Security & Compliance Officer

Context

Within a public research and academic environment in Luxembourg, the organization is reinforcing its information security governance for dual-use and defense-related research activities.

The role sits at the intersection of:

• Cybersecurity compliance
• Endpoint security & Microsoft ecosystem
• Software supply chain risk
• Research security governance

The objective is to ensure that research activities — particularly those with dual-use or defense implications — are conducted in alignment with cybersecurity best practices and institutional security standards.

Mission Objective

The Dual-Use & Defense Research Information Security Officer will:

• Strengthen endpoint security compliance across platforms
• Automate and monitor CIS security baseline adherence
• Support Microsoft-based device management (Intune / Entra / Defender)
• Contribute to software supply chain risk analysis
• Maintain and update dual-use research security documentation
• Bridge the gap between the security team and researchers

The role combines technical expertise, automation capability, and governance support.

Responsibilities :

CIS Compliance & Endpoint Security :

• Maintain and update custom CIS (Center for Internet Security) rules
• Stay aligned with latest CIS policy baselines
• Automate compliance testing for CIS policies across:
• Windows
• macOS
• Linux
• Use CIS tools or relevant open-source alternatives
• Analyse non-compliant policies on devices registered in Intune

Microsoft Security Ecosystem :

• Demonstrate working knowledge of:
• Entra ID
• Intune
• Microsoft Defender Portal
• Investigate and understand endpoint security posture
• Support remediation strategies

Automation & Technical Implementation :

• Automate compliance and monitoring tasks
• Develop well-documented, maintainable scripts
• Leverage open-source tools where appropriate
• Work comfortably with terminal-based tools
• Strong proficiency in Python programming

Software Supply Chain & Risk Analysis :

• Analyse software supply chain risks
• Apply pragmatic and accessible risk assessment models
• Provide practical mitigation recommendations

Research Security Governance :

• Update and maintain dual-use research security documentation and principles
• Present security guidelines to researchers and project stakeholders
• Support awareness and secure research practices

Technical Skills Required :

• Strong knowledge of CIS benchmarks and security baselines
• Experience automating compliance checks across Windows, macOS, and Linux
• Solid understanding of Intune device management and compliance reporting
• Working knowledge of Entra ID and Microsoft Defender
• Comfortable with open-source security tools
• Strong scripting capability (Python)
• Practical understanding of software supply chain risks
• Ability to operate in cross-functional research environments

Language Skills :

• French – minimum B2 (oral & written)
• English – minimum B1 (oral & written)

Interpersonal Skills :

• Pragmatic, risk-based mindset (prioritizes workable solutions)
• Able to propose innovative yet realistic improvements
• Confident engaging with diverse stakeholders
• Adaptable and flexible in evolving environments
• Balanced approach when managing security exceptions
• Strong reporting and documentation skills
• Loyal and aligned with institutional decisions
• Able to work independently on technical assignments

Nice to Have :

• Prior experience in research or academic environments
• Experience in environments handling sensitive or dual-use research topics
• Patience and resilience when dealing with delays or administrative complexity