Infrastructure & Vulnerability Management Consultant (Ref : 333)

Pour l’un de nos clients, une banque située à Luxembourg Ville, nous recherchons un Infrastructure & Vulnerability Management Consultant

Mission:

Strengthen the Bank’s security posture by enhancing secure configuration management, vulnerability and patch management, and infrastructure hardening across both internal and third-party managed environments.

Key Responsibilities:

• Develop and maintain configuration management and hardening frameworks (Windows, Linux, databases, network devices, cloud).

• Oversee secure baseline definition, implementation, and enforcement for all critical technologies.

• Establish and automate compliance/health check monitoring and remediation workflows.

• Maintain End-of-Life/End-of-Support asset registers and ensure appropriate controls.

• Lead vulnerability management processes: policy updates, scanning, prioritization, remediation, and governance.

• Implement and manage patch management processes, including exception handling and risk acceptance.

• Oversee firewall management, segmentation of management interfaces, and migration to secure remote access solutions (MFA, time-bound access, VPNs).

• Collaborate with IT, risk, and service providers to ensure aligned security requirements and SLAs.

• Provide technical expertise in reviewing firewall rules, DDOS protection, proxy migration, and malware protection controls.

Required Skills & Experience:

• 5+ years in infrastructure security, vulnerability management, and secure configuration.

• Strong experience with security tools, SIEM, and automated compliance platforms.

• Deep understanding of network security, firewall management, VPN, segmentation, and cloud security.

• Proven track record in vulnerability/patch management in regulated environments.

• Hands-on experience with Windows/Linux hardening, network device configuration, and secure remote access.

• Fluent in French and English.

• University degree in Computer Science, Information Security, or related field.

• Relevant certifications are a plus (CISSP, CISM, CISA, GIAC, ISO 27001 Lead Implementer/Auditor, etc.).

• Capable of working autonomously, proactive, and results-oriented.

• Strong documentation, communication, and stakeholder engagement skills.

• Proven experience working in regulated (preferably financial) environments and with third-party providers.

• Able to prioritize, manage multiple projects, and deliver results under pressure.