Freelancer profile translated to English.

Description

With 15 years of expertise in operational and infrastructure cybersecurity, I am applying for the Operational Security Engineer position. My profile combines in-depth technical expertise with mastery of regulatory frameworks (ISO 2700x, NIST, GDPR).

My key skills at your service for your security:

🔒 Infrastructure Security: AD hardening (PingCastle, BloodHound), technical audits (Check Point/Palo Alto firewalls), XDR/EDR management (SentinelOne, Cortex XDR), and industrialized patch management.

🛡️ Governance & Compliance: Implementation of security policies (ISO 27001/27005), risk management (EBIOS), and BCP/DRP documentation.

⚙️ Operational Expertise: Monitoring (Zabbix, Grafana), network security (SD-WAN, IPSEC VPN), IAM (SSO, MFA), and incident response.

📊 Project Management: Deployment of cyber tools (XDR, monitoring), ITIL process optimization, and technical workshop facilitation.

Recent achievements:

AD audit and hardening (InVivo) with an 80% reduction in attack vectors.

Secure migration of endpoint fleets (France TV) via Cortex XDR for 30,000 machines.

Firewall rule redesign (McDonald's) improving performance by 60%.

Certified ISO 27001 Lead Auditor and ISO 27005 Risk Manager, I have fluent English and am immediately available.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
Italian
Basic
Arabic
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 50km)

InVivo Group
Operational Cybersecurity Expert
AGRICULTURE
November 2024 - September 2025 (10 months)
Paris, France
Missions:
Active Directory Audit & Security
• Conducted in-depth Active Directory audits with PingCastle (analysis of trusts, Kerberos vulnerabilities, excessive permissions).
• Defined recommendations for secure AD architecture.
• Participated in AD/ADCS infrastructure design.
• Contributed to the IT security hardening program.
• Hardened protocols: Disabled NTLM, enforced LDAP Signing, secured RPC/SMB flows.
• Mapped attack paths using BloodHound and provided recommendations to reduce the attack surface.
• Performed AD & ADCS pentests (Golden Ticket, Kerberoasting, DCSync attacks).
• Documented and remediated detected vulnerabilities.
• Reviewed applied GPOs and security policies.
N3 Cybersecurity Operations
• Participated in the migration and functional upgrade project of Domain Controllers (procedure, prerequisites, configuration audit).
• Restricted unsecured FTP flows.
• Analyzed server vulnerabilities with Qualys.
• Applied CIS benchmarks for server hardening.
• Administered SentinelOne.
• Updated cybersecurity-related documents and procedures.
Technical environment: VMware, Paloalto, SentinelOne, PingCastle, Kali-Linux, BloodHound, Qualys, Windows Server, AD, ADCS, DNS
Active Directory IS Architecture Hardening PenTest Remediation
McDonalds
Cybersecurity Expert
RESTAURANTS AND FOOD SERVICE
April 2024 - October 2024 (6 months)
Paris, France
Missions:
- Check Point Firewalls Management:
• Technical firewall audit.
• Verified configuration compliance with security policy.
• Analyzed security rules, NAT rules, and created objects.
• Cleaned, hardened, and reorganized security rules.
• Managed firewall administration.
• Optimized firewall performance.
• Log analysis.
• Flow management.
• Updated architecture documents.
- Sentinel One XDR Management:
• Configured Endpoint scopes and groups.
• Defined agent deployment strategy and mass agent deployment.
• Created security policies, exceptions, and restrictions.
• Managed user access and roles.
• Analyzed logs and managed alerts and incidents.
• Facilitated technical optimization workshops with the vendor.
• Created realization monitoring KPIs.
• Updated cybersecurity-related deliverables (procedures, BCP, DRP, incident management).

Technical environment: VMware, Check Point, Linux, Windows, SentinelOne
SentinelOne Checkpoint IS Architecture Cybersecurity Firewall
France TV
Cybersecurity Expert
FILM AND AV
January 2023 - March 2024 (1 year and 2 months)
Paris, France
Missions:
National deployment of CORTEX XDR
• Defined and scoped the solution's coverage.
• Defined Cortex XDR architecture (HLD/LLD).
• Configured Endpoint scopes and groups.
• Implemented cyber governance.
• Defined agent deployment strategy and mass agent deployment.
• Created security policies, exceptions, and restrictions.
• Managed user access and roles.
• Analyzed logs and managed alerts and incidents.
• Facilitated technical optimization workshops with the vendor.
• Monitored implementation progress.
• Created realization monitoring KPIs.
• Updated cybersecurity-related deliverables (procedures, BCP, DRP, incident management).
• Updated IS architecture.
• Developed project progress summaries and reports.
Patch Management
• Defined security patches.
• Defined the application scope.
• Defined the patch chronological plan.
• Created deployment packages and tasks.
• Monitored patch application progress.
• Ensured remediation of failed patches.
• Created realization monitoring KPIs.
• Updated cybersecurity-related deliverables (procedures, BCP, DRP, incident management).
• Developed project progress summaries and reports.
Operational Tasks
• Created SSO-ADFS connectors.
• Conducted technical audits of cybersecurity solutions (inWebo, Malwarebyte, Symantec).
• Developed post-audit reports and action plans.
• Ensured email flow security.
• Ensured security and high availability of the audio-visual broadcast system.
Technical environment: Cortex XDR, Inweboo, Malwarebyte, Symantec, Forcepoint, Office 365, SSO, ADFS, ALOA, Palo Alto Firewall, IVANTI, Windows Server 2008 to 2022, Linux (Redhat, CentOS, Debian), VmWare, Nutanix, Wallix Bastion
XDR Patch Management IS Architecture MFA PKI