Senior Cybersecurity Specialist – Vulnerability Management

Under the general supervision of the Chief TECI and the direct supervision of the Head of Cybersecurity Operations, the incumbent will be part of a team supporting the evolution of WFP’s vulnerability and exposure management capabilities toward a more risk-driven and exposure-focused approach. In an environment where vulnerabilities are identified and exploited at increasing speed, the role will focus on prioritizing risk based on exploitability, business impact, and actual exposure rather than relying solely on severity-based models.

The incumbent will act as a central coordination and analytical function, responsible for identifying, contextualizing, and prioritizing vulnerabilities across WFP’s digital environments. The role will drive and influence remediation outcomes through structured orchestration, risk-based articulation and prioritization, and stakeholder engagement. A key aspect of the assignment will be strengthening visibility across the organization’s attack surface to support timely decision-making and measurable reduction of cyber risk exposure.

Main responsibilities include, but are not limited to:

• Drive continuous asset discovery and visibility across cloud, on-premise, SaaS, supply-chain, and emerging environments, strengthening the vulnerability management program toward a continuous, intelligence-driven threat exposure management model.
• Conduct and validate vulnerability assessments using multiple tools and intelligence sources, ensuring findings reflect actual exposure and relevant attack paths.
• Prioritize vulnerabilities based on real-world risk factors, including exploitability, exposure, business criticality, and attack path relevance, integrating external intelligence such as known exploited vulnerabilities, proof-of-concepts, and indicators of active exploitation to strengthen prioritization decisions beyond traditional approaches.
• Act as the central coordination point for vulnerability remediation, ensuring clear tasking, tracking progress, enforcing SLAs, and escalating high-risk or delayed items.
• Drive the practical adoption of AI‑enabled capabilities within vulnerability and exposure management processes, identifying and developing use cases that enhance risk prioritization, analysis, and automation, while ensuring appropriate governance and human oversight.
• Recommend compensating controls where remediation is constrained, while analysing vulnerability trends to identify systemic weaknesses and drive improvements.
• Support integration of vulnerability data into dashboards, reporting, and ticketing platforms, ensuring clear visibility of exposure and remediation performance.
• Manage and track vulnerability findings through tickets and alerts, and collaborate with internal teams and partners to improve processes, tooling, and data integration.
• Contribute to awareness initiatives and knowledge sharing related to vulnerability risks and secure practices across technology teams.
• Perform other cybersecurity-related duties as assigned.

University Degree in Information Technology, Information Systems, Cybersecurity, or related domains or a combination of relevant experience and education.

• At least 6-8 years of experience in vulnerability management, cybersecurity operations, threat management, or related areas. Experience working with cloud platforms, threat exposure management, or environments characterized by rapidly evolving vulnerabilities and exploit scenarios is highly desirable.

• Strong understanding of vulnerability management and exposure management concepts, tools, platforms, and processes.
• Understanding of cloud environments, networking, and system architectures.
• Awareness of exploitability concepts, threat intelligence, and modern risk prioritization approaches.
• Understanding of emerging risks, including those associated with AI-driven systems and software supply chains, is an asset.
• Strong analytical and communication skills, with the ability to interpret complex data, translate it into actionable insights, and effectively manage and communicate risk across multiple stakeholders.
• Certifications such as CISSP, CISM, CRISC, GIAC, or OSCP are advantageous.

Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language desirable: Arabic, Chinese, French, Russian, Spanish, and/or WFP’s working language, Portuguese.