Job Description
About Cronos Europa:
Cronos Europa is a leading IT and digital transformation partner dedicated exclusively to European Institutions and agencies, delivering mission‑critical solutions that shape Europe’s digital future. As part of the Cronos Group, one of the most innovative and fastest‑growing tech ecosystems in Europe, we benefit from a vast pool of expertise and cutting‑edge capabilities. With over 1,000 specialists across Belgium, Luxembourg, and the Netherlands, we combine deep institutional knowledge with strong engineering excellence to support long‑term, high‑impact EU programmes requiring reliability, scalability, and innovation.
About the job
We are looking for a profile capable of bridging the gap between data engineering, security, and automated operations. The DevSecOps engineer will be responsible for ensuring that the Microsoft Fabric environment is scalable, secure by design, and fully integrated into automated deployment workflows.
Key Responsibilities
- Pipeline Automation: Build and manage end-to-end CI/CD pipelines using Azure DevOps or GitHub Actions to automate the deployment of Fabric workspaces, notebooks, and semantic models.
- Secure Perimeter Management: Configure and maintain private network connectivity, including Private Endpoints and VNET injection, to ensure Fabric traffic never traverses the public internet.
- Security Orchestration: Integrate automated security scanning (SAST/SCA) and secret management into data workflows to prevent credential leakage and vulnerabilities.
- Gateway & Proxy Management: Deploy and manage API Gateways and Reverse Proxies to mediate access to data APIs, ensuring traffic filtering and load balancing.
- Infrastructure Automation: Provision and manage Fabric capacities and network security (Private Links, VNET injection) using Bicep, Terraform, or ARM templates.
- Monitoring & Alerting: Configure real-time observability using Azure Monitor and Log Analytics to track platform health, cost consumption, and security incidents.
- Access Governance: Implement and audit granular access controls using Microsoft Entra ID (formerly Azure AD) and Fabric-specific RBAC models.
Your Profile
- Following skills and knowledge are required for the performance of the above listed tasks:
- DevOps Methodology: Strong understanding of Git-based version control, branching strategies (Gitflow), and release management.
- Data Lifecycle Knowledge: Understanding of the Medallion Architecture (Bronze/Silver/Gold) and how to promote data assets across environments (Dev, Test, Prod).
- Scripting & Programming: Proficiency in PowerShell and Python for automation tasks and SQL for data security auditing.
- Network Security: Solid understanding of DNS environments, Firewall rules, and Network Security Groups (NSGs). resolution in hybrid
- Authentication Standards: Deep knowledge of modern protocols, specifically OAuth 2.0, OpenID Connect (OIDC), and SAML.
- Collaboration: Ability to work alongside data architects and security compliance teams to translate security requirements into technical guardrails.
- Languages: Good knowledge of written/spoken English (working language). Knowledge of French is an asset
- master’s level or 5 years of higher education.
Specific Expertise
Microsoft Fabric Ecosystem: Deep technical knowledge of OneLake, Lakehouses, Warehouses, and the integration of Data Factory within the Fabric environment.
Policy as Code: Experience implementing Azure Policy to enforce compliance standards across cloud resources.
Identity & Access: Implementation of authentication mechanisms, including managed identities, service principals, and conditional access policies via Microsoft Entra ID.
Data Security: Expertise in configuring Row-Level Security (RLS), Object-Level Security (OLS), and Microsoft Purview for data discovery and classification.
API Integration: Experience using the Microsoft Fabric REST APIs to automate workspace settings and administrative tasks.
Networking: Expertise in securing data ingress/egress using Azure Private Link, Virtual Network (VNET) peering etc.
Reverse proxies: Experience configuring application gateways, reverse proxies to handle SSL termination and Web Application Firewall (WAF) policies.
Certifications & Standards:
- DevOps: AZ-400: Microsoft Certified: DevOps Engineer Expert - required
- Security: AZ-500: Microsoft Azure Security Technologies – a plus
- Networking: AZ-700: Microsoft Azure Network Engineer Associate - a plus
- Core Fabric: DP-600: Microsoft Certified: Fabric Analytics Engineer Associate - a plus
If you wish to integrate a dynamic structure on a human scale while working with the latest technologies, don't wait anymore and join Cronos!