• The consultant will work under the overall supervision of the Head of the Crime Prevention and Criminal Justice Programme, UNODC ROEA, direct supervision of the Programme Manager in coordination with the Programme officers and work closely with the Judiciary in performing the following substantive duties and responsibilities.
• In this regard, the UNODC seeks to strengthen the Judiciary’s ICT systems through enabling the development of a security by design capacity building model with the following objectives:
• Build capacity in secure system development and Security by Design
• Train system administrators on server and infrastructure hardening
• Equip network engineers with skills to protect the Judiciary’s network perimeter
• Confidence building & empowerment of cybersecurity staff to carry out audits, ethical hacking, and incident response.

The consultant shall perform the following tasks:

• Inception Meeting and Report: Undertake an inception meeting with the relevant stakeholders at the Judiciary to review the scope, timelines and methodology of work. Draft and submit to UNODC the inception report.
• Capacity building in Security-by-Design and Cybersecurity will be separately undertaken for four different target beneficiaries as identified below: Developers/ Database administrators on various components identified below:
• Application and Database Security by Design

Qualifications/special skills

• An advanced university degree in Cybersecurity, Computer Science, Computer Engineering or a related field is required (Master’s or equivalent).
• A first level university degree is required in Civil Engineering or similar fields in combination with two additional years of qualifying experience may be accepted in lieu of the advanced university degree.
• A minimum of five years of progressively responsible professional experience in ICT Security/cybersecurity is required.
• Experience in penetration testing and vulnerability assessments, IDS/Firewalls/VPN Administration, content filers, Security scan tools, Network and Systems, servers etc is required c. Experience in enterprise security document creation is required.
• Experience in designing and delivering employee security awareness training is desirable. e. Experience in developing Business Continuity Plans and Disaster Recover is desirable.