DevSecOps Engineer; Freelance

About the job Dev Sec Ops  Engineer (Freelance possible)

As part of the effort to secure and upgrade its infrastructure, our client in healthcare aims to implement a Dev Sec Ops  approach. This strategy integrates security risk management, compliance, and patch management from the design and deployment stages of infrastructure, through:

• Automated patch management system within a virtualized datacenter (VMware and/or Xen, Citrix)
• Secure onboarding of new systems using predefined security standards (Baselines, STIGs), preparing systems for network authorization (cf. RMF), ensuring critical infrastructures are hardened, segmented, and protected
• Protection against technical threats and vulnerabilities
• Documentation of processes and activity tracking

• Physical and virtual servers
• Hypervisors
• Operating systems (Windows, Linux, Citrix, Xen, VMware, Kubernetes)
• Cloud environments and IaaS/PaaS platforms
• Storage, backups, virtualization platforms

• Cy Fun
  2025, NIS2, ENISA ECSF, ISO/IEC 27001/27002, NIST CSF 2.0
• NIST CSF 2.0 functions covered: PROTECT (main), DETECT, RESPOND (partial)

• Implement, manage, and secure patch management, hardening, and compliance systems
• OS hardening (CIS, ANSSI, vendor guides)
• Host firewall and local rules
• Disk and volume encryption
• Analyze, design, implement, and maintain authorized software changes via distribution and control tools
• Automate VM onboarding and patching via secure pipelines and templates
• Provide specialized expertise for deployment, installation, and maintenance of system software (OS)
• Respond rapidly to critical security updates, deploy them under rapid intervention protocols, and provide activity reports
• Manage patching for heterogeneous IT systems (see scope)
• Assist the team to ensure systems remain operational after patching and contribute to CAB system ticketing and decision-making
• Integrate patch and update management with strict change control systems
• Document via SOPs, procedures, and audit evidence
• Set up operational test and validation environments
• Identify, analyze, and resolve the backlog of unpatched servers
• Manage constraints related to legacy systems (compatibility, risks, exceptions)
• Implement rollback and automatic remediation mechanisms
• Apply validated compensatory measures
• Provide technical elements for vulnerability prioritization
• Define and apply security baselines for Windows and Linux systems
• Integrate security requirements from the installation of new VMs
• Implement and maintain Baseline and/or STIG (Security Technical Implementation Guides) or equivalents
• Ensure new VMs comply with security and hardening standards
• Set up mechanisms for control and remediation of security gaps
• Collaborate closely with infrastructure and application development teams as part of the security team

• Systems:
  Windows Server / Linux
• Virtualization: VMware, Xen/Citrix, Docker, Kubernetes
• On‑premise datacenter
• Possible tools: WSUS, SCCM, third‑party patch management tools, Ansible, Power Shell, Bash, hardening and compliance tools (GPO, SCAP, STIG, CIS baselines)

• A degree from a recognized university in a relevant discipline and five years of relevant professional experience are required. Exceptionally, the absence of a university degree may be compensated by demonstrating at least ten years of progressive and in-depth expertise in a similar role.
• Strong practical experience in designing, developing, implementing, testing, and maintaining patch management, orchestration, configuration, and change management tools based on the latest Microsoft and Linux versions.
• Proven ability to work under pressure - managing emergency situations related to urgent security updates on critical infrastructures.
• Experience in all aspects of the information systems lifecycle to ensure effective system development and deployment.
• Expertise in designing and architecting automated patch systems.
• Expertise in Windows and/or Linux system administration.
• Solid experience in patch management and hardening.
• Mastery of security baselines and STIG.
• Good knowledge of virtualized environments.
• Experience with legacy systems.
• Skills in automation and scripting.

• Ability to design processes from scratch
• Rigor, organizational skills, and prioritization
• Strong writing and documentation skills
• Autonomy and security‑oriented analytical mindset
• Ability to interact with business stakeholders
• Work in a high‑availability environment

• English - Level: Full professional proficiency
• French - Level: Full professional proficiency

• Cyber Security - Level: Expert
• Microsoft SCCM - Level: Expert
• Citrix - Level: Intermediate
• Linux - Level: Intermediate
• Windows Server - Level: Advanced
• VMWARE - Level: Advanced

You will be part of a growing Belgian SME where initiative and personal development are encouraged. We will provide you with an enjoyable work environment with fun colleagues. We will work out a career plan with you, with attention and a budget for extra…