Freelancer profile translated to English.
Back to original languageAbout Chris
Hello and welcome,
I have been working for several years with clients of all sizes, from SMEs to CAC40 groups, as well as with public sector organizations, to assess and strengthen the security of their information systems.
I am OSCP and PASSI certified, which allows me to undertake penetration testing, architecture audits, source code audits, configuration audits, as well as acting as an audit manager.
My assignments focus mainly on two areas:
1. Technical audits and penetration testing:
- Needs analysis to define the scope of the audit (e.g., security assessment of a web application, web API, or Active Directory network infrastructure).
- Performing penetration tests.
- Identification of vulnerabilities, qualification of business risks, and formulation of concrete recommendations.
- Writing detailed reports summarizing the overall assessment and the tests performed.
- Clear and structured restitution, both technical and managerial.
2. Specialized audits:
- Configuration audit: analysis and optimization of system and application parameters.
- Architecture audit: evaluation of the design of on-premise or cloud systems and infrastructures to ensure their robustness.
- Source code audit: secure code review to detect vulnerabilities and propose appropriate corrections.
If my skills match your needs or if you would like to know more, please do not hesitate to contact me to discuss.
French
Native or bilingual
English
Fluent
Can work on-site
Paris (up to 50km)
Experience
- INSEETechnical AuditPUBLIC SECTORNovember 2024 - November 2024Paris, FranceWeb application penetration testingPerforming comprehensive penetration tests on web applications to assess their resistance to common attacks (injections, XSS, CSRF, authentication bypass, etc.).Using specialized tools (Burp Suite, OWASP ZAP, Nmap, Nikto, Metasploit) and manual methods to identify vulnerabilities not detected automatically.Applying security standards such as OWASP Top 10, CWE/SANS, and best practices for application hardening.Developing technical and executive reports detailing vulnerabilities, their criticality level, and tailored remediation recommendations.Contributing to the validation of fixes and raising awareness among development teams on application security.
- EDFTechnical AuditENERGY AND UTILITIESOctober 2024 - December 2024 (2 months)Nanterre, FrancePerforming manual and automated penetration tests on internal web applications to identify security vulnerabilities (injections, XSS, CSRF, poor session management, etc.).Using tools such as Burp Suite, OWASP ZAP, Nmap, Nikto, and Metasploit for vulnerability detection and exploitation.Writing detailed reports presenting discovered vulnerabilities, their criticality, and remediation recommendations according to OWASP Top 10 and CWE/SANS standards.🔹 Infrastructure Component Configuration AuditAnalyzing and evaluating the security of systems and equipment: servers (Linux, Windows), firewalls, routers, and databases.Identifying misconfigurations (open ports, excessive privilege accounts, outdated protocols, lack of encryption).Developing audit reports and assisting technical teams in implementing corrective actions.
- Ministère de la Transition EcologiqueTechnical AuditPUBLIC SECTORSeptember 2024 - October 2024 (1 month)Paris, FranceConducting penetration tests on web applications: attack surface analysis, component mapping, exploitation of potential vulnerabilities (SQL injections, XSS, CSRF, deserialization, poor session management).Writing technical reports and remediation recommendations for development teams.
Reviews
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master Networks and CybersecurityPierre et Marie Curie Paris 62008Informatique, programmation, cyber sécurité, bases de données, scripting.
Certifications
- OSCP Offensive Security Certified ProfessionalOffensive Security2021
- PASSI (Information System Security Audit Provider)LSTI2025