IMPORTANT NOTICE REGARDING APPLICATION DEADLINE\: please note that the deadline for applications is indicated in local time as per the time zone of the applicant’s location.
1. Organizational Context
a. Organizational Setting
This post is located in the Information Security Section, Security and Information Assurance Division (SIAD) within the Administration, Finance and Management Sector. This Division is responsible for the management of all aspects of WIPO's information and physical security and safety and ensures that appropriate policies and procedures are in place and effective measures and controls are established to assess and mitigate threats/risks to the Organization. In particular, the Division defines the controls for the implementation of information security technologies and monitors if adequate assurance is maintained over WIPO's information assets. The Division also provides professional safety and security services for WIPO staff, its delegates and visitors and ensures the protection of the Organization's facilities and assets. Appropriate balance of the roles between "service" and "control" is the key for its success in enabling and sustaining WIPO's operations in an environment with increasing demands for openness and connectivity on the one hand and rapidly evolving information security risks on the other hand.
b. Purpose Statement
Serving as the principal technical authority on cloud information security, the incumbent is responsible for defining and executing the security strategy for WIPO's multi-cloud and hybrid environments. This role ensures that the Organization's business solutions are resilient and compliant by embedding security-by-design principles directly into cloud architectures in close collaboration with the Architectural Solutions Groups. The incumbent drives the secure adoption of cloud services by establishing standardized patterns, automation guardrails, and advanced protection technologies, thereby enabling application teams to innovate efficiently while maintaining a robust security posture against evolving threats.
c. Reporting Lines
The incumbent works under the supervision of the Head of the Information Security Section.
d. Work Relations
The incumbent works closely with peers within the division and collaborates across the Organization with colleagues from the Cloud Centre of Competence, Business Applications and Architectural Solutions Group.
2. Duties and Responsibilities
The incumbent will perform the following principal duties\:
a. Secure Cloud Architecture and Design
Serve as the principal technical authority for secure cloud architecture, designing and validating secure landing zones and reference architectures for AWS and other major public clouds (Azure/GCP).
Collaborate with the Senior Security Architect to define and maintain security patterns for common workloads, ensuring alignment with WIPO's policies and industry standards.
Develop and implement frameworks to detect and remediate architectural drift, ensuring continuous alignment with security baselines.
b. Infrastructure as Code (IaC) and Automation
Lead the development and maintenance of reusable Infrastructure as Code (IaC) modules (e.g., CloudFormation, Terraform) to ensure the secure, repeatable, and auditable provisioning of cloud resources.
Engineer and maintain automation scripts (Python, PowerShell, Bash) to enhance deployment reliability, security configuration, and operational efficiency.
Audit IaC implementations to ensure adherence to best practices and integrate automated security checks and policy enforcement into CI/CD pipelines.
c. Cloud Security Controls and Tooling Integration
Implement, document, and operate comprehensive cloud security baselines, including identity and access models (IAM), network segmentation, encryption standards, and secrets management.
Orchestrate the integration and optimization of CrowdStrike and other cloud-native security technologies into WIPO's environments (including containers and serverless), creating associated playbooks and configuration documentation.
Secure container orchestration platforms (Kubernetes, EKS/AKS/GKE) by implementing image scanning, policy enforcement, and runtime protection measures.
Collaborate with application security and development teams and development teams to embed security into the application lifecycle, providing remediation guidance and threat modeling input.
d. Operations, Reliability, and Incident Response
Provide senior leadership in optimizing WIPO's cloud environments to ensure availability, resilience, and cost-efficiency.
Establish and enhance observability, monitoring, and alerting for critical services, ensuring full coverage of security-relevant events.
Develop and maintain runbooks and incident response procedures for cloud events, leading the technical analysis, containment, and remediation of security incidents in coordination with the Security Operations Center.
Design and support disaster recovery and business continuity strategies for cloud workloads.
e. Governance, Compliance, and Knowledge Management
Refine and apply cloud governance frameworks, including account structures, tagging standards, and guardrails, to ensure compliance with WIPO policies and external standards (e.g., ISO 27001, CIS).
Develop and maintain comprehensive technical documentation, including architecture diagrams, standard operating procedures (SOPs), and configuration baselines.
Build organizational capacity by creating technical guidelines and delivering training/awareness sessions to mentor ICT and project teams on secure cloud engineering practices.
f. Other Duties
Coordinate with vendors and service providers to ensure external solutions meet WIPO's technical and security requirements.
Perform other related duties as required.
3. Requirements
Education (Essential)
Advanced university degree in information security, computer science, engineering, mathematics, business, or related discipline. A first-level university degree in a relevant discipline plus two years of relevant experience in addition to the experience requested below may be accepted in lieu of an advanced degree.
CISSP and AWS Certified Solution Architect Associate certifications.
Education (Desirable)
Additional certifications such as, Microsoft Azure Solution Architect Associate.
SANS SEC588 Cloud Penetration testing (or equivalent).
SANS SEC540 Cloud Native Security and DevSecOps Automation. (or equivalent).
OSWA Offsec Web Assessor or OSWE Offisec Web Expert.
Experience (Essential)
A minimum of seven years working in the field of information security in an engineering or analysis capacity.
At least three years of hands-on experience in cloud security and engineering, with specific expertise in AWS and at least one other major public cloud platform (Azure or GCP).
Proven track record in designing, deploying, and operating secure cloud workloads in production environments.
Experience (Desirable)
Demonstrated experience in Infrastructure as Code (IaC) and automation, specifically using Terraform or CloudFormation to deploy secure cloud resources.
Practical experience in securing container orchestration platforms (e.g., Kubernetes, EKS, AKS, GKE) and integrating security controls into CI/CD pipelines.
Proven track record of designing and operating security controls in production environments, including identity management (IAM), network security, and encryption.
Experience working in large, complex, or regulated environments (such as international organizations, the public sector, or the financial industry).
Language (Essential)
Excellent written and spoken knowledge of English.
Language (Desirable)
Knowledge of other UN official languages, particularly French.
Job Related Competencies (Essential)
Deep knowledge of AWS, Azure, or GCP security services and configurations.
Proficiency in scripting (Python, PowerShell or Bash) and IaC frameworks (Terraform or CloudFormation).
Hands on knowledge of container security (Docker, Kubernetes) and endpoint/workload protection tools (CrowdStrike).
Familiarity with DevSecOps principles, CI/CD pipelines, and security automation.
Strong analytical, conceptual and problem-solving skills with the ability to address complex technical and security challenges.
Effective communication skills, including the ability to explain complex technical issues to non-technical stakeholders and to produce clear technical documentation.
Demonstrated ability to work collaboratively in multicultural and cross-functional teams, building constructive relationships with stakeholders.
Strong sense of initiative, ownership and accountability, with a focus on service quality and continuous improvement.
High level of integrity, professionalism and discretion in handling sensitive information and systems.
Ability to provide technical guidance and mentoring to colleagues and project teams, contributing to the development of organizational capabilities in secure cloud engineering.
Job Related Competencies (Desirable)
Hands on knowledge of application security (AppSec), secure software development lifecycles (SSDLC), or DevSecOps practices.
Hands on knowledge of advanced threat protection tools (e.g., CrowdStrike) and their integration into cloud workloads.
4. Organizational Competencies
1. Communicating effectively.
2. Showing team spirit.
3. Demonstrating integrity.
4. Valuing diversity.
5. Producing results.
6. Showing service orientation.
7. Seeing the big picture.
8. Seeking change and innovation.
9. Developing yourself and others.
5. Information
Annual salary\:
Total annual salary consists of a net annual salary (net of taxes and before medical insurance and pension fund deductions) in US dollars and a post adjustment. Please note that this estimate is for information only. The post adjustment multiplier (cost of living allowance) is variable and subject to change (increase or decrease) without notice. The figures quoted below are based on the March 2026 rate of 90.5%.
P4 |
||||
Annual salary |
$77,326 |
|||
Post adjustment |
$69,980 |
|||
Total Salary |
$147,306 |
|||
Currency USD |
||||
Salaries and allowances are paid in Swiss francs at the official rate of exchange of the United Nations.
Please refer to WIPO’s Staff Regulation and Rules for detailed information concerning salaries, benefits and allowances.
Additional Information
Temporary appointments are renewable, subject to continuing needs, availability of budget and satisfactory performance with a maximum cumulative length of two years.
Applications from qualified women as well as from qualified nationals of unrepresented Member States of WIPO and underrepresented geographical regions are encouraged. Please click on the following links for the list of unrepresented Member States and the list of underrepresented regions and the WIPO Member States in these regions.
The Organization reserves the right to make an appointment at a grade lower than that advertised.
___________________________________________________________________
By completing an application, candidates understand that any willful misrepresentation made on this web site, or on any other documents submitted to WIPO during the application, may result in disqualification from the recruitment process, or termination of employment with WIPO at a later date, if that employment resulted from such willful misrepresentations.
In the event that your candidature is shortlisted, you will be required to provide, in advance, a scanned copy of your identification and the degree(s)/diploma(s)/certificate(s) required for this position. WIPO recognizes higher educational qualifications obtained from institutions accredited/recognized in the World Higher Education Database (WHED), a list maintained by the International Association of Universities (IAU) / United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed here\: http\://www.whed.net/. Some higher educational qualifications may not be listed in WHED, and will be reviewed on a case-by-case basis.
Additional testing/interviewing may be used as a form of screening. Initial appointment is subject to satisfactory professional references.
Additional background checks may be required.