Analista de Segurança Cibernética OffSec/DefSec (Purple Ops)

Job Posting Organization:
The United Nations Development Programme (UNDP) is a global development network established in 1965, with a mission to eradicate poverty and reduce inequalities through sustainable development. UNDP operates in approximately 170 countries and territories, working with governments and people to address development challenges. The organization emphasizes diversity, equity, and inclusion, valuing the multiplicity of nations and cultures where it operates. UNDP is committed to ensuring that all personnel are empowered to contribute to its mission and that equity and fairness are maintained in all actions.

Job Overview:
The position of Cybersecurity Analyst OffSec/DefSec (Purple Ops) is integral to the development of local institutional capacities within the framework of promoting a culture of cybersecurity. The role involves integrating offensive testing and defensive actions to continuously strengthen institutional security" style="border-bottom: 1px dotted #007bff !important;">security as part of the project BRA/25/02

• The candidate is expected to work remotely and must have the necessary infrastructure and equipment to perform their duties effectively. The position requires close collaboration with the National Justice Council (CNJ) and UNDP teams, focusing on enhancing cybersecurity measures and ensuring the integrity of information systems within the judiciary. The analyst will be responsible for executing controlled intrusion tests, identifying vulnerabilities, collaborating with defensive teams, documenting findings, and contributing to the continuous improvement of security processes.

Duties and Responsibilities:

• Execute offensive tests and attack simulations, including controlled intrusion tests and threat simulation exercises to validate security controls.
• Identify and analyze vulnerabilities and attack techniques, assessing risks associated with identified vulnerabilities.
• Collaborate with defensive teams to correct identified flaws and strengthen existing security architecture.
• Document vulnerabilities, technical findings, and mitigation recommendations, tracking the correction of identified flaws.
• Contribute to the development of innovative security testing solutions and support training for internal teams.
• Establish metrics to evaluate institutional security evolution and produce technical inputs for strategic decision-making related to cybersecurity.
• Perform other functions compatible with the functional profile as necessary for the project's success.

Required Qualifications:
Candidates must possess a Master's degree or equivalent in Information Security, Information Technology, Computer Science, Software Engineering, Telecommunications Engineering, or related fields. Alternatively, a Bachelor's degree combined with two additional years of relevant experience will be considered. Candidates with a Master's degree do not require prior professional experience, while those with a Bachelor's degree must have at least two years of experience in information security, focusing on control assessment, risk evaluation, and compliance in technological environments.

Educational Background:
A Master's degree or equivalent in a relevant field is required. A Bachelor's degree combined with two years of additional qualified experience will also be considered. The educational background should be in areas such as Information Security, Information Technology, Computer Science, Software Engineering, or Telecommunications Engineering.

Experience:
The position requires candidates with a minimum of two years of relevant professional experience in information security for those holding a Bachelor's degree. Candidates with a Master's degree do not need prior experience. Relevant experience should focus on security assessments, risk evaluation, and compliance in technological environments, with an emphasis on both offensive and defensive cybersecurity activities.

Languages:
Fluency in Portuguese is mandatory, while a basic level of English is desirable. Proficiency in additional languages may be beneficial but is not required.

Additional Notes:
This position is remote, and candidates must have suitable working conditions, including the necessary infrastructure and equipment for effective performance. The role is part of a project that emphasizes the importance of cybersecurity in the judiciary, and selected candidates will undergo rigorous reference and background checks. UNDP is an equal opportunity employer and encourages applications from diverse backgrounds, ensuring a workplace free from harassment and discrimination.