Senior Cybersecurity Operations (VMIR), G

The Senior Cybersecurity Operations (Vulnerability Management & Incident response) is responsible for managing vulnerabilities, supporting Security Operations Center activities, and ensuring alignment with security policies at UNRWA. The role involves risk-based triage, coordination of remediation, incident detection and response, governance, and continuous improvement of cybersecurity operations.

Responsibilities

• Aggregates, analyzes, and prioritizes vulnerabilities identified from multiple sources including application security testing, infrastructure and network vulnerability scans, external attack surface monitoring and threat intelligence feeds.
• Performs risk-based triage of vulnerabilities considering exploitability, business impact, and threat context.
• Coordinates remediation activities with IT, infrastructure, and application owners.
• Tracks remediation progress and validates closure of vulnerabilities.
• Maintains vulnerability metrics, dashboards, and regular status reports.
• Supports SOC operations in detection, analysis, containment, and remediation of security incidents.
• Monitors SIEM, EDR, and security tools in real time; triages and classifies incoming alerts as true or false positives.
• Executes predefined playbooks and SOPs for common alert types such as phishing, malware, brute force.
• Performs basic IOC lookups using threat intelligence platforms and open-source tools.
• Documents all incidents in the ticketing system with accurate severity, context, and initial findings.
• Escalates confirmed or complex incidents to Tier 2 with complete supporting evidence.
• Reports recurring false positives and log ingestion gaps to support detection tuning.
• Ensures alignment of vulnerability and incident management activities with internal security policies and risk management practices.
• Identifies systemic weaknesses and recurring issues and proposes pragmatic improvement actions.
• Provides regular reporting to security leadership on vulnerability trends, incident insights, and risk exposure.
• Provides active support during security incidents and events affecting organizational assets including intellectual property, sensitive data, and reputation.
• Provides strategic risk guidance for IT projects including evaluation and recommendation of technical controls.
• Ensures security programs comply with relevant rules, regulations, policies and standards to minimize or eliminate risks and audit findings.
• Monitors external threat environment for emerging threats and advises relevant stakeholders on appropriate courses of action.
• Performs technical security assessments and develops strategies for remediating vulnerabilities and risks identified.
• Provides active support to users for daily security requests including SASE requests, web filtering, firewall requests.

Requirements

• Advanced university degree (master's or equivalent) from an accredited educational institution in Information Technology or related field.
• Minimum six (6) years of relevant professional experience is required.
• Demonstrated expertise in vulnerability management is required.
• Experience in Security Operations Center (SOC), systems and infrastructure management, and/or application security is required.
• Excellent command of English and Arabic (both spoken and written) is required.
• Professional cybersecurity certifications related to vulnerability management, such as Certified Ethical Hacker (CEH), CompTIA Security+ / PenTest+, GIAC certifications, or Offensive Security Certified Professional (OSCP) is desirable.
• Knowledge of Palestine refugees and/or humanitarian response and development in the Middle East context is desirable.
• Candidates must confirm completion of mandatory probation period if currently holding a contract of 1 year or more with UNRWA.
• Candidates must currently reside in the duty station and specify their current location.
• Candidates must disclose involvement in any outside activities including employment, consultancy, board membership, public speaking/writing, teaching, conferences, training, voluntary work, political activity, fundraising, business ownership, or work for government/NGO/private company/charity/UNRWA partner/vendor.
• Applicants must provide complete and accurate information in the application and comply with UNRWA's standards and values.
• Applicants must not have committed violations of international human rights law, humanitarian law, sexual exploitation, abuse or harassment, or crimes other than minor traffic offences.
• UNRWA does not charge any fee at any stage of recruitment and onboarding process.

Skills

• Vulnerability Management
• Security Operations Center
• Systems Management
• Infrastructure Management
• Application Security
• Incident Response
• Risk-based Triage
• Cyber Governance
• Continual Improvement
• Certified Ethical Hacker
• CompTIA Network+ Security
• PenTest+
• GIAC Certification
• Offensive Security Certified Professional
• Cybersecurity Operations

Languages

English, Arabic