EngiFlex
About the job DevSecOps Engineer (Freelance possible)
As part of the effort to secure and upgrade its infrastructure, our client in healthcare aims to implement a DevSecOps approach. This strategy integrates security risk management, compliance, and patch management from the design and deployment stages of infrastructure, through:
Automated patch management system
within a virtualized datacenter (VMware and/or Xen, Citrix)
Secure onboarding of new systems
using predefined security standards (Baselines, STIGs), preparing systems for network authorization (cf. RMF), ensuring critical infrastructures are hardened, segmented, and protected
Protection against technical threats and vulnerabilities
Documentation of processes and activity tracking
Technical Scope
Physical and virtual servers
Hypervisors
Operating systems (Windows, Linux, Citrix, Xen, VMware, Kubernetes)
Cloud environments and IaaS/PaaS platforms
Storage, backups, virtualization platforms
Reference Frameworks
CyFun2025, NIS2, ENISA ECSF, ISO/IEC 27001/27002, NIST CSF 2.0
NIST CSF 2.0 functions covered: PROTECT (main), DETECT, RESPOND (partial)
Main Mission
Implement, manage, and secure patch management, hardening, and compliance systems
OS hardening (CIS, ANSSI, vendor guides)
Host firewall and local rules
Disk and volume encryption
Analyze, design, implement, and maintain authorized software changes via distribution and control tools
Automate VM onboarding and patching via secure pipelines and templates
Provide specialized expertise for deployment, installation, and maintenance of system software (OS)
Respond rapidly to critical security updates, deploy them under rapid intervention protocols, and provide activity reports
Manage patching for heterogeneous IT systems (see scope)
Assist the team to ensure systems remain operational after patching and contribute to CAB system ticketing and decision-making
Integrate patch and update management with strict change control systems
Document via SOPs, procedures, and audit evidence
Set up operational test and validation environments
Identify, analyze, and resolve the backlog of unpatched servers
Manage constraints related to legacy systems (compatibility, risks, exceptions)
Implement rollback and automatic remediation mechanisms
Apply validated compensatory measures
Provide technical elements for vulnerability prioritization
Define and apply security baselines for Windows and Linux systems
Integrate security requirements from the installation of new VMs
Implement and maintain Baseline and/or STIG (Security Technical Implementation Guides) or equivalents
Ensure new VMs comply with security and hardening standards
Set up mechanisms for control and remediation of security gaps
Collaborate closely with infrastructure and application development teams as part of the security team
Technical Environments
Systems: Windows Server / Linux
Virtualization: VMware, Xen/Citrix, Docker, Kubernetes
On‑premise datacenter
Possible tools: WSUS, SCCM, third‑party patch management tools, Ansible, PowerShell, Bash, hardening and compliance tools (GPO, SCAP, STIG, CIS baselines)
Profile
A degree from a recognized university in a relevant discipline and five years of relevant professional experience are required. Exceptionally, the absence of a university degree may be compensated by demonstrating at least ten years of progressive and in-depth expertise in a similar role.
Strong practical experience in designing, developing, implementing, testing, and maintaining patch management, orchestration, configuration, and change management tools based on the latest Microsoft and Linux versions.
Proven ability to work under pressure - managing emergency situations related to urgent security updates on critical infrastructures.
Experience in all aspects of the information systems lifecycle to ensure effective system development and deployment.
Expertise in designing and architecting automated patch systems.
Expertise in Windows and/or Linux system administration.
Solid experience in patch management and hardening.
Mastery of security baselines and STIG.
Good knowledge of virtualized environments.
Experience with legacy systems.
Skills in automation and scripting.
Methodological Skills
Ability to design processes from scratch
Rigor, organizational skills, and prioritization
Strong writing and documentation skills
Autonomy and security‑oriented analytical mindset
Ability to interact with business stakeholders
Work in a high‑availability environment
Languages
English
- Level: Full professional proficiency
French
- Level: Full professional proficiency
Skills
Cyber Security
- Level: Expert
Microsoft SCCM
- Level: Expert
Citrix
- Level: Intermediate
Linux
- Level: Intermediate
Windows Server
- Level: Advanced
VMWARE
- Level: Advanced
Offer You will be part of a growing Belgian SME where initiative and personal development are encouraged. We will provide you with an enjoyable work environment with fun colleagues. We will work out a career plan with you, with attention and a budget for extra education/certification. You can count on an attractive salary, supplemented with extra‑legal benefits, including a company car. (Freelance is also possible)
#J-18808-Ljbffr
Automated patch management system
within a virtualized datacenter (VMware and/or Xen, Citrix)
Secure onboarding of new systems
using predefined security standards (Baselines, STIGs), preparing systems for network authorization (cf. RMF), ensuring critical infrastructures are hardened, segmented, and protected
Protection against technical threats and vulnerabilities
Documentation of processes and activity tracking
Technical Scope
Physical and virtual servers
Hypervisors
Operating systems (Windows, Linux, Citrix, Xen, VMware, Kubernetes)
Cloud environments and IaaS/PaaS platforms
Storage, backups, virtualization platforms
Reference Frameworks
CyFun2025, NIS2, ENISA ECSF, ISO/IEC 27001/27002, NIST CSF 2.0
NIST CSF 2.0 functions covered: PROTECT (main), DETECT, RESPOND (partial)
Main Mission
Implement, manage, and secure patch management, hardening, and compliance systems
OS hardening (CIS, ANSSI, vendor guides)
Host firewall and local rules
Disk and volume encryption
Analyze, design, implement, and maintain authorized software changes via distribution and control tools
Automate VM onboarding and patching via secure pipelines and templates
Provide specialized expertise for deployment, installation, and maintenance of system software (OS)
Respond rapidly to critical security updates, deploy them under rapid intervention protocols, and provide activity reports
Manage patching for heterogeneous IT systems (see scope)
Assist the team to ensure systems remain operational after patching and contribute to CAB system ticketing and decision-making
Integrate patch and update management with strict change control systems
Document via SOPs, procedures, and audit evidence
Set up operational test and validation environments
Identify, analyze, and resolve the backlog of unpatched servers
Manage constraints related to legacy systems (compatibility, risks, exceptions)
Implement rollback and automatic remediation mechanisms
Apply validated compensatory measures
Provide technical elements for vulnerability prioritization
Define and apply security baselines for Windows and Linux systems
Integrate security requirements from the installation of new VMs
Implement and maintain Baseline and/or STIG (Security Technical Implementation Guides) or equivalents
Ensure new VMs comply with security and hardening standards
Set up mechanisms for control and remediation of security gaps
Collaborate closely with infrastructure and application development teams as part of the security team
Technical Environments
Systems: Windows Server / Linux
Virtualization: VMware, Xen/Citrix, Docker, Kubernetes
On‑premise datacenter
Possible tools: WSUS, SCCM, third‑party patch management tools, Ansible, PowerShell, Bash, hardening and compliance tools (GPO, SCAP, STIG, CIS baselines)
Profile
A degree from a recognized university in a relevant discipline and five years of relevant professional experience are required. Exceptionally, the absence of a university degree may be compensated by demonstrating at least ten years of progressive and in-depth expertise in a similar role.
Strong practical experience in designing, developing, implementing, testing, and maintaining patch management, orchestration, configuration, and change management tools based on the latest Microsoft and Linux versions.
Proven ability to work under pressure - managing emergency situations related to urgent security updates on critical infrastructures.
Experience in all aspects of the information systems lifecycle to ensure effective system development and deployment.
Expertise in designing and architecting automated patch systems.
Expertise in Windows and/or Linux system administration.
Solid experience in patch management and hardening.
Mastery of security baselines and STIG.
Good knowledge of virtualized environments.
Experience with legacy systems.
Skills in automation and scripting.
Methodological Skills
Ability to design processes from scratch
Rigor, organizational skills, and prioritization
Strong writing and documentation skills
Autonomy and security‑oriented analytical mindset
Ability to interact with business stakeholders
Work in a high‑availability environment
Languages
English
- Level: Full professional proficiency
French
- Level: Full professional proficiency
Skills
Cyber Security
- Level: Expert
Microsoft SCCM
- Level: Expert
Citrix
- Level: Intermediate
Linux
- Level: Intermediate
Windows Server
- Level: Advanced
VMWARE
- Level: Advanced
Offer You will be part of a growing Belgian SME where initiative and personal development are encouraged. We will provide you with an enjoyable work environment with fun colleagues. We will work out a career plan with you, with attention and a budget for extra education/certification. You can count on an attractive salary, supplemented with extra‑legal benefits, including a company car. (Freelance is also possible)
#J-18808-Ljbffr