Freelancer profile translated to English.

Description

With over ten years of experience in cybersecurity, I support startups and large companies in securing their Linux, Kubernetes, containerized environments, and AI workloads, while ensuring their compliance with major security standards.

I translate and convert standard requirements (e.g., ISO 27001) into concrete and applicable technical measures.

My work is based on both complex technical missions (writing LSM policies, system hardening, application audits) and strategic issues (security roadmaps, prioritization, maturity development).

Main expertise:

Security Compliance: iso27001, SOC2, STIG, NIST 800-53, and other enterprise frameworks

Linux, Kubernetes, containers, and AI platform security

Low-level policies: SELinux/AppArmor, seccomp, K8s PSS/PSA.

Vulnerability Management: analysis (CVSS), remediation, CVE footprint reduction, identification of critical flaws in images and configurations.

DevSecOps: CI/CD security, supply chain, tools/dependencies, processes, and training.

Other areas of intervention:

AI Security: prompt analysis and hardening, as well as their integration.

Detection & Response: signal architecture, log pipelines, advanced rules.

Incident Response: Linux/K8s forensic analysis, compromise, remediation.

Email & DNS Security: SPF, DKIM, DMARC, DNSSEC governance.

Missions performed:

Support for an AI startup specializing in computer vision on securing product configuration, ML pipeline, and code distribution chain.

Securing an international on-premise storage solutions provider: pentesting, OS and container hardening, Kubernetes compliance.

Would you like to strengthen your workloads, secure your AI environments, improve your compliance, or reduce your CVE exposure? Let's talk.

Languages

English
Native or bilingual
French
Native or bilingual

Workplace preferences

Remote only

Primarily works remotely

RANCHER by SUSE
Senior Product Security Engineer
April 2023 - Today (3 years and 2 months)
Deployment and security of Kubernetes clusters via Rancher (RBAC, policies, hardening)
Implementation of compliance controls (CIS Benchmarks, security audits)
Automation of deployments and workload management (CI/CD, GitOps)
Analysis and remediation of vulnerabilities in containerized environments
Support and guidance for teams on Kubernetes/Rancher usage and best practices
Kubernetes SELinux dev-sec-ops PenTest Cloud computing
Orange Business Services
Lead Infrastructure Security Engineer
TELECOMMUNICATIONS
August 2020 - September 2022 (2 years and 1 month)
SIEM Migration: Leading the transition to Elastic Security (log management, Syslog/Filebeat feeds, and detection rules).
Security Automation: Automated deployment of Firewall and IPS policies via Python and Ansible Tower.
DevSecOps Lead: Creation of secure CI/CD pipelines with integrated source code vulnerability scanning.
Vulnerability Management: Asset auditing via Zabbix and development of test scripts against critical flaws (Log4j type).
Hardening of K8s/Unix environments
Ansible Python DevSecOps SIEM Kubernetes
Yucca Systems
Senior Security Architect
TELECOMMUNICATIONS
November 2022 - Today (3 years and 7 months)
Yucca Systems is dedicated to providing the highest level of security for Linux and container systems.
Services:
- Audit
- Hardening
- Detection & Response
Linux Forensics Kubernetes SELinux