Platform Engineering Lead
International Committee of the Red Cross
- Location:
- Geneva, Switzerland
- Category:
- Professional Staff
Posted Jun 22, 2026Apply by Jul 13, 2026 (11d left)
See your match score & applyThe Platform Engineering Lead will own the engineering practices, toolchain, and delivery pipelines that power the software development lifecycle at ICRC. This role involves leading a cross-functional team, setting standards for CI/CD, code quality, API management, secrets management, and container platform delivery to support global digital services and humanitarian applications.
Responsibilities
- Own and evolve the end-to-end CI/CD strategy on Azure DevOps, covering pipelines as code, multi-stage deployments, environment promotion gates, and self-service pipeline templates for development squads.
- Architect and maintain Azure DevOps organizations, projects, agent pools (Microsoft-hosted and self-hosted), service connections, and pipeline security controls.
- Administer SonarQube, including quality gate design, custom rule sets, branch analysis, PR decoration, and integration with Azure DevOps pipelines, ensuring consistent code quality and security standards across all repositories.
- Own the Gravitee API Gateway platform: design and enforce API management policies, plans, subscriptions, rate limiting, and authentication flows (OAuth 2.0, API keys, JWT), and govern the developer portal.
- Operate and evolve OpenBao for secrets management, covering auth methods, secret engines, dynamic credentials, lease management, and PKI/certificate issuance.
- Establish and enforce DevSecOps practices, embedding shift-left security scanning (SAST, DAST, SCA, container image scanning) natively into CI/CD pipelines.
- Define branching strategies, release management processes, and versioning standards, including semantic versioning and changelog automation.
- Collaborate with security and compliance teams to ensure all toolchain configurations meet ICRC data-protection policies, audit requirements, and relevant regulatory frameworks.
- Mentor DevOps engineers and embed DevOps culture within product teams through coaching, enablement sessions, and architectural guidance.
- Strengthen open-source capabilities across the DevOps toolchain (OpenBao, Gravitee, SonarQube, Kubernetes) by enforcing SBOM, license compliance, and CVE triage in CI/CD pipelines, in alignment with ICRC OSPO governance and contribution policy.
Requirements
- Bachelor's or Master's degree in Computer Science or a related field.
- 7+ years in DevOps, platform, or infrastructure engineering roles, with at least 3 years in a lead or senior individual-contributor capacity.
- Agile delivery certification; SAFe certification preferred.
- Experience in complex, international, or multicultural environments is an advantage.
- Strong English (written and spoken) is required; French is a plus.
- Deep hands-on experience with Azure DevOps: pipeline authoring, agent management, environment governance, and organisation-level administration.
- Practical experience operating an API gateway platform (Gravitee, Apigee, or equivalent) in production, including policy design, authentication flows, and developer portal management.
- Solid understanding of secrets management principles, with hands-on experience using HashiCorp Vault or OpenBao, covering auth methods, dynamic secrets, PKI, and least-privilege policy design.
- Experience with security tooling across SAST (e.g. SonarQube), DAST (e.g. Checkmarx), and infrastructure security (e.g. Aqua).
- Strong understanding of open-source security risks and experience applying relevant best practices.
- Knowledge of containerisation technologies (Docker, Kubernetes) and securing containerised workloads.
- Knowledge of data privacy regulations.
- Strong analytical, problem-solving, and communication skills.
Skills
- DevOps Engineering
- Platform Engineering
- Infrastructure Engineering
- Agile Development
- SAFe certification
- Azure DevOps
- Pipeline Authoring
- Agent Management
- Environment Governance
- Organisation-level Administration
- API Gateway Management
- Policy Design
- Authentication Flows
- Developer Portal Management
- Secrets Management
- HashiCorp Vault
- OpenBao
- Auth Methods
- Dynamic Secrets
- PKI Implementation
- Least-privilege Policy Design
- SAST Security Tooling
- SonarQube
- DAST Security Tooling
- Checkmarx
- Infrastructure Security
- Aqua
- Open-source Security
- Containerisation Technologies
- Docker Containers
- Kubernetes
- Securing Containerised Workloads
- Data Privacy Regulations
Languages
English, French