Information and Communication Technology (ICT) Officer (Cloud SecOps Engineer) (P)

Job Identification (Reference Number): 15447
Position Title: Information and Communication Technology (ICT) Officer (Coud SecOps Engineer) (P)
Duty Station City: Valencia
Duty Station Country: Spain
Grade: UG
Contract Type: Special Short term ungraded (Up to 9 months)
Recruiting Type: Professional
Vacancy Type: Call for Applications
Initial duration: 9 months
Closing date: 22 July 2025

Introduction

Established in 1951, IOM is a Related Organization of the United Nations, and as the leading UN agency in the field of migration, works closely with governmental, intergovernmental and non-governmental partners. IOM is dedicated to promoting humane and orderly migration for the benefit of all. It does so by providing services and advice to governments and migrants.

IOM is committed to ensuring a workplace where all employees can thrive professionally, while working towards harnessing the full potential of migration. Read more about IOM's workplace culture at IOM workplace culture | International Organization for Migration

Internal and external candidates will be considered for this vacancy. For the purposes of this vacancy, internal candidates are defined as staff members holding a regular, fixed-term or short-term graded or ungraded contract, including Junior Professional Officers (JPOs), staff on Special Leave Without Pay (SLWOP), and staff members on secondment/loan released by the Organization, unless otherwise specified in their contract. Staff members holding a regular, fixed-term or short-term graded contract will not retain their contract type if appointed to an ungraded position.

Context

The ICT Officer (Cloud SecOps Engineer) will lead own and evolve the cloud security architecture and operations for IOM. The role ensures the security, integrity, and compliance of IOM’s cloud infrastructure (primarily Azure, with multi-cloud awareness). This role focuses on threat detection, incident response, security automation, and hardening of cloud environments supporting IOM global offices.

The ICT Officer (Cloud SecOps Engineer) will collaborate closely with development, operations, and information security teams to identify and analyse vulnerabilities, support the DevOps colleagues in the resolution or mitigation of these vulnerabilities, enforce compliance, and foster a culture of security awareness within the organization.

Under the overall supervision of the Chief Technology Officer and the direct supervision of Senior ICT Officer (Cloud Services), the ICT Officer (Cloud SecOps Engineer) will be responsible for the cloud infrastructure operations.

SECURITY MONITORING & INCIDENT MANAGEMENT

• Implement 24/7 monitoring using Microsoft Sentinel, Defender for Cloud, and Azure Monitor.
• Implement, monitor, and maintain data loss prevention (DLP) strategies and controls across cloud environments to safeguard sensitive data against unauthorized access, leakage, and exfiltration.
• Investigate AND remediate security incidents (breaches, malware, DDoS) with root-cause analysis.
• Define incident detection and incident management workflows and playbooks for cloud environments and collaborate with CSIRT teams.

IDENTITY & ACCESS MANAGEMENT (IAM)

• In coordination with the Identity and Access management team, enforce Zero Trust via Azure AD Conditional Access, PIM, and RBAC.
• Audit service principals, role assignments, and privileged access.

COMPLIANCE & VULNERABILITY MANAGEMENT

• Ensure compliance with relevant security regulations and standards such as GDPR, ISO 27001, NIST, CIS Benchmarks in cloud environments and attain baseline with Azure Security Benchmark.
• Conduct vulnerability scans (Defender for Cloud, Tenable) and patch management.
• Automate compliance checks using Azure Policy and Blueprints.
• Implement security checks into CI/CD pipelines, ensuring compliance with industry standards.

DEVSECOPS INTEGRATION

• Embed security into CI/CD pipelines (Azure DevOps, GitHub Actions).
• Scan IaC templates (Terraform, Bicep, ARM) for misconfigurations.

THREAT HUNTING & AUTOMATION

• Proactively identify and investigate potential threats within the cloud environment.
• Develop KQL queries in Sentinel for proactive threat detection.
• Automate responses using Azure Logic Apps and Functions.

COLLABORATION & SUPPORT

• Work with other teams (e.g., cloud operations, development, information security) to implement and maintain cloud security. 
• Train teams on cloud security best practices.
• Coordinate with infosec to ensure completeness of security policies, procedures, and incident reports.
• Provide technical expertise and guidance to team members on cloud and SecOps practices.
• Collaborate on optimizing cloud spending and implementing cost-saving measures.

ADDITIONAL RESPONSIBILITIES 

• Perform such other duties as may be assigned.

Education

• Master’s degree in Cybersecurity, Computer Engineering, Computer Science, or a related field from an accredited academic institution with five years of relevant professional experience; or,
• University degree in the above fields with seven years of relevant professional experience.
• The following certifications are required.
  • Microsoft Certified: Azuree Security Engineer Associate;
  • Microsoft Certified: Azure Fundamentals;
  • Must have or attain within 6 months and maintain ITIL version 4 Foundation certification and Certified Cloud Security Professional CSSP;
  • Certified Information Systems Security Professional Certification is an advantage; and
  • AWS Certified Security Specialist is an added advantage.

Accredited Universities are those listed in the UNESCO World Higher Education Database.

Experience

• A minimum of 5 years of experience in Cloud SecOps engineering;
• Strong and hands-on experience with Azure services especially Microsoft Sentinel, Defender for Cloud, Key Vault, Azure Firewall;
• Proven experience managing cloud infrastructure in AWS and Azure environments through automation. Having GCP experience is a plus;
• Expertise in Infrastructure-as-Code tools (Terraform, CloudFormation, or Ansible);
• Hands-on experience with CI/CD tools like Jenkins, GitHub Actions, and Azure DevOps;
• Proficiency in scripting and programming languages (e.g., Python, Bash, or PowerShell);
• Strong knowledge of containerization technologies like Docker and orchestration platforms such as Kubernetes;
• Familiarity with monitoring tools (e.g., LogicMonitor, Prometheus, or CloudWatch);
• Solid understanding of security best practices, including access management and vulnerability mitigation; and,
• Effective problem-solving skills and the ability to work in a collaborative, team-oriented environment.

Skills

• Demonstrated experience in setting up security controls in cloud environments, Azure (primary), AWS (secondary), Oracle Fusion (desired);
• Strong understanding of the following frameworks, NISTCSF, MITRE ATT&CK, ITIL/ITSM;
• Knowledge of cloud security fundamentals, programming languages like Python, C++, and JAVA, web services and APIs, DevOps and containerization, and networking and internet protocols;
• Knowledge of Cloud Platforms: AWS, Azure; Oracle Fusion and added advantage;
• Proven ability in the use of IaC Tools: Terraform, CloudFormation, Ansible;
• Knowledge of CI/CD Tools: Jenkins, GitLab CI/CD, GitHub Actions;
• Security & Compliance: Azure AD, VPN, VPC, encryption standards;
• Deep understanding in Networking: DNS, VPN, Load Balancers, Kubernetes (EKS, AKS, GKE);
• Demonstrated knowledge in scripting: PowerShhell, Python, KQL, and Azure Policy;
• Project management skills for efficient roll-out of ICT initiatives;
• Demonstrated ability to handle confidential data in a professional, responsible and mature manner; and,
• Familiarity with global IT security trends and the ability to adapt NIST standards to evolving security threats and technologies.

Languages

IOM’s official languages are English, French, and Spanish. All staff members are required to be fluent in one of the three languages.

For this position, fluency in English is required (oral and written). Working knowledge of an official UN language (Arabic, Chinese, French, Russian, and Spanish) is an advantage.

Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments.

Required Competencies

IOM’s competency framework can be found at this link. Competencies will be assessed during the selection process.

Values - all IOM staff members must abide by and demonstrate these five values:

• Inclusion and respect for diversity: Respects and promotes individual and cultural differences. Encourages diversity and inclusion.
• Integrity and transparency: Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
• Professionalism: Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.
• Courage: Demonstrates willingness to take a stand on issues of importance.
• Empathy: Shows compassion for others, makes people feel safe, respected and fairly treated.

Core Competencies – behavioural indicators 

• Teamwork: Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
• Delivering results: Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.
• Managing and sharing knowledge: Continuously seeks to learn, share knowledge and innovate.
• Accountability: Takes ownership for achieving the Organization’s priorities and assumes responsibility for own actions and delegated work.
• Communication: Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.

Notes

Internationally recruited professional staff are required to be mobile.

Any offer made to the candidate in relation to this vacancy notice is subject to funding confirmation.

For this staff category, candidates who are nationals of the duty station's country cannot be considered eligible.

Appointment will be subject to certification that the candidate is medically fit for appointment, accreditation, any residency or visa requirements, security clearances.

Vacancies close at 23:59 local time Geneva, Switzerland on the respective closing date. No late applications will be accepted.

IOM has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and IOM, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination based on gender, nationality, age, race, sexual orientation, religious or ethnic background or disabilities.

IOM does not charge a fee at any stage of its recruitment process (application, interview, processing, training or other fee). IOM does not request any information related to bank accounts.

IOM only accepts duly completed applications submitted through the IOM e-Recruitment system (for internal candidates link here). The online tool also allows candidates to track the status of their application.

Only shortlisted candidates will be contacted.

For further information and other job postings, you are welcome to visit our website: IOM Careers and Job Vacancies