Platform Engineering Lead
Indexed description
Engaging with authorities and armed forces on all sides, often confidentially, we advocate for humane treatment of detainees and urge compliance with international humanitarian law to protect civilians from harm, including online.
Purpose of the Role
We are looking for an experienced Platform Engineering Lead to own the engineering practices, toolchain, and delivery pipelines that power our software development lifecycle. As the technical authority on CI/CD, code quality, API management, secrets management, and container platform delivery, you will drive both global digital services and field-facing humanitarian applications deployed in some of the most operationally demanding environments in the world. You will lead a cross-functional team, set standards adopted across all engineering squads, and serve as the connecting force between development, platform, security, and operations, all in direct support of ICRC's mandate to protect and assist people affected by armed conflict and other situations of violence.
Reports to (role)
Engineering Technology Manager
Main Duties & Responsibilities
- Own and evolve the end-to-end CI/CD strategy on Azure DevOps, covering pipelines as code, multi-stage deployments, environment promotion gates, and self-service pipeline templates for development squads.
- Architect and maintain Azure DevOps organizations, projects, agent pools (Microsoft-hosted and self-hosted), service connections, and pipeline security controls.
- Administer SonarQube, including quality gate design, custom rule sets, branch analysis, PR decoration, and integration with Azure DevOps pipelines, ensuring consistent code quality and security standards across all repositories.
- Own the Gravitee API Gateway platform: design and enforce API management policies, plans, subscriptions, rate limiting, and authentication flows (OAuth 2.0, API keys, JWT), and govern the developer portal.
- Operate and evolve OpenBao for secrets management, covering auth methods, secret engines, dynamic credentials, lease management, and PKI/certificate issuance.
- Establish and enforce DevSecOps practices, embedding shift-left security scanning (SAST, DAST, SCA, container image scanning) natively into CI/CD pipelines.
- Define branching strategies, release management processes, and versioning standards, including semantic versioning and changelog automation.
- Collaborate with security and compliance teams to ensure all toolchain configurations meet ICRC data-protection policies, audit requirements, and relevant regulatory frameworks.
- Mentor DevOps engineers and embed DevOps culture within product teams through coaching, enablement sessions, and architectural guidance.
- Strengthen open-source capabilities across the DevOps toolchain (OpenBao, Gravitee, SonarQube, Kubernetes) by enforcing SBOM, license compliance, and CVE triage in CI/CD pipelines, in alignment with ICRC OSPO governance and contribution policy.
- Bachelor's or Master's degree in Computer Science or a related field.
- 7+ years in DevOps, platform, or infrastructure engineering roles, with at least 3 years in a lead or senior individual-contributor capacity.
- Agile delivery certification; SAFe certification preferred.
- Experience in complex, international, or multicultural environments is an advantage.
- Strong English (written and spoken) is required; French is a plus.
- Deep hands-on experience with Azure DevOps: pipeline authoring, agent management, environment governance, and organisation-level administration.
- Practical experience operating an API gateway platform (Gravitee, Apigee, or equivalent) in production, including policy design, authentication flows, and developer portal management.
- Solid understanding of secrets management principles, with hands-on experience using HashiCorp Vault or OpenBao, covering auth methods, dynamic secrets, PKI, and least-privilege policy design.
- Experience with security tooling across SAST (e.g. SonarQube), DAST (e.g. Checkmarx), and infrastructure security (e.g. Aqua).
- Strong understanding of open-source security risks and experience applying relevant best practices.
- Knowledge of containerisation technologies (Docker, Kubernetes) and securing containerised workloads.
- Knowledge of data privacy regulations.
- Strong analytical, problem-solving, and communication skills.
- Location: Geneva
- Type of contract: Open-ended
- Activity rate: 100%
- Start date: October 2026
- Recruiter: Alejandra Rodriguez
- Application deadline: Monday, 13th of July 2026
Are you ready to explore the next chapter of your career? Apply now!
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search