Senior Platform and Cloud Specialist - Solution Engineering

Hardship Level

H (no hardship)

Family Type

Family

Family Type

Family

Residential location (if applicable)

Grade

PR4

Staff Member / Affiliate Type

Professional

Reason

Regular > Regular Assignment

Target Start Date

2025-07-23

Deadline for Applications

August 8, 2025

Standard Job Description

Senior Platform and Cloud Specialist

Organizational Setting and Work Relationships

The incumbent is UNHCR’s expert on IT Platform & Cloud who will design technical solutions to meet UNHCR’s requirements and be cost-effective, well-maintained, and align with the technical direction of the organization.

The post is in the IT Operations Section reporting directly to the Chief of IT Operations Section. Currently, there are no direct supervisory responsibilities for this post.

The incumbent is expected to interact laterally with the team’s technical experts to ensure that the platform & cloud solutions s/he designs and implements adhere to the relevant technical standards. As a key member of the ITS team, constant engagement with the other stakeholders, including Business Relationship Management, CISO’s Office, Security Operations and Customer Support will be part of the daily role. Another key aspect of the role will be oversight of platform & cloud related solution development, implementation, and support as carried out by Managed Service Providers is key to the role. Similarly, engagement with stakeholders on the Business side [non-ITS] will be critical to ensure a clear understanding of requirements. Finally, the incumbent will also need to maintain close working relationships with technology vendors who provide and support the organization’s platform & cloud infrastructure.

All UNHCR staff members are accountable to perform their duties as reflected in their job description. They do so within their delegated authorities, in line with the regulatory framework of UNHCR which includes the UN Charter, UN Staff Regulations and Rules, UNHCR Policies and Administrative Instructions as well as relevant accountability frameworks. In addition, staff members are required to discharge their responsibilities in a manner consistent with the core, functional, cross-functional and managerial competencies and UNHCR’s core values of professionalism, integrity and respect for diversity.

Duties

• Act as the organization’s expert advisor on platform and cloud services, designing the related solutions that meet the dynamic needs of the organization in simple, secure, cost-effective ways.

• Develop and maintain platform and cloud hosting related policies, procedures, guidelines, and standards that are relevant to UNHCR’s technical landscape, educating and enabling both technical and business colleagues on their importance and implementation.

• Promote security-centric approaches to platform & cloud solution development and the adoption of relevant DevSecOps best-practices by developers and administrators.

• Ensure that solution development and changes to existing solutions include security analysis and plans for data-protection.

• Develop and maintain cloud hosting frameworks that are specific to the major cloud vendors and observe well-architected cloud environment best practices in the areas of security, reliability, performance, operations and cost-optimization.

• Develop technical roadmaps that are aligned with both business requirements and the strategic technical direction of UNHCR; promote secure cloud adoption through standardization on key components and practices.

• Work with technical and business colleagues to understand and document explicit and implicit requirements related to platform and cloud hosting.

• Validate requirements with development partners and technology vendors to ensure completeness and technical feasibility.

• Ensure requirements for initial solution development and subsequent changes are clearly documented and maintained over time.

• Prepare or assist in the preparation of comprehensive estimates for the development, licensing and ongoing support of all solutions.

• Work with development partners to enforce adherence to development frameworks and secure code repositories and other development standards.

• Develop or oversee the development of test plans to comprehensively test all required features of the solution; ensure test plans are successfully completed before releasing new solutions to production.

• Plan for and facilitate periodic penetration testing of infrastructure components and applications.

• Plan for and carry-out periodic reviews of cloud environments for technical-relevance and cost-optimization.

• Ensure that adequate measures/solutions are in place for intrusion prevention and detection, denial of service mitigation, firewalling and encryption.

• Include maintenance and support aspects in the design of all related solution; work with Service Delivery Managers to ensure support requirements are well understood and correctly implemented.

• Assist technical support groups in return-to-green efforts during major incidents.

• Support the SOC (Security Operations Centre) in establishing monitoring capabilities, baselines, responses, vulnerability scans, intelligence and coordination appropriate for each new solution.

• Review all submissions to the Architecture Review Board (ARB) for adherence to sound cybersecurity and cloud-hosting principles; assist the ARB in understanding potential shortcomings and suggest remediation measures.

• Ensure that UNHCR’s Project-Management Life Cycle (PMLC) is understood by our technical partners and followed for all cybersecurity and cloud related projects.

• Maintain up-to-date expertise, technical and procedural, in the fields of platform and cloud-hosting.

• Lead risk assessments and discussions with team(s) to proactively manage risks and seize opportunities impacting objectives. Ensure that risk management principles are integrated in decision-making both at strategic and operational levels. Allocate resources for planned treatments with resource requirements in Strategic Plans. Ensure that risks are managed to acceptable levels and escalate, as needed. If a Risk Owner, designate the Risk Focal Point and certify that the annual risk review is completed and ensure that the risk register is updated during the year, as needed.

• Perform other related duties as required.

Minimum Qualifications

Years of Experience / Degree Level

For P4 - 9 years relevant experience with Undergraduate degree; or 8 years relevant experience with Graduate degree; or 7 years relevant experience with Doctorate degree

Field(s) of Education

Computer Engineering                                    Computer Science                           Data Science

Electric Engineering                                        Engineering                                      Information and Communication Technology

Information Systems                                      Information Technology                Telecommunication

or other relevant field.

Certificates and/or Licenses

ITIL V3 Foundation Level                                Microsoft Tech Specialist                 Windows Server

Information Technology                                  MS Certified Technology Spec         MS Certified Solutions Expert

Six Sigma                                                        Computer Science

(Certificates and Licenses marked with an asterisk* are essential)

Relevant Job Experience

Essential

University degree in Computer Science, Information Technology or related field (see Education Fields above).

At least 9 years (7 years with advanced university degree) of experience in information technology, of which 7 should be in designing and implementing cybersecurity-related solutions or hosting solutions.

Demonstrated experience driving technology solutions from design to implementation, leveraging cross-functional teams comprised of staff, vendors, system integrators, outsourced partners, and contractors across multiple locations.

Proven success in designing and maintaining platform & cloud architecture blueprints for large organizations.

Strong familiarity with IDS/IPS solutions, and XDR solutions, with extensive hands-on experience conducting threat investigations using the Sophos XDR platform (formerly Secureworks Taegis).

Experience investigating security incidents, reviewing telemetry data, and performing root cause analysis in Taegis is required.

DDoS mitigation measures, firewall and WAF technologies, proxying systems and malware management solutions.

Strong familiarity with public cloud technologies, especially AWS and Azure, including cost-optimizations measures on both clouds, with proven track record in implementing FinOps practices including rightsizing EC2 instances, leveraging Savings Plans/Reserved Instances, and establishing custom cost allocation tags while maintaining CloudWatch/Azure Monitor cost anomaly detection.

Proven ability to design large, enterprise-grade platform infrastructure in a 24/7, "real-time" environment.

Broad knowledge of Microsoft Enterprise products, technologies and services

Deep knowledge of claims-based identity, Active Directory, Open ID Connect, OAuth 2.0 protocol, Windows Server, and Linux OS, deep expertise implementing FIDO2-compliant WebAuthn authentication flows with RPIDs, including handling attestationConveyancePreference and authenticatorAttachment parameters for cross-platform Passkeys, CBOR encoding, and managing Relying Party operations handling AuthenticatorAssertionResponse verification.

Experience with large Wide Area Networks composed of high-latency, low-bandwidth connections, such as VSAT solutions.

Experience with complex application and data integrations between SaaS applications and on-premise. applications, and cloud-to-cloud integration.

Strong familiarity with the IT Software Development Life Cycle (SDLC) including Agile, Kanban, and knowledge of ITIL processes.

Experience with automated testing tools and techniques, including oversight of test plans and test matrices, project plans and scope and design documents.

Proven ability to document business and functional requirements using industry standard and generally accepted modelling methods using standard tools.

Experience working with outsourced providers in delivering services based on service level agreements.

Experience resolving problems, responding to and completing audit recommendations and actions.

Strong verbal communications and executive-level presentation skills.

Fluent written and spoken English.

Desirable

Knowledge of systems and processes within UNHCR, especially WAN and Refugee Systems technologies.

Experience with Microsoft Dynamics and Biometrics applications.

Familiarity with UNHCR’s Data Protection Policy and related GDPR concepts.

Security Certifications, such as (ISC)2, ISACA, AWS or Azure.

ITIL v3 certifications.

Relevant AWS and Microsoft Architect Certifications.

Advanced university degree in ICT or engineering.

Functional Skills

*IT-IT Cloud Hosting Services

*IT-Computer Literacy

*IT-IT Surveillance Monitoring Systems

*IT-IT Systems and Standards

*IT-IT Solution Engineering

*IT-Microsoft Server Technology

*IT-Web Server Technology

*IT-IT Directory Services

*IT-Wide Area Networks (WAN)

*IT-IT Security Management

*IT-IT Unix/Linux Server Technology

*IT-IT Workstation Operating Systems (OS)

*IT-IT Support IT-Business Analysis (BA)

IT-IT Report & Dashboard Design & Creation

IT-IT Refugee Systems & Applications

IT-IT Network Monitoring & Alerting Tools

IT-IT Technical Troubleshooting

IT-IT Satellite Communications (VSAT)

IT-Local Area Networks (LAN)

IT-IT Wireless Communications Technology

IT-Customer Relationship Management (CRM) Software

IT-Biometrics

IT-IT Service Delivery Management

IT-Enterprise Resource Planning (ERP)

IT-IT Applications Development Lifecycle Methodology

IT-IT Application Development

IT-IT Project, Program or Portfolio Management

IT-Web Application Development

IT-IT Application Release & Test Management

IT-IT Open Source Software or Application Development

IT-IT Risk Management

IT-IT Operations Management

(Functional Skills marked with an asterisk* are essential)

Language Requirements

For International Professional and Field Service jobs: Knowledge of English and UN working language of the duty station if not English.

For National Professional jobs: Knowledge of English and UN working language of the duty station if not English and local language.

For General Service jobs: Knowledge of English and/or UN working language of the duty station if not English.

Competency Requirements

All jobs at UNHCR require six core competencies and may also require managerial competencies and/or cross-functional competencies. The six core competencies are listed below.

Core Competencies

Accountability

Communication

Organizational Awareness

Teamwork & Collaboration

Commitment to Continuous Learning

Client & Result Orientation

Managerial Competencies

Empowering and Building Trust

Judgement and Decision Making

Strategic Planning and Vision

Cross-Functional Competencies

Innovation and Creativity

Technological Awareness

Change Capability and Adaptability

All UNHCR workforce members must individually and collectively, contribute towards a working environment where each person feels safe, and empowered to perform their duties. This includes by demonstrating no tolerance for sexual exploitation and abuse, harassment including sexual harassment, sexism, gender inequality, discrimination, and abuse of power.

As individuals and as managers, all must be proactive in preventing and responding to inappropriate conduct, support ongoing dialogue on these matters and speaking up and seeking guidance and support from relevant UNHCR resources when these issues arise.

Desired Candidate Profile

For this essential position within the IT Division (DIST)/future Service (ITS), UNHCR requires a skilled senior solution engineer who can liaise with multiple stakeholders: senior leaders and colleagues across the IT disciplines, but also business partners in other Divisions, external technical colleagues, as well as a diverse end user community. S/he must have a deep understanding of cybersecurity and cloud technologies (threat modeling, secure cloud architecture, compliance frameworks, identity and access management, etc.) to design secure, robust, and cost-efficient systems, ensure the optimal cloud architectures are selected and implemented for the solutions in question, and drive innovative, state of the art security solutions and cloud-based architectures.


Furthermore, the candidate must be able to demonstrate abilities and proven experience in:

- Acting as the go-to authority on platform and cloud services, architecting streamlined, secure, and budget-friendly solutions that adapt to evolving organizational demands and align with UNHCR's IT strategy.
- Creating and refining tailored policies, procedures, and best practices for cloud and platform operations, while training technical and business teams on their effective application.
- Championing security-first methodologies in solution design, including the integration of DevSecOps practices to enhance development and administrative processes.
- Formulating specialized frameworks for major cloud providers like AWS and Azure, emphasizing best practices in security, performance, reliability, operational efficiency, and cost management.
- Crafting forward-looking roadmaps for cloud and platform initiatives that harmonize business needs with strategic IT goals, while advocating for standardized, secure adoption practices.
- Partnering with internal teams and external vendors to identify, document, and confirm requirements for cloud solutions, guaranteeing their viability and thoroughness.
- Overseeing the enforcement of secure development protocols, including comprehensive testing strategies to validate all solution features prior to deployment.
- Coordinating regular security assessments, such as penetration testing and environment reviews, to optimize costs and maintain technical relevance.
- Leading risk evaluations for platform and cloud projects, incorporating proactive strategies to address threats, optimize opportunities, and ensure alignment with organizational objectives.

Required languages (expected Overall ability is at least B2 level):

,

,

Desired languages

,

,

Operational context

Occupational Safety and Health Considerations:

To view occupational safety and health considerations for this duty station, please visit this link:

https://wwwnc.cdc.gov/travel

Nature of Position

Reporting relationships

The role does not currently foresee direct reports. However, the incumbent will be expected to provide oversight and direction to vendors, consultants or managed services providers.

Additional duties

• Design robust solutions using modern development practices and tools including Azure DevOps, CI/CD, and GitHub

• Implement hybrid cloud/on-premises solutions supporting DIST's cloud-first strategy, with focus on Azure Express Route and Azure Firewall

• Monitor and analyse cloud costs, provide strategic advice, and deliver meaningful cost reports to administrative units

• Stay current with platform and cloud technologies including Azure Security Centre, Azure Defender, AWS Lighthouse, Serverless Functions, and Kubernetes

• Attend key technical conferences (virtual/physical) such as AWS re:Invent or Microsoft Ignite as required

Living and Working Conditions:

Copenhagen is a category H duty station with all modern facilities available.

Additional Qualifications

Skills

Education

Bachelor of Arts: Computer Engineering, Bachelor of Arts: Computer Science, Bachelor of Arts: Data Science, Bachelor of Arts: Electric Engineering, Bachelor of Arts: Engineering, Bachelor of Arts: Information and Communication Technology, Bachelor of Arts: Information Systems, Bachelor of Arts: Information Technology, Bachelor of Arts: Telecommunication

Certifications

Computer Science - Other, Information Technology - Other, ITIL Certification - Foundation Level - AXELOS Ltd, Microsoft Certified Solutions Expert - Microsoft, Microsoft Certified Technology Specialist - Microsoft, Microsoft Tech Specialist - Microsoft, Six Sigma - Other, Windows Server - Microsoft

Work Experience

Workforce to Supervise

Competencies

Accountability, Change capability & adaptability, Client & results orientation, Commitment to continuous learning, Communication, Empowering & building trust, Innovation & creativity, Judgement & decision making, Organizational awareness, Strategic planning & visions, Teamwork & collaboration, Technological awareness

UNHCR Salary Calculator

https://icsc.un.org/Home/SalaryScales

Compendium

Add. 2 to the Bi-Annual 2025 Compendium - Part B

Additional Information

Functional clearance

This position doesn't require a functional clearance