Security Operations Center (SOC) Coordinator, Geneva

Security Operations Center (SOC) Coordinator What We Do Since 1863, the International Committee of the Red Cross (ICRC) has worked to relieve suffering and preserve human dignity during war and armed violence. Alongside our Red Cross and Red Crescent partners, we deliver life‑saving aid across front lines and strive to reconnect families and locate missing people.

Engaging with authorities and armed forces on all sides, often confidentially, we advocate for humane treatment of detainees and urge compliance with international humanitarian law to protect civilians from harm, including online.

Purpose of the Role The ICRC provides technology services to more than 15,000 employees globally, external partners and our beneficiaries. Protecting our digital operations from cyber‑attacks is a core element of the institutional cyber security strategy.

Based at HQ in Geneva and reporting to the ICT Security Manager, the Security Operations Center (SOC) coordinator is responsible for ensuring the ICRC is prepared to detect, respond to and recover from cyber‑attacks.

The SOC coordinator oversees day‑to‑day operations of the ICRC's hybrid SOC across Security Monitoring and Incident Response, working in close coordination with internal functions covering Vulnerability Management and Threat Intelligence.

Drawing on deep technical expertise and situational awareness, they coordinate and continuously enhance SOC processes, services and service levels in collaboration with technical and non‑technical stakeholders.

Main Duties&Responsibilities

Support the CISO in delivering the ICRC cyber security strategy and continuously evolve SOC mission.

Coordinate all SOC functions including cyber security monitoring, incident response, vulnerability management and threat intelligence, and daily interaction with the MSSP.

Coordinate a team of Cyber Security Engineers.

Ensure SOC adherence to security policies and procedures; revise and develop SOC‑related policies, standards and procedures within the Information Security Framework.

Deliver agreed SOC measurables and metrics to the CISO.

Ensure efficient cyber security incident identification, triage, reporting, communication and monitoring via MSSP.

Ensure efficient operation of standard reporting channels for suspected cyber security incidents.

Responsible for overall coordination and execution of the response to Tier 1, 2& 3 cases.

Assign tasks to Cyber Security Engineers.

Manage escalated, unresolved, persistent or repetitive cases.

Support Cyber Security Engineers in disseminating incident‑related information to constituents and concerned parties via established processes, tooling and communication channels.

Work closely with vulnerability management functions to ensure required corrective actions are applied appropriately and timely.

Contribute to the continuous improvement, evolution and extended scope of the vulnerability management process.

Work closely with threat intelligence functions to ensure SOC detection capabilities are appropriately enriched via internal and external TI feeds.

Based on TI feeds, plan and coordinate threat hunts and responses with Cyber Security Engineers.

Professional&Education Background

University degree in Computer Science, Engineering, or related field (a major in security is an asset).

Minimum 3 years of professional experience in cyber security.

Security certifications (CISSP, CCSP, SANS GIAC, CEH, Security+ and/or Offensive Security) are a strong asset.

Experience working in an international and multicultural environment.

Desired Profile&Skills

Excellent knowledge of information security standards, frameworks and best practices (NIST, ISO, SANS, etc.).

Excellent knowledge of enterprise security architecture and engineering.

Excellent knowledge of common desktop and server OS, container technology, databases and network administration/management.

Excellent knowledge of OSI network stack including major IPv4/IPv6 protocols using TCP/UDP including SMTP, HTTP, DNS, SNMP, LDAP etc.

Proficiency in one or more scripting languages; Python and/or Powershell/Powershell Core is an asset.

Expertise with core FOSS tools (e.g. tcpdump, Wireshark).

Ability to manage workflows within dedicated case management and common service management tooling.

Solid integrity, sound judgement and a clear understanding of the cyber security organization and the wider ICRC mission.

Fluency in English is required; French is an asset.

Additional Information

Location: Geneva

Type of contract: Open-ended

Activity rate: 100%

Start date: July/August 2026

Our Values At the ICRC, we value impact, collaboration, respect, and compassion. We seek candidates who demonstrate behaviors based on these shared values. For more information on the ICRC values, please visit thispage.

The ICRC values diversity and is committed to creating an inclusive working environment. We welcome applications from all qualified candidates.

#J-18808-Ljbffr