Senior Cybersecurity Operations (Vulnerability Management & Incident Response)

Job Posting Organization:
The United Nations Relief and Works Agency for Palestine Refugees in the Near East (UNRWA) was established by the United Nations General Assembly in 194

• Its primary mission is to provide assistance and protection to approximately 5.8 million registered Palestine refugees across Jordan, Lebanon, Syria, the West Bank, and the Gaza Strip. UNRWA aims to help these refugees achieve their full potential in human development while awaiting a just resolution to their plight. The agency operates the largest UN operation in the Middle East, employing over 30,000 staff members and offering a wide range of services, including education, healthcare, relief and social services, camp infrastructure improvement, microfinance, and emergency assistance. UNRWA is primarily funded through voluntary contributions from UN member states, regional bodies, business foundations, and individual donors. The organization is committed to making a tangible difference in the lives of one of the most vulnerable communities in the world, and it actively seeks individuals who share this vision to join its team.

Job Overview:
The Senior Cybersecurity Operations role focuses on Vulnerability Management and Incident Response, reporting directly to the Chief Digital Risk Officer. The position is critical in ensuring the security" style="border-bottom: 1px dotted #007bff !important;">security of UNRWA's digital assets and infrastructure. The incumbent will be responsible for aggregating, analyzing, and prioritizing vulnerabilities identified from various sources, including application security testing and infrastructure vulnerability scans. The role requires performing risk-based triage of vulnerabilities, coordinating remediation activities with IT and application owners, and tracking remediation progress. Additionally, the Senior Cybersecurity Operations professional will actively support Security Operations Center (SOC) operations in detecting, analyzing, containing, and remediating security incidents. This includes monitoring security tools in real-time, executing predefined playbooks for common alert types, and documenting incidents accurately. The position also involves governance and continuous improvement, ensuring alignment with internal security policies, identifying systemic weaknesses, and providing strategic risk guidance for IT projects. The role is essential for maintaining the integrity and security of UNRWA's operations and assets.

Duties and Responsibilities:
The duties and responsibilities of the Senior Cybersecurity Operations position include:

• Aggregating, analyzing, and prioritizing vulnerabilities from multiple sources, including application security testing and infrastructure vulnerability scans.
• Performing risk-based triage of vulnerabilities, considering exploitability, business impact, and threat context.
• Coordinating remediation activities with IT, infrastructure, and application owners.
• Tracking remediation progress and validating the closure of vulnerabilities.
• Maintaining vulnerability metrics, dashboards, and regular status reports.
• Supporting SOC operations in the detection, analysis, containment, and remediation of security incidents.
• Monitoring SIEM, EDR, and security tools in real-time; triaging and classifying incoming alerts.
• Executing predefined playbooks and SOPs for common alert types such as phishing and malware.
• Performing basic IOC lookups using threat intelligence platforms and open-source tools. 1
• Documenting all incidents in the ticketing system with accurate severity, context, and initial findings. 1
• Escalating confirmed or complex incidents to Tier 2 with complete supporting evidence. 1
• Reporting recurring false positives and log ingestion gaps to support detection tuning. 1
• Ensuring alignment of vulnerability and incident management activities with internal security policies. 1
• Identifying systemic weaknesses and proposing improvement actions. 1
• Providing regular reporting to security leadership on vulnerability trends and incident insights. 1
• Supporting security incidents affecting organizational assets, including sensitive data and intellectual property. 1
• Monitoring the external threat environment for emerging threats and advising stakeholders on appropriate actions. 1
• Performing technical security assessments and developing remediation strategies for identified vulnerabilities. 1
• Providing active support to users for daily security requests, including SASE requests and firewall requests.

Required Qualifications:
The required qualifications for the Senior Cybersecurity Operations position include:

• An advanced university degree (master's or equivalent) from an accredited educational institution in Information Technology or a related field.
• A minimum of six (6) years of relevant professional experience in cybersecurity, with demonstrated expertise in vulnerability management.
• Experience in Security Operations Center (SOC), systems and infrastructure management, and/or application security is required.
• Excellent command of English and Arabic, both spoken and written, is mandatory.
• Professional cybersecurity certifications related to vulnerability management, such as Certified Ethical Hacker (CEH), CompTIA Security+, GIAC certifications, or Offensive Security Certified Professional (OSCP) are desirable.
• Knowledge of Palestine refugees and/or humanitarian response and development in the Middle East context is also desirable.

Educational Background:
Candidates must possess an advanced university degree (master's or equivalent) from an accredited educational institution in Information Technology or a related field. This educational background is essential to ensure that the candidate has the necessary theoretical knowledge and practical skills required for the role.

Experience:
Candidates are required to have a minimum of six (6) years of relevant professional experience in the field of cybersecurity. This experience should include demonstrated expertise in vulnerability management, as well as familiarity with Security Operations Center (SOC) operations, systems and infrastructure management, and application security. The level of experience is crucial for the candidate to effectively handle the responsibilities associated with the position and to contribute to the overall security posture of UNRWA.

Languages:
For this position, proficiency in both English and Arabic is required. Candidates must demonstrate a strong command of these languages, as they are essential for effective communication within the organization and with external stakeholders. The UN Language Framework specifies that candidates should meet at least UN Level III proficiency in reading, writing, listening, and speaking for both languages. While knowledge of French is not mandatory, it may be considered an asset in the context of UN operations.

Additional Notes:
The position is offered as a Limited Duration Contract (LDC), Band G, initially for one year, with the possibility of extension based on the availability of funds, satisfactory performance, and continuing need. The monthly basic salary for this position is JD 1,538.40, and additional benefits include compulsory medical insurance, 30 days of annual leave, and a dependency allowance if applicable. Employees are entitled to 2 days of sick leave for each complete month of service and 12 weeks of maternity leave. This job opening is open to both internal and external candidates, but only those residing in Jordan and within commuting distance of the duty station with authorization to work in Jordan are eligible to apply. UNRWA will not facilitate the issuance of work permits, and candidates must have a valid work permit at the time of application. Preference will be given to registered Palestine refugees and candidates who assist the Agency in achieving gender parity. All applications must be submitted through UNRWA's online e-recruitment system, and late applications will not be accepted. The evaluation process may include an assessment exercise followed by a competency-based interview.