Cybersecurity Implementers – Infrastructure (DevSecOps Engineers)

As part of the effort to secure and upgrade its infrastructure, the Information and Systems Department of Cliniques universitaires Saint-Luc aims to implement a DevSecOps approach. This strategy integrates security risk management, compliance, and patch management from the design and deployment stages of infrastructure, through:

Automated patch management system within a virtualized datacenter (VMware and/or Xen, Citrix)
Secure onboarding of new systems using predefined security standards (Baselines, STIGs), preparing systems for network authorization (cf. RMF), ensuring critical infrastructures are hardened, segmented, and protected
Protection against technical threats and vulnerabilities
Documentation of processes and activity tracking

Technical Scope

• Physical and virtual servers
• Hypervisors
• Operating systems (Windows, Linux, Citrix, Xen, VMware, Kubernetes)
• Cloud environments and IaaS/PaaS platforms
• Storage, backups, virtualization platforms

Reference Frameworks

• CyFun2025, NIS2, ENISA ECSF, ISO/IEC 27001/27002, NIST CSF 2.0
• NIST CSF 2.0 functions covered: PROTECT (main), DETECT, RESPOND (partial)

Main Missions

Patch Management, OS Hardening, and Security Lifecycle

• Implement, manage, and secure patch management, hardening, and compliance systems
• OS hardening (CIS, ANSSI, vendor guides)
• Host firewall and local rules
• Disk and volume encryption
• Analyze, design, implement, and maintain authorized software changes via distribution and control tools
• Automate VM onboarding and patching via secure pipelines and templates
• Provide specialized expertise for deployment, installation, and maintenance of system software (OS)
• Respond rapidly to critical security updates, deploy them under rapid intervention protocols, and provide activity reports
• Manage patching for heterogeneous IT systems (see scope)
• Assist the team to ensure systems remain operational after patching and contribute to CAB system ticketing and decision-making
• Integrate patch and update management with strict change control systems
• Document via SOPs, procedures, and audit evidence
• Set up operational test and validation environments
• Identify, analyze, and resolve the backlog of unpatched servers
• Manage constraints related to legacy systems (compatibility, risks, exceptions)
• Implement rollback and automatic remediation mechanisms
• Apply validated compensatory measures
• Provide technical elements for vulnerability prioritization
• Define and apply security baselines for Windows and Linux systems
• Integrate security requirements from the installation of new VMs
• Implement and maintain Baseline and/or STIG (Security Technical Implementation Guides) or equivalents
• Ensure new VMs comply with security and hardening standards
• Set up mechanisms for control and remediation of security gaps
• Collaborate closely with infrastructure and application development teams as part of the security team

Technical Environments

• Systems: Windows Server / Linux
• Virtualization: VMware, Xen/Citrix, Docker, Kubernetes
• On-premise datacenter
• Possible tools: WSUS, SCCM, third-party patch management tools, Ansible, PowerShell, Bash, hardening and compliance tools (GPO, SCAP, STIG, CIS baselines)

Profile

We are seeking 2 engineers with the following qualifications:

• A degree from a recognized university in a relevant discipline and five years of relevant professional experience are required. Exceptionally, the absence of a university degree may be compensated by demonstrating at least ten years of progressive and in-depth expertise in a similar role.
• Strong practical experience in designing, developing, implementing, testing, and maintaining patch management, orchestration, configuration, and change management tools based on the latest Microsoft and Linux versions.
• Proven ability to work under pressure – managing emergency situations related to urgent security updates on critical infrastructures.
• Experience in all aspects of the information systems lifecycle to ensure effective system development and deployment
• Expertise in designing and architecting automated patch systems
• Expertise in Windows and/or Linux system administration
• Solid experience in patch management and hardening
• Mastery of security baselines and STIG
• Good knowledge of virtualized environments
• Experience with legacy systems
• Skills in automation and scripting

Methodological Skills

• Ability to design processes from scratch
• Rigor, organizational skills, and prioritization
• Strong writing and documentation skills
• Autonomy and security-oriented analytical mindset
• Ability to interact with business stakeholders
• Work in a high-availability environment

Desired Profile

• Experienced systems engineer / administrator
• Strong sensitivity to security and compliance issues
• Comfortable with technical debt, upgrades, and standardization contexts

Working Schedule

We are offering full-time positions working on-premise. Once mutual confidence levels are established, a maximum of 2 days per week of remote working can be authorized.