About Aroua
French
Native or bilingual
English
Fluent
Experience
- FreelanceAI Security, DevSecOps & Compliance ExpertBANKING AND INSURANCEAugust 2020 - Today (6 years)Paris, FranceWorking with the security standards of LVMH, Thales, AXA, EDF, L'Oréal, Allianz, BNP Paribas, Galeries Lafayette, and other French and European groups.AI Security and AI Act Compliance- Threat modeling LLM, RAG, and agents: prompt injection, data leakage, jailbreak, agent hijacking- AI Act compliance (governance, documentation, reporting)- Technical guardrails and ML pipeline security- Third-party AI chain audit (Bedrock, OpenAI, Mistral, Azure OpenAI)- Shadow AI and vendor risk governanceDevSecOps and Application Security- Blocking CI/CD quality gates (Azure DevOps, GitLab CI/CD, Jenkins)- SAST (SonarQube, Snyk, Fortify, Checkmarx), DAST (OWASP ZAP), SCA- Critical release security validation, blocking non-compliant production deployments- Threat modeling, secure code review, application risk analysisISO 27001, PCI DSS, ISO 42001, SOC 2 Certifications- Maturity assessment, BUILD management up to certification, compliance maintenance (RUN)- Documentation ready for external auditCyber Resilience Act (CRA) Compliance- CRA mapping, roadmap for 09/2026 and 12/2027 deadlines- Vulnerability management, reporting to ENISA and CSIRT- Application of the AI Act to high-risk AI systems (Annex III)
- BNP ParibasApplication Security / AppSec ConsultantBANKING AND INSURANCEDecember 2016 - July 2020 (3 years and 7 months)Paris, FranceLong-term assignment with BNP Paribas, initially with CGI and then as an independent freelancer. Security validation of critical banking applications (eBanking, transactional flows).- Security validation of critical banking applications: authentication, session management, data protection, transactional flow encryption- Blocking releases with uncorrected vulnerabilities and monitoring remediation before any production deployment- Prioritization of application vulnerability criticality (OWASP Top 10) and communication of fixes to development teams- Collaboration with technical teams on security implementation choices, validation of fixes in a CI/CD context- Integration of security controls into the CI/CD workflow and dissemination of secure development practices
- SuntorySecurity Consultant - Application Architecture & Anti-RansomwareAGRICULTUREMay 2016 - November 2016 (6 months)Paris, FranceFreelance assignment for Suntory on evaluating and securing the application ecosystem and defining an anti-ransomware protection strategy.- Evaluation of application ecosystem security and implementation of associated remediation plans- Definition of application security architectures that meet business needs and protection requirements- Integration of security controls into application components- Development of an anti-ransomware protection strategy and strengthening of application system resilience
Reviews
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- PhD in Computer ScienceTélécom SudParis2009
- Master's Degree in Computer Science - Information Systems SecurityUniversité Pierre et Marie Curie2006
Certifications
- MIT - Applied AIMassachusetts Institute of Technology2026
- ISO 27001 Lead AuditorISO2012