Freelancer profile translated to English.

Description

Graduate EngineerfromCentrale Lyon**, I have over 6 years of experience in developing and **securingweb applications.

My career began in 2017 with a 3.5-year experience at BAM (Theodo group), where I developed applications using React, React Native, Node.js, Express, Nest.js, and PostgreSQL.

I then dedicated my skills to the Court of Cassation for 1.5 years, working on critical projects with React, Node.js, Express, and MongoDB.

For over 2 years, I have specialized in **web application cybersecurity**. My expertise covers a wide range of areas:

-Pentesting(penetration testing) to identify andexploit vulnerabilitiesin web systems.

-Securing authentication mechanisms(with a specialization in the OpenID Connect protocol)

- Creation and management ofBug Bountyprograms on recognized platforms (HackerOne, Bugcrowd, YesWeHack) withvulnerability remediation

- Deployment of protection strategies against common attacks: **SQL injections, XSS, CSRF, IDOR**, etc.

-Trainingandawarenessfor technical and non-technical teams on cybersecurity best practices, through workshops and interactive sessions.

I am passionate about securing digital ecosystems and preventing cyber threats. My approach combines constant technological monitoring, solid development skills, and rigorous risk management methodology.

My goal is to support my clients in protecting their web applications, by combining pragmatism, performance, and optimal security.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
Spanish
Fluent
Italian
Conversational

Workplace preferences

Can work on-site

Paris 12e Arrondissement (up to 10km)

Beta Gouv - DINUM
Cybersecurity Expert - Pentester
PUBLIC SECTOR
March 2022 - Today (4 years and 3 months)
Paris, France
As a cybersecurity expert at beta.gouv (DINUM), I contribute to strengthening the security of web products developed by French administrations. My role includes several key missions:

- Conducting in-depth security audits, including architecture analysis, code reviews, and penetration tests (pentesting) to identify and fix critical vulnerabilities.
- Supporting teams in setting up bug bounty programs, from conception to execution, ensuring rigorous follow-up of vulnerability reports.
- Proactive vulnerability remediation, with practical and adapted recommendations to secure critical systems.
- Raising awareness and training technical and non-technical teams on cybersecurity, through workshops on best practices and attack prevention (XSS, CSRF, SQL injections, IDOR, etc.).
- Developing and deploying specialized tools for:
- Moving Github repositories to "private"
- Proactive vulnerability detection through automated scans integrated into CI/CD pipelines.
- Tracking versions of software used "on premise"
- Monitoring systematic commit signing

By collaborating closely with multidisciplinary teams, I ensure that each product meets the most demanding cybersecurity standards, while promoting a pragmatic approach adapted to the constraints of public projects.

Cybersecurity Security Audit Training Web Development Web Pentest PenTest
Cour de cassation
Full-Stack Developer
PUBLIC SECTOR
September 2020 - March 2022 (1 year and 6 months)
Paris, France
The challenge is to make the decisions of French courts publicly available (open data) by improving and automating the anonymization process that must be applied to them.
Project link: https://eig.etalab.gouv.fr/defis/label/

During my mission, I established the project's foundations: React bootstrap, Node / Express and MongoDb, implementation of an MVC architecture, development of a migration system, code sharing between front and back. Then, with Nicolas Assouad and Romain Glé, I developed the product in constant iteration with its users: deployment several times a week, continuous integration, PR review, Test-Driven Development.
React.js Node.js Express Typescript Jest MongoDB React Node
Theodo
Full-Stack Developer
DIGITAL AND IT
April 2017 - August 2020 (3 years and 5 months)
Paris, France
Personal achievements:
- 2 x 1-hour cybersecurity training sessions: presentation and practical cases of the OWASP Top 10

- Talk on cognitive biases affecting our personal and professional decision-making (YouTube link: https://www.youtube.com/watch?v=2Diydf-Tsus)
- Publication of a technical article on unit testing (link: https://blog.bam.tech/developer-news/tests-why-how-when)
- Mentoring and training a novice developer (5 months)

Projects:
Ogury Consent Manager (Ogury, 7 months) - web application (ReactJS, GraphQL) - helps web and mobile application publishers manage user consent for the collection and use of their personal data

Villagile (Suez, 5 months) - web application + back-end (ReactJS, Symfony 3, Kubernetes) - helps town hall staff manage incidents, complaints, and work in their municipality

Investo and MyClub (BNP Paribas, 4 months) - mobile application + back-end (React Native, Firebase, Python, Flask) - assists BNP clients in understanding their financial investments

Call My Vet (3 months) - mobile and web application + back-end + back-office (ReactJS, React Native) - allows for veterinary teleconsultations (payment, video conferencing)

Rift (Lita, 4 months) - mobile application + back-end + back-office (React Native, NestJS, TypeORM, Forest Admin) - allows individuals to understand the ecological and social impact of their savings

Application under NDA (3 months) - web application + mobile application + back-end + back-office (ReactJS, React Native, NestJS, Forest Admin) - allows individuals to access bodybuilding and training content
React.js React Native NestJs Express PostgreSQL Typescript Node Cybersecurity Cybersecurity Awareness