DevSecOps Engineer

VASS BENELUX is looking for a DevSecOps Expert based in Brussels for the European Commission.

The role:

• Pipeline Automation: Build and manage end-to-end CI/CD pipelines using Azure DevOps or GitHub Actions to automate the deployment of Fabric workspaces, notebooks, and semantic models.
• Secure Perimeter Management: Configure and maintain private network connectivity, including Private Endpoints and VNET injection, to ensure Fabric traffic never traverses the public internet.
• Security Orchestration: Integrate automated security scanning (SAST/SCA) and secret management into data workflows to prevent credential leakage and vulnerabilities.
• Gateway & Proxy Management: Deploy and manage API Gateways and Reverse Proxies to mediate access to data APIs, ensuring traffic filtering and load balancing.
• Infrastructure Automation: Provision and manage Fabric capacities and network security (Private Links, VNET injection) using Bicep, Terraform, or ARM templates.
• Monitoring & Alerting: Configure real-time observability using Azure Monitor and Log Analytics to track platform health, cost consumption, and security incidents.
• Access Governance: Implement and audit granular access controls using Microsoft Entra ID (formerly Azure AD) and Fabric-specific RBAC models.

You have:

• DevOps Methodology: Strong understanding of Git-based version control, branching strategies (Gitflow), and release management.
• Data Lifecycle Knowledge: Understanding of the Medallion Architecture (Bronze/Silver/Gold) and how to promote data assets across environments (Dev, Test, Prod).
• Scripting & Programming: Proficiency in PowerShell and Python for automation tasks and SQL for data security auditing.
• Network Security: Solid understanding of DNS environments, Firewall rules, and Network Security Groups (NSGs).
• Authentication Standards: Deep knowledge of modern protocols, specifically OAuth 2.0, OpenID Connect (OIDC), and SAML.
• Collaboration: Ability to work alongside data architects and security compliance teams to translate security requirements into technical guardrails.
• Languages: Good knowledge of written/spoken English (working language). Knowledge of French is an asset

Specific Expertise:

• Microsoft Fabric Ecosystem: Deep technical knowledge of OneLake, Lakehouses, Warehouses, and the integration of Data Factory within the Fabric environment.
• Policy as Code: Experience implementing Azure Policy to enforce compliance standards across cloud resources.
• Identity & Access: Implementation of authentication mechanisms, including managed identities, service principals, and conditional access policies via Microsoft Entra ID.
• Data Security: Expertise in configuring Row-Level Security (RLS), Object-Level Security (OLS), and Microsoft Purview for data discovery and classification.
• API Integration: Experience using the Microsoft Fabric REST APIs to automate workspace settings and administrative tasks.
• Networking: Expertise in securing data ingress/egress using Azure Private Link, Virtual Network (VNET) peering etc.
• Reverse proxies: Experience configuring application gateways, reverse proxies to handle SSL termination and Web Application Firewall (WAF) policies.

Certifications:

• DevOps: AZ-400: Microsoft Certified: DevOps Engineer Expert - required
• Security: AZ-500: Microsoft Azure Security Technologies – a plus
• Networking: AZ-700: Microsoft Azure Network Engineer Associate - a plus
• Core Fabric: DP-600: Microsoft Certified: Fabric Analytics Engineer Associate - a plus