Job Description

OBJECTIVE OF THE OFFICE/DEPARTMENT

This is a requisition for employment at the Pan American Health Organization (PAHO)/Regional Office of the World Health Organization (WHO)

Contractual Agreement:

Non-Staff - International PAHO Consultant

Job Posting:

June 2, 2026

Closing Date:

June 10, 2026, 11:59 PM Eastern Time

Primary Location:

Off Site

Organization:

ITS Information Technology Services

Schedule:

Full time

PURPOSE OF CONSULTANCY

Information Security Consultant – Security Operations and Vulnerability Management Analyst
PAHO is searching for an independent consultant to work at the Department of Information Technology Services (ITS), who will support the operational cybersecurity capabilities of PAHO’s Information Security Program, with focus on security monitoring, incident response, threat hunting, and vulnerability management support.

1. Background
The Pan American Health Organization (PAHO), as the specialized international health agency for the Americas and Regional Office for the Americas of the World Health Organization, relies on secure, resilient, and trusted digital services to support its technical cooperation, administrative operations, and regional public health mandate.

The Department of Information Technology Services (ITS), through the Information Security Program, is strengthening its internal Security Operations capability to improve the detection, analysis, response, and coordination of cybersecurity events and vulnerabilities across PAHO’s technology environment.

PAHO operates an internal security operations function supported by external service providers and uses security technologies such as Microsoft Sentinel, Microsoft Defender suite, Varonis, and Qualys to support alert monitoring, incident response, threat detection, data security visibility, and vulnerability management activities.

In this context, PAHO requires specialized consultancy support to strengthen the operational execution of security monitoring, incident response, threat hunting, and vulnerability analysis, while ensuring effective coordination with IT Operations, Service Desk, technical focal points, application owners, system custodians, and external providers.

2. Purpose of the Consultancy
The purpose of this consultancy is to provide specialized Security Operations and Vulnerability Management support to PAHO’s Information Security Program by performing security monitoring, alert triage, incident response support, threat hunting, and operational vulnerability analysis.
The consultant will contribute to PAHO’s ability to detect, analyze, respond to, and coordinate the mitigation of cybersecurity threats across endpoint, identity, cloud, application, data, and infrastructure environments.

The consultant will also support the operational use of vulnerability management information to help prioritize risks, coordinate remediation actions with responsible teams, validate mitigation efforts where applicable, and provide inputs to improve security operations processes, detection capabilities, and vulnerability management practices.

OF DUTIES:

3. Duties and Responsibilities

Under the supervision of the Information Security Advisor (CISO), the consultant will perform the following activities:

A. Security Monitoring and Alert Analysis

• Monitor and analyze security alerts and events from Microsoft Sentinel, Microsoft Defender suite, Varonis, and other relevant security tools.
• Validate, classify, and prioritize alerts based on severity, affected assets, business impact, exposure, and potential risk to the Organization.
• Identify suspicious activity across endpoints, identities, cloud services, data repositories, applications, and infrastructure components, escalating confirmed or high-risk events according to established procedures.
• Provide operational feedback to improve alert quality, reduce false positives, strengthen detection coverage, and optimize monitoring practices.

B. Incident Response, Operational Coordination and Playbook Improvement

• Support the execution and coordination of incident response activities, including initial analysis and investigation of affected users, endpoints, identities, data repositories, cloud resources, or applications, containment support, evidence collection, escalation, and follow-up with relevant stakeholders.
• Coordinate incident handling with IT Operations, Service Desk, infrastructure teams, application owners, system custodians, external service providers, vendors, and existing Service Management, Incident Response, and Disaster Recovery processes.
• Prepare incident summaries and post-incident notes, including affected assets, response actions, coordination performed, lessons learned, and recommended improvements.
• Contribute operational input to the development, validation, and improvement of incident response playbooks, escalation paths, and automation opportunities.

C. Threat Hunting and Detection Support

• Conduct proactive threat hunting activities across endpoint, identity, cloud, data, and application environments using Microsoft Sentinel, Microsoft Defender suite, Varonis, and other related sources.
• Identify indicators of compromise, anomalous behavior, suspicious access patterns, unusual data activity, and potential misuse of organizational resources.
• Support the detection of unauthorized or risky use of cloud services, SaaS platforms, data repositories, and AI-enabled tools, including potential Shadow AI activity where telemetry is available.
• Document threat hunting hypotheses, queries, findings, evidence, and recommended follow-up actions, and provide feedback to improve detection logic and monitoring coverage.

D. Vulnerability Management Operational Support

• Analyze vulnerability findings from Microsoft Defender, Qualys, and other relevant sources, assessing severity, exploitability, asset criticality, exposure, compensating controls, and potential business impact.
• Provide security analysis, risk-based prioritization and coordination support for remediation actions with IT Operations, Service Desk, technical focal points, system owners, application owners, MSPs, and vendors as required.
• Validate remediation status where applicable through rescans, evidence review, or confirmation with responsible teams.

E. Security Operations Reporting and Continuous Improvement

• Prepare periodic summaries of security monitoring activities, notable alerts and incidents, threat hunting findings, vulnerability exposure, and operational risks.
• Contribute to SOC metrics, including alert and incident trends, false positives, response times, vulnerability exposure, remediation status, and recurring issues.
• Recommend improvements to detection quality, alert triage, incident handling, vulnerability management workflows, and coordination with external providers.
• Provide structured inputs and evidence to support CISO-level reporting on operational cybersecurity posture, incidents, vulnerabilities, and key risks.
• In addition to the above, to perform other related duties as assigned.

4. Required Qualifications

4.1. Education

• University degree in Information Technology, Information Security, Cybersecurity, Computer Science, Engineering, or other related disciplines from an accredited institution.
• Desirable: Specialized training in security operations, incident response, vulnerability management, cloud security, threat hunting, or Microsoft security technologies.

4.2. Desirable Certifications

• Microsoft Certified: Security Operations Analyst Associate, or equivalent.
• GIAC Certified Incident Handler (GCIH) or equivalent.
• CompTIA Security+, or equivalent cybersecurity certifications.
• ITIL Foundation or equivalent service management certification.

4.3. Experience

• At least seven years of combined relevant professional experience in information security, security operations, incident response, vulnerability management, and/or related areas.
• Proven experience performing security monitoring, alert triage, incident analysis, and operational response activities in enterprise environments.
• Experience using SIEM, EDR/XDR, vulnerability management, and data security monitoring tools to analyze security events, investigate incidents, and support remediation activities.
• Experience supporting vulnerability management processes, including vulnerability analysis, risk-based prioritization, remediation coordination, and validation.
• Experience with Microsoft Azure security services and the Microsoft security ecosystem, including Microsoft Sentinel, Defender, Entra ID, Intune, and related security capabilities.
• Working knowledge of scripting, query, and automation languages such as PowerShell, Python, KQL, JavaScript, and/or shell scripting.

4.4. Skills and Competencies

• Ability to work collaboratively with cross-functional teams, including IT Operations, Service Desk, infrastructure teams, application owners, system custodians, external service providers, and business stakeholders.
• Ability to communicate security incidents, technical findings, vulnerability risks, and remediation recommendations clearly to technical and non-technical stakeholders.
• Strong analytical, problem-solving, documentation, coordination, and follow-up skills.
• Ability to work under pressure during security incidents and maintain clear documentation of actions taken.
• Ability to translate operational security findings into actionable recommendations for detection improvement, incident response, and vulnerability management.

4.5. Language: Very good knowledge of English and Spanish

Salary: Band B - Daily rate $258-$314

Duration: Until 31 December 2026, possibility of extension subject to performance and availability of funds.

ADDITIONAL INFORMATION

• This vacancy notice may be used to identify candidates for other similar consultancies at the same level.
• Successful candidates will be placed on the roster and subsequently may be selected for consultancy assignments falling in this area of work or for similar requirements/tasks/deliverables. Inclusion in the Roster does not guarantee selection for a consultant contract. There is no commitment on either side.
• Only candidates under serious consideration will be contacted.
• All applicants are required to complete an on-line profile to be considered for this consultancy. For assessment of your application, please ensure that your profile in the PAHO Career page is updated; all experience records are entered with elaboration on tasks performed at the time. Kindly note that CV/PHFs inserted via LinkedIn are no accessible.
• A written test may be used as a form of screening.
• If your candidature is retained for interview, you will be required to provide, in advance, a scanned copy of the degree(s)/diploma(s)/certificate(s) required for this position. PAHO/WHO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU)/United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/ PAHO will also use the databases of the Council for Higher Education Accreditation http://www.chea.org/search/default.asp and College Navigator, found on the website of the National Centre for Educational Statistics, https://nces.ed.gov/collegenavigator to support the validation process. Some professional certificates may not appear in the WHED and will require individual review.
• Any appointment/extension of appointment is subject to PAHO/WHO Regulations, and e-Manual.
• For information on PAHO please visit: http://www.paho.org
• PAHO/WHO is committed to providing a respectful and supportive workplace for all personnel
• PAHO is an ethical organization that maintains high standards of integrity and accountability. People joining PAHO are required to maintain these standards both in their professional work and personal activities.
• PAHO also promotes a work environment that is free from harassment, sexual harassment, discrimination, and other types of abusive behavior. PAHO conducts background checks and will not hire anyone who has a substantiated history of abusive conduct.
• PAHO personnel interact frequently with people in the communities we serve. To protect these people, PAHO has zero tolerance for sexual exploitation and abuse. People who commit serious wrongdoings will be terminated and may also face criminal prosecution.
• PAHO/WHO has a smoke-free environment and does not recruit smokers or users of any form of tobacco.
• Applications from women and from nationals of non and underrepresented Member States are particularly encouraged.
• Consultants shall perform the work as independent contractors in a personal capacity, and not as a representative of any entity or authority. The execution of the work under a consultant contract does not create an employer/employee relationship between PAHO and the Consultant.
• PAHO/WHO shall have no responsibility whatsoever for any taxes, duties, social security contributions or other contributions payable by the Consultant. The Consultant shall be solely responsible for withholding and paying any taxes, duties, social security contributions and any other contributions which are applicable to the Consultant in each location/jurisdiction in which the work hereunder is performed, and the Consultant shall not be entitled to any reimbursement thereof by PAHO/WHO.