Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Job Description
Job Title: Cybersecurity Consultant – Web Application Penetration Tester (Contract)
Location: Remote
Contract Duration: Starting 1 September 2025 (with project completion by 31 December 2025)
Organization: United Nations Office on Drugs and Crime (UNODC)
Application Deadline: 19 May 2025, 03:00 PM Vienna Time
Type: Short-term Consultancy / Project-Based
Project Summary:
UNODC is seeking a qualified and experienced Cybersecurity Consultant or Firm to conduct a penetration test and security assessment of the goAML web application. The consultant will be responsible for performing a comprehensive evaluation of the application's security posture, identifying vulnerabilities, and providing remediation recommendations in alignment with international standards.
Key Responsibilities:
- Plan and execute penetration testing on the goAML web application using industry-standard methodologies.
- Perform risk assessments and identify vulnerabilities across the web application's exposed interfaces and services.
- Deliver a comprehensive final report detailing:
- Methodology and tools used
- Summary and key findings
- Risk assessment and severity levels
- Reproduction steps for each finding
- Remediation recommendations (short and long term)
- Provide a retest report to verify implementation of recommended fixes.
- Maintain confidentiality and ensure all testing artifacts are handled securely.
- Ensure compliance with NIST 800-115 and OWASP Top 10 Web Security Risks.
Requirements:
Mandatory Qualifications:
- Active ISO27001 certification.
- Penetration testers must have a minimum of 5 years of experience in security testing of FINTECH applications.
- Must possess at least one of the following certifications:
- CEH, OSCP, CWAPT, GWAPT, eWPT, CISSP, or MSc in Information Security.
- Proven track record of conducting security assessments for:
- Large-scale web applications
- FINTECH solutions
- Security-critical systems
- Demonstrated experience working with governmental or international organizations.
- Full commitment to:
- Internationally recognized testing standards
- Confidentiality
- Providing a complete and verifiable risk report
Technical Environment:
- Application built on .NET 8, hosted on IIS
- Angular SPA, APIs developed in C# WebApi/REST
- ~218 API endpoints, 30+ screens, 2FA enabled
- MVC, Web API, and OData Controllers
- Authentication via cookies, Bearer, and optionally Basic Auth
- Uses WebSockets and role-based access control (RBAC)
Deliverables:
- Initial penetration testing and comprehensive security report
- Verification (retest) of resolved vulnerabilities within 60 days
- Addendum report confirming implemented fixes
- Compliance with all terms outlined by UNODC
Evaluation Criteria:
- Technical compliance with requirements
- Competitive pricing
- Proven capacity to deliver remotely, securely, and on time
*******