Job Description

What We Do

Since 1863, the International Committee of the Red Cross (ICRC) has worked to relieve suffering and preserve human dignity during war and armed violence. Alongside our Red Cross and Red Crescent partners, we deliver life-saving aid across front lines and strive to reconnect families and locate missing people.

Engaging with authorities and armed forces on all sides, often confidentially, we advocate for humane treatment of detainees and urge compliance with international humanitarian law to protect civilians from harm, including online.

Purpose of the Role

The ICRC provides technology services to more than 15,000 employees globally, external partners and our beneficiaries. Protecting our digital operations from cyber-attacks is a core element of the institutional cyber security strategy.
Based at HQ in Geneva and reporting to the ICT Security Manager, the Security Operations Center (SOC) coordinator is responsible for ensuring the ICRC is prepared to detect, respond to and recover from cyber-attacks.
The SOC coordinator oversees day-to-day operations of the ICRC's hybrid SOC across Security Monitoring and Incident Response, working in close coordination with internal functions covering Vulnerability Management and Threat Intelligence.
Drawing on deep technical expertise and situational awareness, they coordinate and continuously enhance SOC processes, services and service levels in collaboration with technical and non-technical stakeholders.

Main Duties & Responsibilities

SOC coordination and reporting

- Support the CISO (Chief Information Security Officer) function in delivering the ICRC cyber security strategy and continuously evolving the SOC mission
- Coordinate all SOC functions (cyber security monitoring, cyber security incident response, vulnerability management and threat intelligence) and daily interaction with the MSSP
- Coordinate a team of Cyber Security Engineers
- Ensure SOC adherence to security policies and procedures; revise and develop SOC-related policies, standards and procedures within the Information Security Framework
- Deliver agreed SOC measurables and metrics to the CISO

Cyber security monitoring
- Ensure efficient cyber security incident identification, triage, reporting, communication and monitoring via MSSP
- Ensure efficient operation of standard reporting channels for suspected cyber security incidents

Cyber security incident response
- Responsible for overall coordination and execution of the response to Tier 1, 2 & 3 cases
- Assign tasks to Cyber Security Engineers
- Manage escalated, unresolved, persistent or repetitive cases
- Support Cyber Security Engineers in disseminating incident-related information to constituents and concerned parties via established processes, tooling and communication channels

Vulnerability management
- Work closely with vulnerability management functions to ensure required corrective actions are applied appropriately and timely, notably those related to security patches
- Contribute to the continuous improvement, evolution and extended scope of the vulnerability management process

Cyber threat intelligence (TI)
- Work closely with threat intelligence functions to ensure SOC detection capabilities are appropriately enriched via internal and external TI feeds
- Based on TI feeds, plan and coordinate threat hunts and responses with Cyber Security Engineersd via internal and external TI feeds

Professional & Education Background

• University degree in Computer Science, Engineering, or related field (a major in security is an asset)
• Minimum 3 years of professional experience in cyber security
• Security certifications (CISSP, CCSP, SANS GIAC, CEH, Security+ and/or Offensive Security) are a strong asset
• Experience working in an international and multicultural environment

Desired Profile & Skills

• Excellent knowledge of information security standards, frameworks and best practices (NIST, ISO, SANS, etc.)
• Excellent knowledge of enterprise security architecture and engineering
• Excellent knowledge of common desktop and server OS, container technology, databases and network administration/management
• Excellent knowledge of OSI network stack including major IPv4/IPv6 protocols using TCP/UDP including SMTP, HTTP, DNS, SNMP, LDAP etc.
• Proficiency in one or more scripting languages; Python and/or Powershell/Powershell Core is an asset.
• Expertise with core FOSS tools (e.g.: tcpdump, Wireshark)
• Ability to manage workflows within dedicated case management and common service management tooling
• Solid integrity, sound judgement and a clear understanding of the cyber security organization and the wider ICRC mission
• Fluency in English is required; French is an asset

Additional Information

• Location: Geneva
• Type of contract: Open-ended
• Activity rate: 100%
• Start date: July/August 2026
• Recruiter: Alejandra Rodriguez
• Application deadline: Wednesday, 3rd of June 2026

Important information: For future employees and their dependents who are not EU and/or EFTA nationals, settling in Switzerland is now required. Direct settlement in France upon arrival is no longer possible.

Our Values

At the ICRC, we value impact, collaboration, respect, and compassion. We seek candidates who demonstrate behaviors based on these shared values. For more information on the ICRC values, please visit this page

Are you ready to explore the next chapter of your career? Apply now!

The ICRC values diversity and is committed to creating an inclusive working environment. We welcome applications from all qualified candidates.