Information Security Engineer

Date: 12 Jul 2026

Location: Belgium - Liège

Company: EVS

Scope

We're looking for an Information Security Engineer to join the IT Security team within IT Corporate.

In this hands-on role, you'll drive operational cybersecurity: vulnerability management, security monitoring, incident response support, security assessments, and ongoing improvement of our controls. You'll work closely with Infrastructure and Workplace teams to strengthen our security posture and help execute the security roadmap.

EVS is an NIS2 Essential Entity under Belgian law, currently working toward ISO/IEC 27001:2022 certification (target: April 2027). You'll play a direct role in this programme : implementing controls, producing evidence, and ensuring audit readiness across the IT Corporate perimeter.

Job Description

As part of the IT Security team, the Information Security Engineer will contribute to the following activities:

Security Operations & Monitoring

  • Monitor and investigate alerts across multiple platforms
  • Take part in incident response efforts and help coordinate investigations
  • Help refine and tune detection capabilities and monitoring use cases
  • Support the development and upkeep of operational procedures and playbooks
  • Conduct operational reviews and related follow-up work

Vulnerability & Exposure Management

  • Organize scanning activities and ensure findings are reviewed and prioritized appropriately
  • Liaise with infrastructure, platform, application and support teams on remediation actions
  • Track remediation progress and escalate overdue items when needed
  • Arrange external penetration tests and other assessments
  • Ensure findings from these engagements are documented, tracked, and resolved

Security Assessments & Risk Management

  • Assess applications, services and technical solutions from a security standpoint
  • Contribute to risk evaluations for new projects, technologies and providers
  • Examine configurations and flag areas for improvement
  • Help identify and manage risks across the IT environment

Security Governance & Reporting

  • Maintain and track operational KPIs and dashboards
  • Assist with reporting on vulnerabilities, incidents, posture and remediation efforts
  • Participate in periodic access reviews, including privileged accounts and controls
  • Support compliance efforts and implementation of requirements under ISO/IEC 27001:2022 and NIS2
  • Produce and maintain auditable evidence of control operation in line with ISO 27001:2022 (logs, reports, review records, remediation closure evidence)

Improvement & Automation

  • Spot opportunities to strengthen controls and streamline processes
  • Contribute to automation initiatives that reduce manual effort
  • Make use of available tooling — including built-in analytics and automation features — to enhance detection quality and efficiency
  • Keep documentation and procedures up to date

Collaboration & Advisory

  • Offer guidance to IT teams and project stakeholders
  • Partner with Infrastructure and Workplace teams to strengthen overall posture
  • Champion best practices and support awareness initiatives
  • Keep up with emerging threats, vulnerabilities and industry trends

Profile

Experience

  • Minimum 3 years in cybersecurity, security operations, vulnerability management, or a related technical security role
  • Background in security monitoring, incident handling, or vulnerability management
  • Practical exposure to security tools and operational processes

Technical Knowledge

  • Solid grasp of security monitoring and incident response principles
  • Knowledge of vulnerability management processes and risk-based remediation prioritization — combining CVSS scores with asset criticality, exploitability context, and compensating controls
  • Hands-on experience with the Microsoft Defender XDR suite: Defender for Endpoint (EDR), Defender for Office 365 / Exchange Online Protection, Defender for Identity
  • Exposure to Microsoft Sentinel (SIEM/SOAR) or an equivalent platform — deployment experience is a strong asset
  • Grasp of Entra ID governance: Conditional Access, Identity Protection, Privileged Identity Management (PIM)
  • Working knowledge of Microsoft Intune (MDM, endpoint compliance policies) and Microsoft Purview (DLP, compliance)
  • Command of network security fundamentals: firewall management (Palo Alto / FortiGate), log forwarding, network segmentation principles
  • Awareness of common frameworks and industry best practices (ISO/IEC 27001, NIST CSF, CIS Controls)

Personal Skills

  • Strong analytical and problem-solving mindset
  • Organized, structured, and detail-oriented
  • Able to work independently while collaborating effectively across teams
  • Curious, with a drive to keep learning new technologies and trends
  • Proactive, with a continuous-improvement mindset
  • Strong communication and coordination abilities
  • Team player with a practical, solution-oriented approach

Languages

  • Fluent in French (working language of the IT team)
  • Professional English required — all security tooling, vendor documentation, and ISO/IEC 27001 programme materials are in English

Certifications (Nice to Have)

  • SC-200 — Microsoft Security Operations Analyst (strongly preferred given the EVS tooling stack)
  • SC-300 — Microsoft Identity and Access Administrator
  • CompTIA Security+ or CySA+
  • ISO/IEC 27001 Lead Implementer or Lead Auditor — a strong differentiator in the current certification programme context

Offer

Becoming part of the EVS team means receiving a competitive salary aligned with your skills and market standards, along with a wide range of wellness and healthcare benefits.


Our flexible schedules and hybrid working policies help support work–life balance. EVS also provides opportunities for career growth, internal mobility, and a broad range of training programs. You will join a friendly, lively, and inclusive environment that values motivation and ambition.


Visit our website to learn more about why you should join EVS!