As part of the effort to secure and upgrade its infrastructure, our client in healthcare aims to implement a DevSecOps approach. This strategy integrates security risk management, compliance, and patch management from the design and deployment stages of infrastructure, through:
* Automated patch management system within a virtualized datacenter (VMware and/or Xen, Citrix)
* Secure onboarding of new systems using predefined security standards (Baselines, STIGs), preparing systems for network authorization (cf. RMF), ensuring critical infrastructures are hardened, segmented, and protected
* Protection against technical threats and vulnerabilities
* Documentation of processes and activity tracking
Technical Scope
* Physical and virtual servers
* Hypervisors
* Operating systems (Windows, Linux, Citrix, Xen, VMware, Kubernetes)
* Cloud environments and IaaS/PaaS platforms
* Storage, backups, virtualization platforms
Reference Frameworks
* CyFun2025, NIS2, ENISA ECSF, ISO/IEC 27001/27002, NIST CSF 2.0
* NIST CSF 2.0 functions covered: PROTECT (main), DETECT, RESPOND (partial)
Main Mission
* Implement, manage, and secure patch management, hardening, and compliance systems
* OS hardening (CIS, ANSSI, vendor guides)
* Host firewall and local rules
* Disk and volume encryption
* Analyze, design, implement, and maintain authorized software changes via distribution and control tools
* Automate VM onboarding and patching via secure pipelines and templates
* Provide specialized expertise for deployment, installation, and maintenance of system software (OS)
* Respond rapidly to critical security updates, deploy them under rapid intervention protocols, and provide activity reports
* Manage patching for heterogeneous IT systems (see scope)
* Assist the team to ensure systems remain operational after patching and contribute to CAB system ticketing and decision-making
* Integrate patch and update management with strict change control systems
* Document via SOPs, procedures, and audit evidence
* Set up operational test and validation environments
* Identify, analyze, and resolve the backlog of unpatched servers
* Manage constraints related to legacy systems (compatibility, risks, exceptions)
* Implement rollback and automatic remediation mechanisms
* Apply validated compensatory measures
* Provide technical elements for vulnerability prioritization
* Define and apply security baselines for Windows and Linux systems
* Integrate security requirements from the installation of new VMs
* Implement and maintain Baseline and/or STIG (Security Technical Implementation Guides) or equivalents
* Ensure new VMs comply with security and hardening standards
* Set up mechanisms for control and remediation of security gaps
* Collaborate closely with infrastructure and application development teams as part of the security team
Technical Environments
* Systems: Windows Server / Linux
* Virtualization: VMware, Xen/Citrix, Docker, Kubernetes
* On-premise datacenter
* Possible tools: WSUS, SCCM, third-party patch management tools, Ansible, PowerShell, Bash, hardening and compliance tools (GPO, SCAP, STIG, CIS baselines)
Profile
We are seeking someone with the following qualifications :
* A degree from a recognized university in a relevant discipline and five years of relevant professional experience are required. Exceptionally, the absence of a university degree may be compensated by demonstrating at least ten years of progressive and in-depth expertise in a similar role.
* Strong practical experience in designing, developing, implementing, testing, and maintaining patch management, orchestration, configuration, and change management tools based on the latest Microsoft and Linux versions.
* Proven ability to work under pressure – managing emergency situations related to urgent security updates on critical infrastructures.
* Experience in all aspects of the information systems lifecycle to ensure effective system development and deployment
* Expertise in designing and architecting automated patch systems
* Expertise in Windows and/or Linux system administration
* Solid experience in patch management and hardening
* Mastery of security baselines and STIG
* Good knowledge of virtualized environments
* Experience with legacy systems
* Skills in automation and scripting
Methodological Skills
* Ability to design processes from scratch
* Rigor, organizational skills, and prioritization
* Strong writing and documentation skills
* Autonomy and security-oriented analytical mindset
* Ability to interact with business stakeholders
* Work in a high-availability environment
Languages
* English - Level: Full professional proficiency
* French - Level: Full professional proficiency
Skills
* Cyber Security - Level: Expert
* Microsoft SCCM - Level: Expert
* Citrix - Level: Intermediate
* Linux - Level: Intermediate
* Windows Server - Level: Advanced
* VMWARE - Level: Advanced
Offer
You will be part of a growing Belgian SME where initiative and personal development are encouraged. We will provide you with an enjoyable work environment with fun colleagues. We will work out a career plan with you, with attention and a budget for extra education/certification. You can count on an attractive salary, supplemented with extra-legal benefits, including a company car.
(Freelance is also possible)