Position Summary
Categoría de Puesto | Vacancy |
Vacancy Notice Number | ICC/24/BSI/2 |
Position Title | Associate Cybersecurity IAM Engineer |
Position Type | Fixed term |
Number of Positions | 1 |
Date of Issue | 08/04/2024 |
Date of Closing | 17/04/2024 |
Grade | P2 |
Annual Salary Estimation | USD 63,931 (single rate, including post adjustment) |
Duty Station | Brindisi, Italy |
Organizational Location/Unit | Cybersecurity Architecture, Identity and Access Unit (CSA) |
Position Description
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.
Purpose of the Position:
The Associate Cybersecurity IAM (Identity and Access Management) Engineer will provide services to assist and support UNICC and its client organizations in implementing and administrating identity and access management solutions and collaborate with other operations team in managing the identity lifecycle.
The incumbent will provide services to client organizations either independently or through guidance of IAM specialist, depending on size and complexity of client organization and related needs.
Objectives of the Programme:
The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.
Main duties and responsibilities:
The incumbent will work under the direct supervision and guidance of the Head, Cybersecurity Architecture, Identity and Access Unit (CSA) unit within the Cybersecurity Division (CS) and in close collaboration with other Cybersecurity teams. The incumbent could be requested to do any others tasks of similar level in related fields.
The post holder will work on the following tasks:
- Implement and configure the identity and access management solution to automate the organization joiner, mover, and leaver process for user account creation and deprovisioning based on the Human Resource activities
- Configure authentication methods such as SAML and OAuth against the directory for seamless user onboarding and offboarding processes
- Configure identity and access management tools to define and enforce access controls based on business roles, least privilege principles, and organizational policies
- Implement PAM (Privilege Access Management) and PIM (Privilege Identity Management) solution based on security best practices
- Automate complex IAM and PAM lifecycle management process using PowerShell and python scripting
- Enforce security best practices and zero trust principle for organizations identity lifecycle and governance
- Implement and administer security monitoring for IAM and PAM use cases to detect and respond to potential threats
- Deploy and administer PKI (Public Key Infrastructure) and enterprise certificate management services
- Stay up to date with security issues and best practices related to risk management
- Monitor emerging threats trends, and advise relevant stakeholders on the appropriate courses of action
- Collaborate as a key team player in designing and implementing complex IAM, PAM and PKI based technologies and projects
- Guide and empower other consultants and junior team members with basic technical and security issues
- Other: provide other ad hoc support either within your team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full time basis upon request from the senior management
Recruitment Profile
Experience and Skills required:
Essential:
- Two (2) years experience in the following areas:
- Identity and access management solution i.e. Okta, Accessflow, One Identity
- Privilege Identity and access management (PIM/PAM) i.e. Cyberark, Beyond trust
- Active directory and Azure Active Directory
- Strong understanding of Federation Protocols (Oauth, SAML, OpenID), and Single Sign On (SSO) models
- Strong understanding of access control principles, recertification process, authentication methods, and authorization mechanisms. Experience with implementing and managing identity life cycle solution
- Proficiency in scripting languages (e.g., PowerShell, Python) to automate routine tasks, streamline processes, and perform bulk operations for directory services
- In-depth knowledge of directory services such as Microsoft Active Directory, LDAP (Lightweight Directory Access Protocol), and other directory solutions. Understand the architecture, components, and functionalities of directory services
- Strong understanding of PKI and cryptographic algorithms
- Strong understanding of security control frameworks and zero trust approach
Desirable:
- Project management skills and ability to work on multiple projects under strict timelines
- Experience with security incident response and management process
Education*:
Essential:
- First university degree in Computer Science, Engineering or related area
- IAM certification from Microsoft, Oracle, Okta, One Identity, Azure, Google or Accessflow
- PAM certification from Cyberark or Beyondtrust
Desirable:
- Advanced university degree in Cybersecurity, Computer Science,Engineering or related area
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials
- Project Management qualification, such as PRINCE2
- Service management qualification, such as ITIL Practitioner
Languages:
- English: Expert knowledge is required
- Knowledge of the local language of the Duty Station will be an advantage
UNICC Global Competencies:
- Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
- Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
- Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
- Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
- Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
Other Information
Compensation:
Annual Salary Estimation (net of tax at single rate):
- Brindisi (Italy), including post adjustment (29,8% on March 2024): US$ 63,931.
UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grant, dependency allowance, language allowance, or education grant.
Closing date for applications:
Applications will be accepted until midnight (Geneva Time) on 17 April 2024.
Notes:
- Technical and/or personality tests may be carried out as part of the selection process
- Only short-listed candidates will be contacted
- Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position
* For UNICC staff members who do not meet the minimum educational qualifications, please refer to the applicable WHO e-Manual Annex 6 – Guidelines on Standard Minimum Experience Exposure and Education Requirements
Please inform us should you require any specific accommodation to facilitate your application
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.
For applications to be valid, they must contain a motivation letter and the filled Personal History Form.