You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Flavio SensFS

Flavio Sens

Embedded IoT Cybersecurity | CRA & RED

€500/day
Paris, FR
3-7 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Flavio

Cybersecurity consultant specialized in embedded systems and IoT, I support companies in securing their connected products, from design to regulatory compliance (CRA, RED).

I address concrete security issues (firmware, hardware, cryptography).

I can assist you with:

  • Anticipating the requirements of the Cyber Resilience Act (CRA) and the RED directive

  • Assessing the security of your products (audit, vulnerability analysis, embedded / IoT pentest)
  • Conducting risk analyses (EBIOS RM) adapted to your systems

  • Identifying security flaws in your firmwares, protocols, or architectures

On the technical side:

  • Performing penetration tests (software & hardware) on embedded and IoT systems

  • Code audit and firmware security analysis
  • Implementing security mechanisms: secure boot, cryptography, key management (PKI)

  • Analysis and security of communications (embedded protocols, IoT)

Product compliance & security:

  • Compliance support: EN 18031, ANSSI best practices

  • Integration of Secure by Design principles
  • Contribution to the robustness and resilience of connected products

My goal:

  • Secure your products without slowing down your time-to-market

  • Quickly identify critical vulnerabilities
  • Provide targeted technical expertise without burdening your teams

🤝 Interventions possible in:

  • One-off audit / pentest

  • Project support
  • Technical support for your security developments

  • Training your teams (embedded cybersecurity, IoT, cryptography, CRA/RED)
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km), Lyon (up to 50km), Nice (up to 50km), Toulouse (up to 50km), Lille (up to 50km)

Experience

  • Serma Safety and Security
    Embedded & IoT Cybersecurity Consultant
    INTERNET OF THINGS (IOT)
    November 2025 - Today (9 months)
    Paris, France

    🔒 Firmware & Cryptography Security Audit (Hitachi)

    • Security audit of firmwares on payment terminals and railway systems, with in-depth analysis of encryption mechanisms, key management, and cryptographic primitives. Work carried out in compliance with PCI PTS and EMVCo standards. Identification of critical vulnerabilities (flawed key management, weak cryptographic implementations, integration flaws) and prioritized corrective recommendations for technical teams.

    🎯 Automotive ECU Pentest — USB, Wi-Fi, Bluetooth (Renault)

    • Penetration testing on embedded control units (ECUs) via USB, Wi-Fi, and Bluetooth interfaces, as part of automotive cybersecurity projects. Identification of attack surfaces and exploitation vectors on connected vehicle systems.

    🎓 Embedded Linux Security & DevSecOps Training (Merck, KNDS, Atraltech)

    • Design and delivery of customized training programs for major clients, covering embedded Linux security, Secure Coding, and DevSecOps integration on industrial Linux systems.

    📋 IoT Regulatory Compliance — CRA & RED

    • Support for compliance with the Cyber Resilience Act (CRA) and the RED Directive (Radio Equipment Directive), to secure the product lifecycle of connected objects from the design stage.

    🛡️ Securing Embedded Systems & IoT

    • Strengthening the security of embedded and IoT architectures: secure boot, secure OTA updates, and cryptography applied to constrained environments.
    Embedded Systems PenTest Security Audit Compliance Audit Cryptography
  • Commissariat à l'énergie Atomique (CEA)
    R&D Cybersecurity Engineer in Cryptography (Post-Quantum)
    DEFENSE AND MILITARY
    May 2024 - October 2025 (1 year and 5 months)
    Grenoble, France
    • Research and vulnerability analysis in cryptographic C code, particularly in post-quantum cryptography (PQC), using static and dynamic analysis tools

    • Evaluation, benchmarking, and selection of security tools (SAST, DAST, fuzzing) adapted to sensitive environments
    • Contribution to security certification processes: Common Criteria (CC), CESTI evaluations, compliance with ANSSI standards

    • Monitoring and support for migration to post-quantum cryptography (PQC) according to ANSSI, BSI, and NIST recommendations
    • Participation in defining security requirements and cryptographic best practices
    Cryptography Security Audit Compliance Common Criteria Vulnerability Analysis
  • Crédit Agricole
    Cybersecurity Officer – Cryptography & PKI
    August 2023 - May 2024 (9 months)
    78280 Guyancourt, France
    • Relaunch of a critical cybersecurity project (PKI) initially interrupted (COVID), bringing it back into production and structuring the work

    • Design and development of a certificate management tool (PKI) in Java
    • Implementation and management of the certificate lifecycle (issuance, renewal, revocation)

    • Strengthening the security of identity and key management infrastructures (PKI)
    • Contribution to the reliability of security processes and business continuity
    Cryptography Cybersecurity Project Management PKI

Recommendations

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Master's degree in Cybersecurity
    Sorbonne Université
    Réseaux & Architecture : Architecture des Réseaux Développement sécurisé : Secure Coding Tests d’intrusion & audit : Ethical Hacking et Pentest, Audit de la Sécurité des SI Protection des données : Sécurité des Bases de Données, Sécurité des Communications Cryptographie : Primitives Cryptographiques et Fonctions de Sécurité Analyse avancée : Reverse Engineering
  • Bachelor's degree in Computer Science
    Sorbonne Université
    Architecture et systèmes : Architecture des ordinateurs, Fondements des systèmes d’exploitation, Programmation concurrente, Programmation Shell Développement et algorithmique : Algorithmique appliquée, Structures de données, Programmation objet, Programmation fonctionnelle, Programmation comparée Bases de données et génie logiciel : Bases de données relationnelles, Systèmes de gestion de bases de données, Génie logiciel Web & technologies avancées : Technologie du Web, Compilation, Sciences des données Sécurité & cryptographie : Sécurité informatique, Cryptologie Mathématiques & intelligence artificielle : Mathématiques discrètes, IA et jeux, Statistique et informatique Autres compétences : Logique, Architecture logicielle

Certifications

  • EBIOS Risk Manager
    PECB
    IS Risk Mapping Cybersecurity Risk Analysis Information Systems Security Threat and Risk Scenario Identification Risk Assessment Cyber Risk Management EBIOS RM Cybersecurity Governance Risk Management Business Impact

Skill set

Categories