Information Security Specialist (incident response)

Position Summary

Job CategoryVacancy
Vacancy Notice NumberICC-19-VAL-660
Position TitleInformation Security Specialist (incident Response)
Position TypeFixed Term
Number of Positions1
Date of Issue15/08/2019
Date of Closing22/09/2019
Annual Salary EstimationUSD 76,495 (net, single rate, including post adjustment)
Duty StationValencia, Spain
Organizational Location/UnitInformation Security Services

Position Description

Are you an Information Security Specialist with experience in threat, anomaly detection, and with security incident response? Would you like to work for a number of prestigious clients from the United Nations system and other IOs, while being involved in a stimulating international environment? Then join the United Nations International Computing Center (UNICC) in our Valencia office, and contribute to address security challenges.

Purpose of the Position:

Provide front line support to ICC’s Partners in the area of information/cyber security and risk management consulting, and in security operations activities in collaboration with a team of information and cyber security professionals who collaborate with multiple UN agencies, IT professionals, and International Organizations.

Objectives of the Programme:

The objectives of the Centre, as stated by its mandate, are to provide information and communication technology (ICT) services (including training) on an inter-organizational basis.

Main duties and responsibilities:

The incumbent will work under the guidance and supervision of the Head of CPI and in close collaboration with the CPI team. S/he will perform the following duties:

  • Perform threat and anomaly detection, analytics and hunting, digital forensics, within a team of information security professionals
  • Perform malware reverse engineering
  • Manage security incidents involving slow moving or persistent threats across ICC and its’s partner infrastructure
  • Proactively search for and respond to security events and incidents from SIEM/SOC dashboards, Firewall (FW), Web Application Firewall (WAF), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Network Access Control (NAC) and other client data sources. Investigate security events forwarded from Level I & II Analysts and client for security risk
  • Develop and fine tune SIEM use cases and develop response process/procedure. Align SIEM/SOC use cases with business requirements using risk-based approach
  • Forensic analysis of events, images, packets and other digital evidence
  • Act as a Security Incident Response Team Lead when necessary
  • Resolve problems independently and understand escalation procedure. Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues
  • Coordinate security incident response and remediation efforts
  • Provide other ad hoc support and duties as required.

Recruitment Profile

Experience and Skills required:


  • Two years experience in one or more of the following fields is essential:
    • Leading or conducting security incident response activities
    • Reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
    • Cloud security assessments and investigations
  • Five years of experience in one or more of the following fields is essential
    • System administration
    • Network administration
    • Software development
    • Managing cloud based infrastructure (like Azure, AWS etc)
    • Implementing and designing Microsoft Active Directory services
  • Expert knowledge in one of SIEM tools like Splunk, QRadar, ArcSight, NetWitness, ELK. Knowledge in developing queries, data models and dashboards
  • Knowledge and experience in threat hunting
  • Excellent knowledge of enterprise LAN / WAN technologies, TCP/IP protocol stack, including routing, firewalling, proxies, WAF, IPS, and VPN concepts
  • Excellent command of at least one general-purpose or shell scripting language (e.g. Ruby, Bash, PowerShell, Python, etc.)
  • Basic reverse engineering skills
  • Excellent team working skills
  • Excellent written & verbal communication skills


  • Experience with digital investigation products like Encase or FTK
  • Static and dynamic code analysis on x86
  • Advanced programming skills in C/C++/.Net/Java



  • Bachelor’s equivalent university degree in computer sciences or related area
  • At least one of the following technical certifications: CSIS, CISSP, CISM, CISA, CSTA, CSTP, GCFE, OSCP, GCIH, GCIA, GPEN or other GIAC/similar certifications


  • Master’s degree in Management Information Systems, Computer Science, or Computer Engineering or similar
  • Industry certifications like, OSCP/E, CPP, ISO 27001 Lead Implementer, ISO 27001 lead auditor, cloud security certifications like CCSP


  • Expert knowledge of English is required
  • Working knowledge of French is desirable

ICC Global Competencies:

  • Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes
  • Communicating in a credible and effective way: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared
  • Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change
  • Fostering integration and teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts
  • Building and promoting partnerships across the organization and beyond: Develops and strengthens internal and external partnerships that can provide information, assistance and support to ICC. Identifies and uses synergies across the Organization and with external partners

Other Information


Annual Salary Estimation (net of tax at single rate), including post adjustment (27% on August 2019): US$ 76,495.

UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grant, dependency allowance, language allowance, or education grant.

Closing date for applications:

Applications will be accepted until midnight (Geneva Time) on 22 September 2019.


  • Technical and/or personality tests may be carried out as part of the selection process
  • Only short-listed candidates will be contacted
  • Though you may not be selected for this advertised position, the ICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

Applications from women are particularly encouraged for this vacancy