Information and Communications Technology (ICT) Officer (Cloud SecOps Engineer) (P)
Role details
Job location
Tech stack
Job description
The ICT Officer (Cloud SecOps Engineer) will lead own and evolve the cloud security architecture and operations for IOM. The role ensures the security, integrity, and compliance of IOM's cloud infrastructure (primarily Azure, with multi-cloud awareness). This role focuses on threat detection, incident response, security automation, and hardening of cloud environments supporting IOM global offices.
The ICT Officer (Cloud SecOps Engineer) will collaborate closely with development, operations, and information security teams to identify and analyse vulnerabilities, support the DevOps colleagues in the resolution or mitigation of these vulnerabilities, enforce compliance, and foster a culture of security awareness within the organization.
Under the overall supervision of the Chief Technology Officer and the direct supervision of Senior ICT Officer (Cloud Services), the ICT Officer (Cloud SecOps Engineer) will be responsible for the cloud infrastructure operations.
RESPONSIBILITIES SECURITY MONITORING & INCIDENT MANAGEMENT
- Implement 24/7 monitoring using Microsoft Sentinel, Defender for Cloud, and Azure Monitor.
- Implement, monitor, and maintain data loss prevention (DLP) strategies and controls across cloud environments to safeguard sensitive data against unauthorized access, leakage, and exfiltration.
- Investigate AND remediate security incidents (breaches, malware, DDoS) with root-cause analysis.
- Define incident detection and incident management workflows and playbooks for cloud environments and collaborate with CSIRT teams.
IDENTITY & ACCESS MANAGEMENT (IAM)
- In coordination with the Identity and Access management team, enforce Zero Trust via Azure AD Conditional Access, PIM, and RBAC.
- Audit service principals, role assignments, and privileged access.
COMPLIANCE & VULNERABILITY MANAGEMENT
- Ensure compliance with relevant security regulations and standards such as GDPR, ISO 27001, NIST, CIS Benchmarks in cloud environments and attain baseline with Azure Security Benchmark.
- Conduct vulnerability scans (Defender for Cloud, Tenable) and patch management.
- Automate compliance checks using Azure Policy and Blueprints.
- Implement security checks into CI/CD pipelines, ensuring compliance with industry standards.
DEVSECOPS INTEGRATION
- Embed security into CI/CD pipelines (Azure DevOps, GitHub Actions).
- Scan IaC templates (Terraform, Bicep, ARM) for misconfigurations.
THREAT HUNTING & AUTOMATION
- Proactively identify and investigate potential threats within the cloud environment.
- Develop KQL queries in Sentinel for proactive threat detection.
- Automate responses using Azure Logic Apps and Functions.
COLLABORATION & SUPPORT
- Work with other teams (e.g., cloud operations, development, information security) to implement and maintain cloud security.
- Train teams on cloud security best practices.
- Coordinate with infosec to ensure completeness of security policies, procedures, and incident reports.
- Provide technical expertise and guidance to team members on cloud and SecOps practices.
- Collaborate on optimizing cloud spending and implementing cost-saving measures., * Perform such other duties as may be assigned., * Integrity and transparency : Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
- Professionalism : Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.
- Courage : Demonstrates willingness to take a stand on issues of importance.
- Empathy : Shows compassion for others, makes people feel safe, respected and fairly treated.
Core Competencies - behavioural indicators
- Teamwork : Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
- Delivering results : Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.
- Managing and sharing knowledge : Continuously seeks to learn, share knowledge and innovate.
- Accountability : Takes ownership for achieving the Organization's priorities and assumes responsibility for own actions and delegated work.
- Communication : Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.
Requirements
Do you have experience in Web services?, Do you have a Master's degree?, * Master's degree in Cybersecurity, Computer Engineering, Computer Science, or a related field from an accredited academic institution with five years of relevant professional experience; or,
- University degree in the above fields with seven years of relevant professional experience.
- The following certifications are required.
- Microsoft Certified: Azuree Security Engineer Associate;
- Microsoft Certified: Azure Fundamentals;
- Must have or attain within 6 months and maintain ITIL version 4 Foundation certification and Certified Cloud Security Professional CSSP;
- Certified Information Systems Security Professional Certification is an advantage; and
- AWS Certified Security Specialist is an added advantage.
Accredited Universities are those listed in the UNESCO World Higher Education Database.
Experience
- A minimum of 5 years of experience in Cloud SecOps engineering;
- Strong and hands-on experience with Azure services especially Microsoft Sentinel, Defender for Cloud, Key Vault, Azure Firewall;
- Proven experience managing cloud infrastructure in AWS and Azure environments through automation. Having GCP experience is a plus;
- Expertise in Infrastructure-as-Code tools (Terraform, CloudFormation, or Ansible);
- Hands-on experience with CI/CD tools like Jenkins, GitHub Actions, and Azure DevOps;
- Proficiency in scripting and programming languages (e.g., Python, Bash, or PowerShell);
- Strong knowledge of containerization technologies like Docker and orchestration platforms such as Kubernetes;
- Familiarity with monitoring tools (e.g., LogicMonitor, Prometheus, or CloudWatch);
- Solid understanding of security best practices, including access management and vulnerability mitigation; and,
- Effective problem-solving skills and the ability to work in a collaborative, team-oriented environment., * Demonstrated experience in setting up security controls in cloud environments, Azure (primary), AWS (secondary), Oracle Fusion (desired);
- Strong understanding of the following frameworks, NISTCSF, MITRE ATT&CK, ITIL/ITSM;
- Knowledge of cloud security fundamentals, programming languages like Python, C++, and JAVA, web services and APIs, DevOps and containerization, and networking and internet protocols;
- Knowledge of Cloud Platforms: AWS, Azure; Oracle Fusion and added advantage;
- Proven ability in the use of IaC Tools: Terraform, CloudFormation, Ansible;
- Knowledge of CI/CD Tools: Jenkins, GitLab CI/CD, GitHub Actions;
- Security & Compliance: Azure AD, VPN, VPC, encryption standards;
- Deep understanding in Networking: DNS, VPN, Load Balancers, Kubernetes (EKS, AKS, GKE);
- Demonstrated knowledge in scripting: PowerShhell, Python, KQL, and Azure Policy;
- Project management skills for efficient roll-out of ICT initiatives;
- Demonstrated ability to handle confidential data in a professional, responsible and mature manner; and,
- Familiarity with global IT security trends and the ability to adapt NIST standards to evolving security threats and technologies.
Languages
IOM's official languages are English, French, and Spanish. All staff members are required to be fluent in one of the three languages.
For this position, fluency in English is required (oral and written). Working knowledge of an official UN language (Arabic, Chinese, French, Russian, and Spanish) is an advantage.
Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments.
Required Competencies
IOM's competency framework can be found at this link . Competencies will be assessed during the selection process.
