Platform Engineering Lead

The Platform Engineering Lead will own the engineering practices, toolchain, and delivery pipelines that power the software development lifecycle at ICRC. This role involves leading a cross-functional team, setting standards for CI/CD, code quality, API management, secrets management, and container platform delivery to support global digital services and humanitarian applications.

Responsibilities

• Own and evolve the end-to-end CI/CD strategy on Azure DevOps, covering pipelines as code, multi-stage deployments, environment promotion gates, and self-service pipeline templates for development squads.
• Architect and maintain Azure DevOps organizations, projects, agent pools (Microsoft-hosted and self-hosted), service connections, and pipeline security controls.
• Administer SonarQube, including quality gate design, custom rule sets, branch analysis, PR decoration, and integration with Azure DevOps pipelines, ensuring consistent code quality and security standards across all repositories.
• Own the Gravitee API Gateway platform: design and enforce API management policies, plans, subscriptions, rate limiting, and authentication flows (OAuth 2.0, API keys, JWT), and govern the developer portal.
• Operate and evolve OpenBao for secrets management, covering auth methods, secret engines, dynamic credentials, lease management, and PKI/certificate issuance.
• Establish and enforce DevSecOps practices, embedding shift-left security scanning (SAST, DAST, SCA, container image scanning) natively into CI/CD pipelines.
• Define branching strategies, release management processes, and versioning standards, including semantic versioning and changelog automation.
• Collaborate with security and compliance teams to ensure all toolchain configurations meet ICRC data-protection policies, audit requirements, and relevant regulatory frameworks.
• Mentor DevOps engineers and embed DevOps culture within product teams through coaching, enablement sessions, and architectural guidance.
• Strengthen open-source capabilities across the DevOps toolchain (OpenBao, Gravitee, SonarQube, Kubernetes) by enforcing SBOM, license compliance, and CVE triage in CI/CD pipelines, in alignment with ICRC OSPO governance and contribution policy.

Requirements

• Bachelor's or Master's degree in Computer Science or a related field.
• 7+ years in DevOps, platform, or infrastructure engineering roles, with at least 3 years in a lead or senior individual-contributor capacity.
• Agile delivery certification; SAFe certification preferred.
• Experience in complex, international, or multicultural environments is an advantage.
• Strong English (written and spoken) is required; French is a plus.
• Deep hands-on experience with Azure DevOps: pipeline authoring, agent management, environment governance, and organisation-level administration.
• Practical experience operating an API gateway platform (Gravitee, Apigee, or equivalent) in production, including policy design, authentication flows, and developer portal management.
• Solid understanding of secrets management principles, with hands-on experience using HashiCorp Vault or OpenBao, covering auth methods, dynamic secrets, PKI, and least-privilege policy design.
• Experience with security tooling across SAST (e.g. SonarQube), DAST (e.g. Checkmarx), and infrastructure security (e.g. Aqua).
• Strong understanding of open-source security risks and experience applying relevant best practices.
• Knowledge of containerisation technologies (Docker, Kubernetes) and securing containerised workloads.
• Knowledge of data privacy regulations.
• Strong analytical, problem-solving, and communication skills.

Skills

• DevOps Engineering
• Platform Engineering
• Infrastructure Engineering
• Agile Development
• SAFe certification
• Azure DevOps
• Pipeline Authoring
• Agent Management
• Environment Governance
• Organisation-level Administration
• API Gateway Management
• Policy Design
• Authentication Flows
• Developer Portal Management
• Secrets Management
• HashiCorp Vault
• OpenBao
• Auth Methods
• Dynamic Secrets
• PKI Implementation
• Least-privilege Policy Design
• SAST Security Tooling
• SonarQube
• DAST Security Tooling
• Checkmarx
• Infrastructure Security
• Aqua
• Open-source Security
• Containerisation Technologies
• Docker Containers
• Kubernetes
• Securing Containerised Workloads
• Data Privacy Regulations

Languages

English, French