DevSecOps Consultant

INTERNATIONAL TELECOMMUNICATION UNION ITU is the leading United Nations agency for information and communication technologies, with the mission to connect the world. To achieve this, ITU manages the radio-frequency spectrum and satellite orbits at the international level, works to improve communication infrastructure in the developing world, and establishes global standards that foster seamless interconnection of a vast range of communication systems. ITU applies a zero-tolerance policy against all forms of harassment. ITU is committed to diversity and inclusion within its workforce, and encourages all candidates, irrespective of gender, nationality, religious and ethnic backgrounds, including persons with disabilities, to apply to become a part of the organization. Achieving gender balance is a high priority for ITU. DevSecOps Consultant Vacancy notice no: 2278 Sector: BR Department: IAP Country of contract: Switzerland Duty station: Geneva Position number: [[positionNumber]] Grade: [[PositionGrade]] Type of contract: Consultant Duration of contract: 6 months Recruitment open to: External Application deadline (Midnight Geneva Time): 20 April 2026 ORGANIZATIONAL UNIT The Radiocommunication Bureau (BR) is responsible for the application of the Radio Regulations and for technical and administrative support of ITU World and Regional Radiocommunication Conferences, Radiocommunication Assemblies and Study Groups. The Bureau also carries out the international regulatory processes for registration of frequency assignments and satellite orbits and assists administrations in their coordination and implementation of frequency spectrum and orbit requirements as well as in resolving cases of harmful interference. It provides the specialised technical secretariat for the work of the Radiocommunication Study Groups and the Radiocommunication Assembly in the development of recommendations for spectrum utilisation and radio system characteristics. The BR is organised into four Departments: Space Services Department, Terrestrial Services Department, Informatics, Administration and Publications Department and the Study Groups Department. The Informatics, Administration and Publications Department (IAP) comprises of fourDivisions: Space Applications Software (SAS), Terrestrial Applications Software (TAS), Common Software Platform Division (CSP) and Business Operations and Planning Division (BOP). The Department is responsible for the development and maintenance of software and related tools used by the BR as well as software adapted for national frequency management units, providing the necessary user support for the areas concerned. It carries out studies related to policies for the technologies to be used for the information and computational systems within the BR and with administrations in the fields of management of the radio frequency spectrum and the various satellite orbits. The Department is responsible for managing all aspects of the BR's operations, including the development of BR operational plans, organizational support of ITU-R conferences and meetings, BR project management processes and procedures, BR text editing and publications, as well as promotion and membership. The Department is also responsible for human resources management and planning for the BR. BACKGROUND INFORMATION This consultancy is within the Common Software Platform Division (CSP) in the Informatics, Administration and Publications Department (IAP) that is responsible for modernizing and evolving software applications and related tools used in the BR. The objective of this consultancy is to support the implementation of the e-Comment project. E-Comment is a new web application (React frontend/.Net backend) which will replace the SpaceCom legacy desktop application for commenting on coordination requirements established by the BR. TERMS OF REFERENCE Under the guidance of the head, CSP division the consultant will: Conduct a technical assessment of current CI/CD pipelines, build processes, tooling, infrastructure automation, and security practices. Identify areas for improvement aligned with best practice DevSecOps standards. Create or improve automated Azure DevOps pipelines for web and desktop applications, including building, testing, security scanning, dependency analysis, packaging, and deployment across multiple environments. Establish pipeline templates and standards for scalable reuse across multiple BR applications. Enhance deployment reliability through rollback mechanisms, approvals, and reproducible build practices. Integrate automated security scanning (SAST, DAST, SCA, container scanning), vulnerability management, license compliance checks, and secure build practices into all pipelines. Containerize appropriate services (where feasible) and design deployment pipelines for cloud platforms (Azure and/or AWS). Implement automated workflows for building, packaging, code signing (including Windows executables), and distributing desktop applications in a secure, repeatable manner. Configure or improve Infrastructure-as-Code (IaC) templates, monitoring, logging, and environment provisioning to ensure consistent and reproducible infrastructure. Work closely with developers to define requirements, establish DevSecOps standards, and train teams on new tools and processes. Produce clear, maintainable documentation covering DevOps workflows, security practices, pipelines, troubleshooting procedures, and operational guidelines.