About Cronos Europa:

Cronos Europa is a leading IT and digital transformation partner dedicated exclusively to European Institutions and agencies delivering missioncritical solutions that shape Europes digital future. As part of the Cronos Group one of the most innovative and fastestgrowing tech ecosystems in Europe we benefit from a vast pool of expertise and cuttingedge capabilities. With over 1000 specialists across Belgium Luxembourg and the Netherlands we combine deep institutional knowledge with strong engineering excellence to support longterm highimpact EU programmes requiring reliability scalability and innovation.

About the job

We are looking for a profile capable of bridging the gap between data engineering security and automated operations. The DevSecOps engineer will be responsible for ensuring that the Microsoft Fabric environment is scalable secure by design and fully integrated into automated deployment workflows.

Key Responsibilities

• Pipeline Automation: Build and manage end-to-end CI/CD pipelines using Azure DevOps or GitHub Actions to automate the deployment of Fabric workspaces notebooks and semantic models.
• Secure Perimeter Management: Configure and maintain private network connectivity including Private Endpoints and VNET injection to ensure Fabric traffic never traverses the public internet.
• Security Orchestration: Integrate automated security scanning (SAST/SCA) and secret management into data workflows to prevent credential leakage and vulnerabilities.
• Gateway & Proxy Management: Deploy and manage API Gateways and Reverse Proxies to mediate access to data APIs ensuring traffic filtering and load balancing.
• Infrastructure Automation: Provision and manage Fabric capacities and network security (Private Links VNET injection) using Bicep Terraform or ARM templates.
• Monitoring & Alerting: Configure real-time observability using Azure Monitor and Log Analytics to track platform health cost consumption and security incidents.
• Access Governance: Implement and audit granular access controls using Microsoft Entra ID (formerly Azure AD) and Fabric-specific RBAC models.

Your Profile

• Following skills and knowledge are required for the performance of the above listed tasks:
• DevOps Methodology: Strong understanding of Git-based version control branching strategies (Gitflow) and release management.
• Data Lifecycle Knowledge: Understanding of the Medallion Architecture (Bronze/Silver/Gold) and how to promote data assets across environments (Dev Test Prod).
• Scripting & Programming: Proficiency in PowerShell and Python for automation tasks and SQL for data security auditing.
• Network Security: Solid understanding of DNS environments Firewall rules and Network Security Groups (NSGs). resolution in hybrid
• Authentication Standards: Deep knowledge of modern protocols specifically OAuth 2.0 OpenID Connect (OIDC) and SAML.
• Collaboration: Ability to work alongside data architects and security compliance teams to translate security requirements into technical guardrails.
• Languages: Good knowledge of written/spoken English (working language). Knowledge of French is an asset
• masters level or 5 years of higher education.

Specific Expertise

Microsoft Fabric Ecosystem: Deep technical knowledge of OneLake Lakehouses Warehouses and the integration of Data Factory within the Fabric environment.

Policy as Code: Experience implementing Azure Policy to enforce compliance standards across cloud resources.

Identity & Access: Implementation of authentication mechanisms including managed identities service principals and conditional access policies via Microsoft Entra ID.

Data Security: Expertise in configuring Row-Level Security (RLS) Object-Level Security (OLS) and Microsoft Purview for data discovery and classification.

API Integration: Experience using the Microsoft Fabric REST APIs to automate workspace settings and administrative tasks.

Networking: Expertise in securing data ingress/egress using Azure Private Link Virtual Network (VNET) peering etc.

Reverse proxies: Experience configuring application gateways reverse proxies to handle SSL termination and Web Application Firewall (WAF) policies.

Certifications & Standards:

• DevOps: AZ-400: Microsoft Certified: DevOps Engineer Expert - required
• Security: AZ-500: Microsoft Azure Security Technologies a plus
• Networking: AZ-700: Microsoft Azure Network Engineer Associate - a plus
• Core Fabric: DP-600: Microsoft Certified: Fabric Analytics Engineer Associate - a plus

If you wish to integrate a dynamic structure on a human scale while working with the latest technologies dont wait anymore and join Cronos!