Penetration Testing Consultant

The service provider shall conduct penetration testing using a combination of automated and manual techniques. Testing must cover infrastructure, application, and configuration vulnerabilities. The provider shall maintain detailed exploitation evidence while ensuring system stability and data integrity during testing.

Specifically, shall:

• Perform security testing within defined scope boundaries
• Follow documented testing methodologies
• Maintain system stability during testing activities
• Document all identified vulnerabilities with evidence
• Validate findings to eliminate false positives
• Report critical or high severity findings immediately upon discovery

Optional requirements:

• IoT/OT device security assessment

• 4+ years of security testing experience
• One or more of the following certifications:
• OSWE (OffSec Web Expert)
• OSCP (OffSec Certified Professional)
• OSEP (OffSec Experienced Penetration Tester)
• OSCE (OffSec Certified Expert)
• OSEE (OffSec Exploitation Expert)
• CREST Registered Penetration Tester

UNICC serves as the shared digital services provider for the United Nations ecosystem, delivering technology solutions to UN agencies and partners. In this capacity, UNICC must ensure the security and integrity of digital assets across the UN family through comprehensive security assessment services.