Annual Salary Estimation USD 44,068 (net, single rate, including post adjustment)
Duty Station Valencia, Spain
Organizational Location/Unit Cybersecurity Engineering Unit (CSE)
Position Description
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.
Purpose of the Position:
The Cybersecurity PKI Systems Administrator will provide services to assist and support UNICC and its partners in maintaining and implementing Public Key Infrastructure (PKI) & Cryptography solutions and collaborate with other operations teams in managing certificates, encryption keys, authentications, authorization, and similar activities.
Objectives of the Programme:
UNICC provides the digital foundations that support the digital transformation and future of the UN system and other international organizations.
Main duties and responsibilities:
* Support the setup and configuration of Public Key Infrastructure (PKI) systems, following predefined guidelines and standards in mixed and hybrid environments.
* Help implement automation processes for distributing digital certificates as part of the user onboarding and offboarding process, under the guidance of senior staff.
* Assist in configuring and maintaining both physical and virtualized infrastructure; ensuring secure connections according to established best practices.
* Under guidance of a senior staff, assist in the deployment and management of multi-factor authentication solutions, including certificate-based and non-certificate-based methods.
* Help create and update documentation related to business continuity, ensuring all processes are clearly recorded and easily accessible.
* Follow established best practices and the zero trust principle to support the enforcement of security measures related to organizational certificate usage.
* Following the organization’s agreed-upon policies and procedures, assist in administering backups of various security solutions.
* Provide assistance during internal and external audits by helping to compile and present the current status of PKI, Cryptography, and MFA solutions within the organization.
* Provide on-call services to support the 24×7 cybersecurity service needs.
Other:
* Provide other ad hoc support either within the team or in other teams as required – this includes the participation in special projects or support to service delivery for short periods of time on a part-time or full-time basis upon request from the senior management.
* The incumbent may be requested to provide support during weekends, holidays or outside working hours as well as to serve as a “stand-by” officer on a rotation basis.
Recruitment Profile
Experience and Skills required:
* At least five (5) years of experience in one or more of the following areas: Certificate-based authentication, encryption, signature, and related usages onto data protection solutions field / Deployment and management of Hardware Security Modules / Deployment and configuration of PKI solutions, including and not limited to EJBCA, Azure, Dogtag, OpenXPKI.
* A completed university degree from an accredited institution will be counted towards minimum work experience requirements.
* Strong understanding of Federation Protocols (Oauth, SAML, OpenID), and Single Sign-On (SSO) models.
* Strong understanding of key ceremony process and its documentation; experience with managing quorum rotation and transfer of responsibility.
* Proficiency in scripting languages (e.g., PowerShell, Python) to automate routine tasks, streamline processes, and perform bulk operations for directory services.
* In-depth knowledge of EJBCA usage together with HSMs.
* Understanding of Post-Quantum cryptography and its compatibility matrix.
* Understanding of security control frameworks and zero trust approach.
* Experience in VIP Symantec management and deployment.
* Project management skills and ability to work on multiple projects under strict timelines.
* Experience with security incident response and management process relying on ServiceNow.
* Experience and understanding of Cloud WAF and DDOS protection management.
* PowerShell knowledge with proven experience in automating auto-enrollment for customized PKI solutions.
* Understanding of CyberArk database/vault methodologies, management, and maintenance.
Education:
* Successful completion of secondary school education or its equivalent, supplemented by specialized training in IT.
* KeyFactor University Certificates.
Languages:
* English: Expert knowledge is required.
* Knowledge of the local language of the Duty Station will be an advantage.
Other Information
This position is subject to local recruitment pursuant to staff rule 4.4 of the United Nations Staff Rules. All staff in the General Service and related categories shall be recruited in the country or within commuting distance of each office, irrespective of their nationality and of the length of time they may have been in the country. A staff member subject to local recruitment shall not be eligible for the allowances or benefits exclusively applicable to international recruitment.
Compensation:
Annual Salary Estimation (net of tax at single rate):
UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility, other benefits such as relocation grant, dependency allowance, language allowance, or education grant.
Closing date for applications:
Applications will be accepted until midnight (Geneva Time) on 05 February 2025.
Notes:
* Technical and/or personality tests may be carried out as part of the selection process.
* Only short-listed candidates will be contacted.
* Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position.
Please inform us should you require any specific accommodation to facilitate your application.
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.
For applications to be valid, they must contain a motivation letter and the filled Personal History Form.
Apply Online
Title *
First Name *
Last Name *
Email *
A valid email address is required.
Country of Origin *
Date of Birth *
Current Location *
Where have you heard first about this Vacancy? *
#J-18808-Ljbffr