Security Operations Center (SOC) Coordinator, Geneva

Purpose of the Role The ICRC provides technology services to more than 15,000 employees globally, external partners and our beneficiaries. Protecting our digital operations from cyber‑attacks is a core element of the institutional cyber security strategy. Based at HQ in Geneva and reporting to the ICT Security Manager, the Security Operations Center (SOC) coordinator is responsible for ensuring the ICRC is prepared to detect, respond to and recover from cyber‑attacks. The SOC coordinator oversees day‑to‑day operations of the ICRC's hybrid SOC across Security Monitoring and Incident Response, working in close coordination with internal functions covering Vulnerability Management and Threat Intelligence. Drawing on deep technical expertise and situational awareness,they coordinate and continuously enhance SOC processes, services and service levels in collaboration with technical and non‑technical stakeholders.

Main Duties&Responsibilities The SOC coordinator supports the CISO (Chief Information Security Officer) function in delivering the ICRC cyber security strategy and continuously evolving the SOC mission. They coordinate all SOC functions, including cyber security monitoring, incident response, vulnerability management and threat intelligence, and daily interaction with the MSSP. They lead a team of Cyber Security Engineers, ensure SOC adherence to security policies and procedures, and develop SOC‑related policies within the Information Security Framework. They deliver agreed SOC measurables and metrics to the CISO.

Cyber security monitoring

Ensure efficient cyber security incident identification, triage, reporting, communication and monitoring via MSSP.

Ensure efficient operation of standard reporting channels for suspected cyber security incidents.

Cyber security incident response

Responsible for overall coordination and execution of the response to Tier 1, 2&3 cases.

Assign tasks to Cyber Security Engineers.

Manage escalated, unresolved, persistent or repetitive cases.

Support Cyber Security Engineers in disseminating incident‑related information to constituents and concerned parties via established processes, tooling and communication channels.

Vulnerability management

Work closely with vulnerability management functions to ensure required corrective actions are applied appropriately and timely, notably those related to security patches.

Contribute to the continuous improvement, evolution and extended scope of the vulnerability management process.

Cyber threat intelligence (TI)

Work closely with threat intelligence functions to ensure SOC detection capabilities are appropriately enriched via internal and external TI feeds.

Plan and coordinate threat hunts and responses with Cyber Security Engineers based on TI feeds.

Professional&Education Background

University degree in Computer Science, Engineering, or related field (a major in security is an asset).

Minimum 3 years of professional experience in cyber security.

Security certifications (CISSP, CCSP, SANS GIAC, CEH, Security+ and/or Offensive Security) are a strong asset.

Experience working in an international and multicultural environment.

Desired Profile&Skills

Excellent knowledge of information security standards, frameworks and best practices (NIST, ISO, SANS, etc.).

Excellent knowledge of enterprise security architecture and engineering.

Excellent knowledge of common desktop and server OS, container technology, databases and network administration/management.

Excellent knowledge of OSI network stack including major IPv4/IPv6 protocols using TCP/UDP including SMTP, HTTP, DNS, SNMP, LDAP, etc.

Proficiency in one or more scripting languages; Python and/or PowerShell/PowerShell Core is an asset.

Expertise with core FOSS tools (e.g., tcpdump, Wireshark).

Ability to manage workflows within dedicated case management and common service management tooling.

Solid integrity, sound judgement and a clear understanding of the cyber security organization and the wider ICRC mission.

Fluency in English is required; French is an asset.

Additional Information

Location: Geneva

Type of contract: Open‑ended

Activity rate: 100%

Start date: July/August 2026

Important information For future employees and their dependents who are not EU and/or EFTA nationals, settling in Switzerland is now required. Direct settlement in France upon arrival is no longer possible.

EEO Statement The ICRC values diversity and is committed to creating an inclusive working environment. We welcome applications from all qualified candidates.

#J-18808-Ljbffr