Current vacancies

UNICEF works in over 190 countries and territories to save children’s lives, defend their rights, and help them fulfill their potential, from early childhood through adolescence.

At UNICEF, we are committed, passionate, and proud of what we do for as long as we are needed. Promoting the rights of every child is not just a job – it is a calling.

UNICEF is a place where careers are built. We offer our staff diverse opportunities for professional and personal development that will help them reinforce a sense of purpose while serving children and communities across the world. We welcome everyone who wants to belong and grow in a diverse and passionate culture. coupled with an attractive compensation and benefits package.

Visit our website to learn more about what we do at UNICEF.

For every child, a digital future

UNICEF’s Information Security section is advancing its strategic initiative to strengthen the organization’s cybersecurity architecture and engineering capabilities. This effort is critical to ensure that digital platforms, ICT systems, and cloud-based services are designed and operated with robust, scalable, and sustainable security controls. As part of this initiative, the organization is modernizing its security architecture, conducting in-depth assessments of infrastructure and applications, and embedding security into the software development lifecycle through DevSecOps practices. Given the technical complexity and cross-functional nature of this work—spanning secure design, threat modeling, infrastructure hardening, and automation—dedicated expertise is required to accelerate implementation and ensure architectural consistency across systems.

 How can you make a difference?

The organization seeks to engage a consultant with deep experience in security architecture, cloud security, and secure engineering practices. The consultant will work closely with internal teams to design secure solutions, conduct assessments, develop hardened deployment templates, and automate security operations. This role will also support the integration of detection capabilities and contribute to the development of reusable security blueprints and governance models. The consultant will play a key role in operationalizing secure design principles across the organization’s digital ecosystem, ensuring that security is embedded by design and aligned with both technical and business objectives.

Objectives of this engagement:

• Strengthen cybersecurity architecture and engineering practices across the organization.

• Integrate security practices into the software development lifecycle.

• Support the modernization and secure migration of applications to cloud environments.

• Conduct security assessments and threat modeling for ICT systems and applications.

• Automate security reviews and hardening tasks using scripting and infrastructure-as-code.

• Promote organization-wide adoption of secure development and threat detection practices.

• Contribute to the implementation of security monitoring and detection capabilities.

 Scope of Work:

The consultant will work under the direction of the Security Architecture and Engineering manager and collaborate closely with technical teams and business stakeholders. The scope of work includes the following responsibilities:

1. Security Architecture

• Conduct security architecture reviews for ICT systems, platforms, and applications.

• Design and document secure architecture blueprints, including CI/CD pipelines, Azure Policies, and Infrastructure-as-Code (IaC) templates.

• Modernize and re-architect legacy ICT systems and applications to align with secure design principles.

• Coordinate and support the migration of legacy applications to cloud environments.

• Develop reusable deployment templates and configuration baselines for critical systems.

• Conduct infrastructure and platform security assessments.

• Utilize scripting languages and low-code/no-code tools (e.g., PowerShell, Python, LogicApps) to automate hardening tasks, security assessments and architecture reviews.

2. Application Security

• Support the adoption of the Application Security Framework across the organization.

• Develop threat modeling guidelines and conduct threat modeling exercises for ICT systems and applications.

• Conduct application security assessments and penetration tests.

• Support the adoption of DevSecOps tools and best practices by development teams.

• Integrate security testing into CI/CD pipelines and provide secure coding guidance.

3. Integrations, Automations and Detection Engineering

• Support the implementation of security monitoring and threat detection capabilities in applications and ICT systems.

• Integrate relevant data sources into the organization’s SIEM solution.

• Contribute to detection engineering efforts by building rules, analytics and dashboards. 

4. Global Cyber Resilience Initiative

• Support field offices in developing their security roadmaps and implementation of planned mitigations.

• Coordinate and support the migration of legacy applications to cloud environments.

5.Other areas

• Perform routine and ad hoc security assessments and risk analyses. Prepare reports including assessment findings, outcomes, and recommendations.

• Deliver targeted training sessions and webinars on security related matters.

To qualify as an advocate for every child you will have… 

Minimum requirements:

• Education:

Required: Bachelor's degree or equivalent in Computer Science, Information Technology, Cybersecurity, Engineering, or related technical field.

Desirable: Master's degree in Cybersecurity, Information Security, Computer Science, or related discipline. Additional relevant academic qualifications such as graduate certificates in cybersecurity, cloud computing, or information systems security.

Knowledge/Expertise/Skills required *:

• Proficiency in using security assessment tools and technologies (e.g., OpenVAS, OWAPS ZAP, Metasploit, Burp Suite).
• Proficiency with SAST, DASN and IAST tools, such as Github Advanced Security and Veracode.
• In-depth knowledge of application security principles, threat modeling, and risk management.
• Strong knowledge of cloud application security and cloud hosting environments (e.g. Azure, AWS).
• Good interpersonal skills and ability to work collaboratively within a dynamic environment, including ability to develop relationships and build trust with a diverse range of stakeholders.
• Ability to handle multiple assignments with competing deadlines. Able to work under pressure, meet tight deadlines, and capacity to work long hours when required.

• Language Requirement: Fluency in English (verbal and written) is required.

For every Child, you demonstrate...

UNICEF’s Core Values of Care, Respect, Integrity, Trust and Accountability and Sustainability (CRITAS) underpin everything we do and how we do it. Get acquainted with Our Values Charter: UNICEF Values

The UNICEF competencies required for this post are…(1) Builds and maintains partnerships, (2) Demonstrates self-awareness and ethical awareness, (3) Drive to achieve results for impact, (4) Innovates and embraces change,(5) Manages ambiguity and complexity, (6) Thinks and acts strategically, (7) Works collaboratively with others. Familiarize yourself with our competency framework and its different levels.

UNICEF promotes and advocates for the protection of the rights of every child, everywhere, in everything it does and is mandated to support the realization of the rights of every child, including those most disadvantaged, and our global workforce must reflect the diversity of those children. The UNICEF family is committed to include everyone, irrespective of their race/ethnicity, disability, gender identity, sexual orientation, religion, nationality, socio-economic background, minority, or any other status.

UNICEF encourages applications from all qualified candidates, regardless of gender, nationality, religious or ethnic backgrounds, and from people with disabilities, including neurodivergence. We offer a wide range of benefits to our staff, including paid parental leave, breastfeeding breaks and reasonable accommodation for persons with disabilities. UNICEF provides reasonable accommodation throughout the recruitment process. If you require any accommodation, please submit your request through the accessibility email button on the UNICEF Careers webpage Accessibility | UNICEF. Should you be shortlisted, please get in touch with the recruiter directly to share further details, enabling us to make the necessary arrangements in advance.

UNICEF does not hire candidates who are married to children (persons under 18). UNICEF has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and UNICEF, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination based on gender, nationality, age, race, sexual orientation, religious or ethnic background or disabilities. UNICEF is committed to promote the protection and safeguarding of all children. All selected candidates will, therefore, undergo rigorous reference and background checks, and will be expected to adhere to these standards and principles. Background checks will include the verification of academic credential(s) and employment history. Selected candidates may be required to provide additional information to conduct a background check, and selected candidates with disabilities may be requested to submit supporting documentation in relation to their disability confidentially.

UNICEF appointments are subject to medical clearance.  Issuance of a visa by the host country of the duty station is required for IP positions and will be facilitated by UNICEF. Appointments may also be subject to inoculation (vaccination) requirements, including against SARS-CoV-2 (Covid). Should you be selected for a position with UNICEF, you either must be inoculated as required or receive a medical exemption from the relevant department of the UN. Otherwise, the selection will be canceled.

Remarks:  

As per Article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity.

UNICEF is committed to fostering an inclusive, representative, and welcoming workforce. For this position, eligible and suitable female applicants are encouraged to apply.

Government employees who are considered for employment with UNICEF are normally required to resign from their government positions before taking up an assignment with UNICEF. UNICEF reserves the right to withdraw an offer of appointment, without compensation, if a visa or medical clearance is not obtained, or necessary inoculation requirements are not met, within a reasonable period for any reason. 

UNICEF does not charge a processing fee at any stage of its recruitment, selection, and hiring processes (i.e., application stage, interview stage, validation stage, or appointment and training). UNICEF will not ask for applicants’ bank account information.

All UNICEF positions are advertised, and only shortlisted candidates will be contacted and advanced to the next stage of the selection process. An internal candidate performing at the level of the post in the relevant functional area, or an internal/external candidate in the corresponding Talent Group, may be selected, if suitable for the post, without the assessment of other candidates.

Additional information about working for UNICEF can be found here.