Cyber Security Officer

1 - Position Information* VA No.: UNDP/LBN/VA26/039 * Position Title: Cyber Security Officer * Duty Station: The duty station is Beirut, Republic of Lebanon (OMSAR Offices) * Duration: 3 months (5 working days per month). * Contract Type: Consultancy * Vacancy Date of Issue: 16 March 2026 * Vacancy Closure Date: 19 March 2026 * National or International consultancy: National (LEBANESE NATIONALS ONLY)To review the full Terms of Reference (TOR), please follow link:https://drive.google.com/file/d/1aPH0D9xBXnYux9SMtGwsqqf2x3adiSjT/view?usp=sharing2 - BACKGROUNDLebanon continues to face a prolonged economic, financial, and institutional crisis that has significantly weakened the capacity of public administrations to deliver services efficiently and securely. These challenges have been compounded by outdated digital infrastructure, cybersecurity vulnerabilities, and heavy reliance on private service providers for critical government digital assets.Despite these constraints, Lebanon remains committed to advancing digital transformation as a key driver for economic recovery, transparency, and effective governance. In May 2022, the Government of Lebanon approved the National Digital Transformation Strategy (NDTS), designating the Office of the Minister of State for Administrative Reform (OMSAR) as the lead institution responsible for its implementation.To support this mandate, UNDP has been partnering with OMSAR through the Lebanon Public Administration Reform and Digitization Project (L-PARDP) to strengthen institutional capacity, modernize public service delivery, and advance digital governance reforms. One of the critical initiatives under this collaboration is the migration of government websites from private hosting providers to OGERO’s national hosting infrastructure, with the objective of enhancing cybersecurity, ensuring data sovereignty, reducing costs, and laying the foundation for a unified and sustainable national digital ecosystem.Moreover, the current hosting infrastructure for OMSAR and a large number of government websites remains outdated and fragmented, with expired or missing software licenses and unsupported hardware, exposing public digital platforms to heightened cybersecurity, operational, and data protection risks. In response, the Government of Lebanon, through OMSAR, is pursuing a structured initiative to assess the feasibility of migrating both newly developed and existing government websites currently hosted by private providers to OGERO’s national data hosting infrastructure. Migrating government portals to OGERO, as a public entity, is intended to strengthen cybersecurity and national data sovereignty through centralized hosting under government oversight, reduce long-term costs and dependency on private vendors, and support the implementation of the National Digital Transformation Strategy by establishing a secure, unified, and sustainable hosting environment. This transition will also lay the groundwork for the future establishment of a national data center, including in coordination with the World Bank–supported Digital Acceleration Project.In this context, UNDP seeks to recruit a National Cyber Security Officer to provide cybersecurity expertise, infrastructure security assessment, and risk mitigation support to OMSAR throughout the migration of government websites to OGERO’s hosting environment, ensuring the protection of digital assets and compliance with international security standards.3 - SCOPE OF WORK, RESPONSIBILITIES AND DESCRIPTION OF THE PROPOSED ANALYTICAL WORKUNDP is seeking the services of a Short-Term Individual Consultant (IT Security Officer) to provide cybersecurity expertise, infrastructure security assessment, and risk mitigation support to OMSAR throughout the migration of government websites to OGERO’s hosting environment, ensuring the protection of digital assets and compliance with international security standards.Under this consultancy, the Consultant is requested to complete the following tasks:* Pre-Migration Security Assessment * Conduct thorough evaluations of existing security configurations, including Web Application Firewalls (WAF), Intrusion Prevention Systems (IPS), VPN access mechanisms, and database replication settings. * Validate the security readiness of the staging environment with vulnerability scanning, penetration testing, and network segmentation. * Design rollback and redundancy procedures to ensure service continuity during migration. * Cybersecurity and Risk Mitigation * Ensure compliance with cybersecurity standards and best practices during all migration phases, including WAF fine-tuning, IPS rule configurations, and secure data transmission protocols. * Provide advisory inputs on safeguarding against risks such as downtime, unauthorized data access, or application failures during migration. * Define incident response plans and monitoring protocols for real-time security oversight. * Post - Migration Validation * Validate the performance of migrated security configurations, including WAF protections, database integrity, VPN access continuity, and SSL/TLS certificates. * Conduct post-migration checks for DNS resolutions, application availability, and centralized logging integration. * Monitor for anomalies and security breaches during stabilization. * Ongoing Security Operations * Define governance arrangements for managing WAF/IPS configurations, VPN access controls, and firewall policy updates. * Collaborate with OGERO SOC to ensure continuous security monitoring and automated alerting mechanisms. * Conduct regular reviews and updates of security configurations to enhance protection and compliance.4 - EXPECTED OUTPUTS AND DELIVERABLESThe Consultant is expected to complete the above tasks and activities, noting that the total duration shouldnot exceed 3 months with 5 working days per month5 - INSTITUTIONAL ARRANGEMENTS* With day-to-day management by LPARD-P Project Manager or their designated representatives and in close coordination with OMSAR. * UNDP will be responsible for providing the contractor with all necessary materials related to the project in a timely thorough and transparent manner. UNDP will be also responsible to provide clarifications and facilitation of the work. * Day to Day transportation from home to office (& vice versa) shall be covered by the Consultant’s own means. The Consultant will rely on his own means of communication and transportation.6 - DURATION OF WORK* The assigned duration for this consultancy is 3 months with 5 working days per month * The mission is expected to commence on immediately , and to be completed by the 16th of June 2026. * The time needed to review/ comment/ approve deliverables and outputs is (5) five working days.7 - DUTY STATIONThe duty station is Beirut, Republic of Lebanon (OMSAR Offices)8 - STANDARD MINIMUM QUALIFICATIONSEducation* Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. * At least 8 years of experience in network security, including hands-on expertise in IDS, firewall configurations, SSL certificate management, and Web Application Firewall (WAF) configuration, as well as proficiency in threat intelligence, penetration testing, and incident response.Language: Fluent in English, French and Arabic (both oral and written).“The Personnel will be covered with Health insurance and Personal accident insurance; the fees shall be deducted from personnel's monthly payment”.HOW TO APPLYHow to ApplyTo apply for this position please choose one of the two options below:1. Link to Apply: https://jobs.my-soc.org/apply/20260316142308/TiMbgUmYBrZ9y24la7SPJHnsV 2. You can send your CV with the cover letter to this email: [email protected]. Please write (Cyber Security Officer / Lebanon) in the subject of the email.Terms and Condition to Apply:1. CV or P11 Form including 3 references must be submitted online in PDF along with your Education Graduation Certificate. 2. Use English language only. 3. indicate clear years of experience with each job (Month/Year) 4. If the candidate is currently employed by a government institution, he/she must be able to provide an unpaid leave of absence for the duration of the consultancy. 5. Only candidates who are short-listed will be contacted. 6. By submitting your application, you have read the Terms of Reference for this position and agree that any false, wrong, or incomplete information might lead to your disqualification in this recruitment process.