNOOSA within agreed response times and provide fixes or workarounds where feasible. • Clarify whether any requested change constitutes a new feature outside the agreed scope and therefore requires a separate agreement or contract.

• An advanced university degree (Master's degree or equivalent) in computer science, software engineering, information systems, data science or a related field is required. A first-level university degree in a relevant field combined with two (2) additional years of qualifying professional experience may be accepted in lieu of the advanced degree. • At least five (5) years of progressively responsible professional experience in full-stack web application development is required. • Demonstrated experience developing secure production-grade web applications with database-backed user management, authentication, role-based access control and administrative workflows is required. • Experience with PostgreSQL or comparable relational databases, RESTful APIs, secure session management, email notification systems and deployment to Linux/cloud or institutional hosting environments is required. • Experience implementing two-factor authentication, audit logging, rate limiting, input validation and secure coding practices is required. • Experience developing directory, registry, contact-management, operator-management, or similar workflow-based systems is desirable. • Experience working with geospatial, satellite, space, telecommunications, emergency-response or technical coordination datasets is desirable. • Experience deploying applications in UN, government, international organization or other high-compliance environments is desirable.

English and French are the working languages of the United Nations Secretariat. For this assignment, fluency in English, both oral and written, is required. Knowledge of another official United Nations language is desirable.

Not available.

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.