Threat Detection and Response Lead, P-3 - based in Rome, Italy in London

This role is based in Rome, Italy and open to all nationalities.

ABOUT WFP

The World Food Programme is the world's largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change. At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.

WHY JOIN WFP?

• WFP is a 2020 Nobel Peace Prize Laureate.
• Inclusive, diverse, and multicultural working environment.
• Investment in personal and professional development through training, coaching, mentorship, and internal mobility opportunities.
• Opportunity to work across country, regional and global offices with passionate colleagues dedicated to humanitarian work.
• Attractive compensation package (see Terms and Conditions).

ORGANIZATIONAL CONTEXT

The position is based in HQ, Rome within the Technology Division (TEC) and reports to Head of Cybersecurity Operations in the Cybersecurity Operations Branch (TECI). The information security landscape is rapidly evolving, making cybersecurity a top priority for WFP. WFP fosters proactive IT operations to minimize risk, detect and respond to advanced threats, ensure compliance, and optimize security operations costs.

THE ROLE

To partner with the business to understand operating environments in order to monitor, analyze, and respond to cyber threats affecting WFP's global operations. The role drives cyber threat detection and hunting, advanced security analytics, and continuous improvement of detection and response capabilities, leveraging deep expertise in security telemetry, query languages, and cross-security platform analysis and correlations.

KEY ACCOUNTABILITIES

• Oversee the daily operations of the Threat Detection and Response team, managing monitoring, investigation, and incident response activities while leading and developing team specialists.
• Monitor and oversee the environment for potential cyber threats and incidents, and communicate with business counterparts to ensure effective mitigation and recovery.
• Conduct Tier-3 analysis and assessments of potential cyber incidents and threats, using security telemetry, advanced query techniques, and correlation analysis to improve detection accuracy.
• Optimize security operations workflows, onboarding, fine-tuning, and automating detection and response across platforms.
• Coordinate with other cybersecurity teams on intelligence, hunting, and vulnerabilities, aligning with evolving threat techniques.
• Report on cyber incidents, vulnerabilities, and risks, providing technical insights and recommendations to strengthen defences.
• Test, analyze, onboard and document new solutions, integrations, automations and enrichments for cybersecurity operations.
• Establish and maintain partnerships with business counterparts to identify, respond to, and recover from cyber incidents.
• Maintain adherence to WFP's policies, processes, and frameworks, ensuring compliance and operational excellence.
• Perform additional cybersecurity-related duties as required to support WFP's global mission.

QUALIFICATIONS AND EXPERIENCE

EDUCATION: First university degree in Computer Science, Information Security, Engineering or other relevant field.

EXPERIENCE: Minimum of 5 years of experience in technology-related roles, with a focus on cybersecurity threat detection & response and management of Microsoft cybersecurity platforms. Strong technical skills with hands-on knowledge of cybersecurity operations, including monitoring, incident tracking, platform administration, identity & access security, and threat hunting.

LANGUAGE: Fluency (level C) in English. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish, and/or Portuguese (a WFP working language).

MORE ABOUT YOU:

• Deep understanding of cybersecurity operations in large-scale global organizations.
• Ability to perform cyber incident research, post-mortem analyses, and recommend improvements.
• Knowledge of email security, threat detection, phishing analysis, and secure configuration of email security policies.
• Hands-on experience with Microsoft Security tools (e.g., Sentinel, Defender for Endpoint/O365/Cloud Apps/XDR).
• Experience with cybersecurity case management systems for incident tracking and documentation.
• Knowledge of cloud security operations, including multi-cloud threat detection and monitoring.
• Expertise in Cyber Threat Hunting, Cybersecurity Platforms Management, or Cyber Incident Response.
• Experience working in globally distributed international organizations.
• Knowledge of WFP operations and global infrastructure.
• Recognized relevant certifications are considered an asset.
• Advanced degree in Computer Science, Information Security, Engineering or related field.

TERMS AND CONDITIONS

International Professional position open to all nationalities. Mobility is a core contractual requirement; position is non-rotational and fixed-term with a one-year probation. Open to internal and external candidates. Attractive compensation and benefits package in line with ICSC standards, including salary, allowances, leave, education grant, pension, and medical insurance. Selected candidate will be required to relocate to Rome, Italy.

WFP LEADERSHIP FRAMEWORK

WFP Leadership Framework guides the common standards of behavior that guide HOW we work together to accomplish our mission.

NO FEE DISCLAIMER

The United Nations does not charge any application, processing, training, interviewing or other fee in connection with the application or recruitment process. Be cautious of solicitations requesting fees.