11 months
08/01/2026 - 31/12/2026 Vlaams-Brabant, Belgium
Requirements
Roles
  • IT Security Engineer Medior
Languages
  • English Full professional proficiency
  • French Full professional proficiency
Skills
  • Cyber Security Expert
  • Microsoft SCCM Expert
  • Citrix Intermediate
  • Linux Intermediate
  • Windows Server Advanced
  • VMWARE Advanced
Description

Cybersecurity Implementers – Infrastructure (DevSecOps Engineers)

As part of the effort to secure and upgrade its infrastructure, the Information and Systems Department of Cliniques universitaires Saint-Luc aims to implement a DevSecOps approach. This strategy integrates security risk management, compliance, and patch management from the design and deployment stages of infrastructure, through:

  • Automated patch management system within a virtualized datacenter (VMware and/or Xen, Citrix)
  • Secure onboarding of new systems using predefined security standards (Baselines, STIGs), preparing systems for network authorization (cf. RMF), ensuring critical infrastructures are hardened, segmented, and protected
  • Protection against technical threats and vulnerabilities
  • Documentation of processes and activity tracking

Technical Scope

  • Physical and virtual servers
  • Hypervisors
  • Operating systems (Windows, Linux, Citrix, Xen, VMware, Kubernetes)
  • Cloud environments and IaaS/PaaS platforms
  • Storage, backups, virtualization platforms

Reference Frameworks

  • CyFun2025, NIS2, ENISA ECSF, ISO/IEC 27001/27002, NIST CSF 2.0
  • NIST CSF 2.0 functions covered: PROTECT (main), DETECT, RESPOND (partial)

Main Missions

Patch Management, OS Hardening, and Security Lifecycle

  • Implement, manage, and secure patch management, hardening, and compliance systems
  • OS hardening (CIS, ANSSI, vendor guides)
  • Host firewall and local rules
  • Disk and volume encryption
  • Analyze, design, implement, and maintain authorized software changes via distribution and control tools
  • Automate VM onboarding and patching via secure pipelines and templates
  • Provide specialized expertise for deployment, installation, and maintenance of system software (OS)
  • Respond rapidly to critical security updates, deploy them under rapid intervention protocols, and provide activity reports
  • Manage patching for heterogeneous IT systems (see scope)
  • Assist the team to ensure systems remain operational after patching and contribute to CAB system ticketing and decision-making
  • Integrate patch and update management with strict change control systems
  • Document via SOPs, procedures, and audit evidence
  • Set up operational test and validation environments
  • Identify, analyze, and resolve the backlog of unpatched servers
  • Manage constraints related to legacy systems (compatibility, risks, exceptions)
  • Implement rollback and automatic remediation mechanisms
  • Apply validated compensatory measures
  • Provide technical elements for vulnerability prioritization
  • Define and apply security baselines for Windows and Linux systems
  • Integrate security requirements from the installation of new VMs
  • Implement and maintain Baseline and/or STIG (Security Technical Implementation Guides) or equivalents
  • Ensure new VMs comply with security and hardening standards
  • Set up mechanisms for control and remediation of security gaps
  • Collaborate closely with infrastructure and application development teams as part of the security team

Technical Environments

  • Systems: Windows Server / Linux
  • Virtualization: VMware, Xen/Citrix, Docker, Kubernetes
  • On-premise datacenter
  • Possible tools: WSUS, SCCM, third-party patch management tools, Ansible, PowerShell, Bash, hardening and compliance tools (GPO, SCAP, STIG, CIS baselines)

Profile

We are seeking 2 engineers with the following qualifications :

  • A degree from a recognized university in a relevant discipline and five years of relevant professional experience are required. Exceptionally, the absence of a university degree may be compensated by demonstrating at least ten years of progressive and in-depth expertise in a similar role.
  • Strong practical experience in designing, developing, implementing, testing, and maintaining patch management, orchestration, configuration, and change management tools based on the latest Microsoft and Linux versions.
  • Proven ability to work under pressure – managing emergency situations related to urgent security updates on critical infrastructures.
  • Experience in all aspects of the information systems lifecycle to ensure effective system development and deployment
  • Expertise in designing and architecting automated patch systems
  • Expertise in Windows and/or Linux system administration
  • Solid experience in patch management and hardening
  • Mastery of security baselines and STIG
  • Good knowledge of virtualized environments
  • Experience with legacy systems
  • Skills in automation and scripting

Methodological Skills

  • Ability to design processes from scratch
  • Rigor, organizational skills, and prioritization
  • Strong writing and documentation skills
  • Autonomy and security-oriented analytical mindset
  • Ability to interact with business stakeholders
  • Work in a high-availability environment

Desired Profile

  • Experienced systems engineer / administrator
  • Strong sensitivity to security and compliance issues
  • Comfortable with technical debt, upgrades, and standardization contexts

Working Schedule

We are offering full-time positions working on-premise. Once mutual confidence levels are established, a maximum of 2 days per week of remote working can be authorized.