Dual-use & Defense Research Information Security Officer (1/5)

Context

The role supports the implementation, maintenance, and automation of security compliance policies based on CIS benchmarks across Windows, macOS, and Linux environments. It also contributes to the analysis of device non-compliance in Intune, supports practical software supply chain risk analysis, and helps maintain dual-use research security documentation for researchers and stakeholders.

Responsibilities

• Maintain custom CIS rules and stay up to date with CIS security baselines

• Automate compliance testing for CIS security policies across Windows, macOS, and Linux

• Use CIS tools or relevant open-source alternatives

• Analyse and understand non-compliant policies on devices registered in Intune

• Demonstrate general knowledge of Entra, Intune, and Defender Portal

• Analyse software supply chain risks using practical and accessible risk models

• Develop well-documented and maintainable scripts

• Leverage existing open-source solutions when relevant

• Update and work on dual-use research security documents and principles

• Present security-related topics to researchers and project stakeholders

• Document daily activities accurately and concisely

• Work independently on technical assignments

• Collaborate with stakeholders across diverse professional environments

Technical skills

Must have

• Experience with CIS security policies and baseline maintenance

• Ability to automate compliance testing across Windows, macOS, and Linux

• Good understanding of Microsoft security and device management tools

• Knowledge of Entra, Intune, and Defender Portal

• Strong scripting and automation capabilities

• Proficiency in Python

• Comfortable with terminal tools and open-source technologies

• Ability to analyse non-compliance on managed devices

• Ability to produce clear and maintainable technical documentation

• Strong stakeholder communication skills

• Pragmatic, risk-based mindset

• Ability to work independently

• English language proficiency

Should have

• Experience analysing software supply chain risk

• Ability to support or maintain dual-use research security principles and documentation

• Confidence engaging with stakeholders from varied professional backgrounds

• Adaptability in handling exceptions and evolving mission needs

• Clear and concise reporting skills

• Loyalty and alignment with team decisions and project technologies

Nice to have

• Prior experience in research environments

• French language skills

1) Experience with CIS Security Policies

2) Knowledge of Entra, Intune, and Defender Portal

3) Proficiency in Python

4) English (must have) and French (could have)

5) Ability to automate compliance testing across Windows, macOS, and Linux