Main Missions

• Integrate security at all stages of the Software Development Life Cycle (SDLC), from design to production deployment, by automating controls and training teams.
• Conduct security audits, code reviews, and penetration tests on applications, cloud infrastructures, containers, and networks to identify, exploit, and document vulnerabilities.
• Set up and maintain CI/CD pipelines integrating automated security tools (vulnerability scanners, static/dynamic analysis, SAST, DAST, etc.).
• Develop and implement security policies, secure development guides, and compliance standards (GDPR, ISO 27001, etc.).
• Design and automate penetration testing scenarios to validate the robustness of systems against current threats.
• Train and raise awareness among teams (development, DevOps, operations) on security best practices, vulnerability discovery techniques, and remediation.
• Maintain continuous monitoring of threats and vulnerabilities in internal applications and propose innovative solutions.
• Write detailed reports (technical and executive summaries) on identified vulnerabilities, attack scenarios, recommendations, and remediation plan follow-ups.
• Plan, execute, and document internal and external penetration testing campaigns, in compliance with ethical guidelines and current regulations.
• Exploit identified vulnerabilities to demonstrate their impact and support developers in fixing the issues.
• Erase test traces to ensure post-intervention security and immediately report any critical breach.

Technical Skills

• Proficient in programming languages: .NET, Blazor, NodeJs
• Mastery of DevOps and automation tools: Git, Jenkins, GitLab CI, Ansible, Terraform, Docker, Kubernetes, etc.
• Expertise in scripting (Python, Bash, PowerShell) to automate testing and deployments.
• In-depth knowledge of security tools: Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, etc.
• Proficient in application security concepts (OWASP Top 10, vulnerability management, encryption, authentication/authorization, etc.)
• Experience with cloud platforms (AWS, Azure, GCP) and security of virtualized/containerized environments.
• Good knowledge of network protocols, operating systems (Linux, Windows), and security standards.
• Ability to leverage open-source intelligence (OSINT) and conduct advanced risk analyses.

Personal Qualities

• Adaptability and stress management: Ability to work effectively under pressure, manage emergency situations, and adapt to changes.
• Rigor and organization: Attention to detail, methodical approach, ability to prioritize tasks, and comply with regulations and confidentiality.
• Analytical mindset and problem solving: Ability to diagnose, analyze, synthesize, and be proactive in seeking solutions.
• Communication and teaching: Excellent interpersonal and writing skills, ability to explain technical information in simple terms, and to collaborate effectively with various stakeholders (technical and non-technical teams).
• Autonomy and team spirit: Proactivity, ability to work independently while being highly capable of integrating and contributing within multidisciplinary teams.
• Curiosity and monitoring: Desire to learn, intellectual curiosity, and ability to stay informed about developments in the field.

Education and Experience

• Significant experience (minimum 3 to 5 years) in DevOps, application security, application testing.
• Preferred certifications: OSCP, CEH, CISSP, DevSecOps Foundation, Azure Certified Security, etc.