ICT Technician Jobs - Software Security Specialist at UNOPS mission in Entebbe, Uganda

Job title: Software Security Specialist
UNOPS mission is to expand the capacity of the UN system and its partners to implement peacebuilding, humanitarian and development operations that matter for people in need.
Duties and  Responsibilities

The successful candidate will perform work as part of a comprehensive ICT security risk management program and will perform other duties as required. Responsibilities:

    Develop application security design specifications, and design application security architecture.
    Provide direction and technical guidance to developers implementing security design requirements.
    Develop security test designs and ensure that security code reviews, unit and module tests are continuously performed during the software development life-cycle.
    Ensure that all security requirements and associated controls are implemented as per the determined requirements and that their effectiveness is verified prior to releasing the code to other environments.
    Interact with project management, operational, and security groups, and other stakeholders on security related issues.
    Assist documenting security controls and detailed procedures to facilitate secure deployment of the system.
    Provide guidance to software developers to ensure that insecure internal development practices and other matters that might jeopardize the security of a developed system are timely and effectively addressed.
    Perform regular reviews of developed code to timely highlight vulnerabilities, and provide recommendations to address identified vulnerabilities.
    Evaluate bug reports, security exploit reports, and other information security notices issued by vendors and other relevant and reputable professional security sources and makes recommendations to take precautionary steps.
    Provide assistance with security incident investigations and technical forensic analyses.
    Perform vulnerability scans to identify deficiencies in systems configuration, the need for the update or other security related changes; Perform other type of security reviews in accordance with specific instructions provided by the Security Coordinator/Manager.
    Develop security awareness content; Plan and coordinate delivery of ICT security awareness content to developers and other operational groups.
    Collect and consolidate ICT security metrics, prepare performance and ICT security status reports.
    Keep abreast of developments in the field of ICT security and participate in the evaluation of new security solutions and methodologies.
    Provide security coaching and training.
    Perform other duties as required.

Competencies Professionalism:

Strong theoretical background and substantial experience in Information and Communications Technology (ICT), particularly in the areas of software development, compliance, incident management, security testing, and web application security. Extensive knowledge of the ICT governance, polices and security concepts. Strong analytical and problem solving skills. Ability to independently perform security assessments including application tests, reviews and to prepare recommendations to effectively address a wide range of security related issues/problems. Demonstrated ability to manage projects and work towards the achievement of defined deliverables. Client Orientation: Ability to identify and analyze client security needs and develop solution specifications to meet business requirements. Communication: Excellent communication (spoken and written) skills, including the ability to convey complex technical concepts both orally and in writing, in a clear, concise manner. Ability to formulate detailed technical reports. Planning & Organizing: Ability to organize, plan and implement work assignments, manage competing demands and work under pressure of frequent and tight deadlines. Teamwork: Strong interpersonal skills and ability to establish and maintain effective partnerships and working relations with people in a multicultural, multi-ethnic environment with sensitivity and respect for diversity.

Education/Experience/Language requirements

Education: Secondary School Diploma. A first level university degree in computer or information systems, mathematics, statistics, engineering or other related field and/or certifications such as the CISSP, SSCP, CSSLP, ITIL, Microsoft MC or SANS GIAC would be desirable. Work Experience: A minimum of 5 years of professional experience in an ICT environment is required, with at least 3 years of demonstrated cumulative experience working as a senior software engineer or software security analyst.

    Experience with the development and review of security code is required.
    Experience developing security test and remediation plans is required. Knowledge of the Software Development Life Cycle (SDLC) and the Security Development Lifecycle (SDL), as well as knowledge of secure software development practices and application security frameworks including Open Web Application Security Project (OWASP) are highly desirable.
    Working knowledge and experience with security testing methodologies and testing tools including Nesus, Netcat, Metasploit, IBM AppScan is desirable.
    Experience working with C/C++, C# programming languages, SharePoint,.NET and DNN frameworks is desirable.
    Experience with the Microsoft SQL database, database access controls, and secure data replication over SSL is desirable.

Language: Fluency in spoken and written English; knowledge of a second UN language is an advantage and sometimes a requirement. Fluency in the local language may be essential.

Certifications

CISSP, SSCP, CSSLP, ITIL, Microsoft MC or SANS GIAC would be desirable. Contract type, level and durationContract type: FTA Contract level: GS-6 Contract duration: 1 Year For more details about United Nations staff contracts, please follow this link: http://www.unops.org/english/whoweneed/contract-types/Pages/United-Nations-staff-contracts.aspx

Additional Considerations

    Please note that the closing date is midnight Copenhagen time (CET)
    Applications received after the closing date will not be considered.
    Only those candidates that are short-listed for interviews will be notified.
    Qualified female candidates are strongly encouraged to apply.
    For staff positions UNOPS reserves the right to appoint a candidate at a lower level than the advertised level of the post
    The incumbent is responsible to abide by security policies, administrative instructions, plans and procedures of the UN Security Management System and that of UNOPS.


Closing Date: Thursday, 09 May 2013  THIS IS A LOCAL CONTRACT OPEN ONLY TO UGANDAN NATIONALS.