Budget: 600€
Cybersecurity Implementers – Infrastructure (DevSecOps Engineers)
As Part Of The Effort To Secure And Upgrade Its Infrastructure, The Information And Systems Department Aims To Implement a DevSecOps Approach. This Strategy Integrates Security Risk Management, Compliance, And Patch Management From The Design And Deployment Stages Of Infrastructure, Through
* Automated patch management system within a virtualized datacenter (VMware and/or Xen, Citrix)
* Secure onboarding of new systems using predefined security standards (Baselines, STIGs), preparing systems for network authorization (cf. RMF), ensuring critical infrastructures are hardened, segmented, and protected
* Protection against technical threats and vulnerabilities
* Documentation of processes and activity tracking
Technical Scope
* Physical and virtual servers
* Hypervisors
* Operating systems (Windows, Linux, Citrix, Xen, VMware, Kubernetes)
* Cloud environments and IaaS/PaaS platforms
* Storage, backups, virtualization platforms
Reference Frameworks
* CyFun2025, NIS2, ENISA ECSF, ISO/IEC 27001/27002, NIST CSF 2.0
* NIST CSF 2.0 functions covered: PROTECT (main), DETECT, RESPOND (partial)
Main Missions
Patch Management, OS Hardening, and Security Lifecycle
* Implement, manage, and secure patch management, hardening, and compliance systems
* OS hardening (CIS, ANSSI, vendor guides)
* Host firewall and local rules
* Disk and volume encryption
* Analyze, design, implement, and maintain authorized software changes via distribution and control tools
* Automate VM onboarding and patching via secure pipelines and templates
* Provide specialized expertise for deployment, installation, and maintenance of system software (OS)
* Respond rapidly to critical security updates, deploy them under rapid intervention protocols, and provide activity reports
* Manage patching for heterogeneous IT systems (see scope)
* Assist the team to ensure systems remain operational after patching and contribute to CAB system ticketing and decision-making
* Integrate patch and update management with strict change control systems
* Document via SOPs, procedures, and audit evidence
* Set up operational test and validation environments
* Identify, analyze, and resolve the backlog of unpatched servers
* Manage constraints related to legacy systems (compatibility, risks, exceptions)
* Implement rollback and automatic remediation mechanisms
* Apply validated compensatory measures
* Provide technical elements for vulnerability prioritization
* Define and apply security baselines for Windows and Linux systems
* Integrate security requirements from the installation of new VMs
* Implement and maintain Baseline and/or STIG (Security Technical Implementation Guides) or equivalents
* Ensure new VMs comply with security and hardening standards
* Set up mechanisms for control and remediation of security gaps
* Collaborate closely with infrastructure and application development teams as part of the security team
Technical Environments
* Systems: Windows Server / Linux
* Virtualization: VMware, Xen/Citrix, Docker, Kubernetes
* On-premise datacenter
* Possible tools: WSUS, SCCM, third-party patch management tools, Ansible, PowerShell, Bash, hardening and compliance tools (GPO, SCAP, STIG, CIS baselines)
Profile
We Are Seeking Engineers With The Following Qualifications
* A degree from a recognized university in a relevant discipline and five years of relevant professional experience are required. Exceptionally, the absence of a university degree may be compensated by demonstrating at least ten years of progressive and in-depth expertise in a similar role.
* Strong practical experience in designing, developing, implementing, testing, and maintaining patch management, orchestration, configuration, and change management tools based on the latest Microsoft and Linux versions.
* Proven ability to work under pressure – managing emergency situations related to urgent security updates on critical infrastructures.
* Experience in all aspects of the information systems lifecycle to ensure effective system development and deployment
* Expertise in designing and architecting automated patch systems
* Expertise in Windows and/or Linux system administration
* Solid experience in patch management and hardening
* Mastery of security baselines and STIG
* Good knowledge of virtualized environments
* Experience with legacy systems
* Skills in automation and scripting
Methodological Skills
* Ability to design processes from scratch
* Rigor, organizational skills, and prioritization
* Strong writing and documentation skills
* Autonomy and security-oriented analytical mindset
* Ability to interact with business stakeholders
* Work in a high-availability environment
Desired Profile
* Experienced systems engineer / administrator
* Strong sensitivity to security and compliance issues
* Comfortable with technical debt, upgrades, and standardization contexts
Working Schedule
We are offering full-time positions working on-premise. Once mutual confidence levels are established, a maximum of 2 days per week of remote working can be authorized.