Freelancer profile translated to English.

Description

In addition to my development tasks, I design and deploy resilient, secure, high-performance, and easy-to-operate infrastructures on a daily basis. This applies to cloud, bare-metal, and hybrid environments.

I have contributed to or successfully completed several cloud migrations and I maintain high-traffic infrastructures daily.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 30km)

UFF
Tech Lead Java - DevSecOps
BANKING AND INSURANCE
December 2022 - Today (3 years and 6 months)
Bois-Colombes, France
As a DevSecOps security tech lead, I am responsible for integrating cybersecurity into the entire application lifecycle, from design to implementation. My responsibilities include:
Defining and implementing application security requirements and secure development standards
Analyzing and remediating cross-cutting vulnerabilities in applications and infrastructures
Migrating and securing CI/CD tools (Gitlab, Jenkins, Sonar) to address security flaws
Administering and configuring secure development tools (Gitlab, Jenkins, Sonar)
Conducting security-oriented code reviews and applying OWASP best practices
Implementing and administering advanced security tools (Checkmarx, Qualys, SonarQube) and integrating vulnerability analysis steps into CI/CD pipelines
Planning and executing penetration tests (Pentests), analyzing results, and reporting
Remediating application, server, and network vulnerabilities identified during audits
Actively participating in operational security and governance meetings
Securely migrating Cloud VMs and applications while adhering to security standards
Designing and implementing secure deployment pipelines (Jenkins, Kubernetes, Docker)
Introducing security aspects to CI/CD tools.
Migrating tools such as Gitlab, Jenkins, SQUASH Test to non-vulnerable versions
Cybersecurity SonarQube Checkmarx Cybersecurity Audit Cybersecurity Governance
SOCIETE GENERALE
IT Project Technical Manager - DevSecOps
BANKING AND INSURANCE
March 2018 - November 2022 (4 years and 8 months)
Fontenay-sous-Bois, France
I was part of the Business Solution Center (RESG/BSC) entity, a shared services center dedicated to providing the Société Générale Group's entities and departments (Finance, Risks, Human Resources, etc.) with comprehensive IT solutions.
Key Responsibilities:
Implementing security best practices in the development and deployment cycle
Training and supporting technical teams towards a DevSecOps culture
Setting up a continuous vulnerability monitoring platform for rapid detection and remediation
Coordinating technical and security teams to ensure a cross-functional and effective approach
Managing production security incidents and implementing corrective measures
Estimating and validating projects for evolution, incorporating security constraints
Creating secure deployment scripts with Ansible, including secret and access management
Implementing an Identity and Access Management (IAM) strategy to enhance the security of development and production environments
Training 20 developers on security and continuous deployment best practices
Setting up secure CI/CD pipelines (Jenkins, Kubernetes, Docker) with vulnerability scans
Ansible DevSecOps Cybersecurity IAM Kubernetes
CARREFOUR
JAVA/JEE Development Engineer + DevOps
RETAIL (LARGE RETAILERS)
February 2017 - May 2018 (1 year and 3 months)
91300 Massy, France
Project: Design and implementation of a secure continuous and automatic deployment tool
Key Responsibilities:
Creating secure deployment scripts with Ansible, including access and secret management
Setting up a continuous integration (CI) pipeline with automatic triggering upon Git commits
Designing Jenkins pipelines (Jenkinsfile) with integration of security tests
Integrating security testing tools into the CI/CD pipeline (SAST, DAST, SCA)
Optimizing the ELK search engine (Java 8, Stream, Lambda, JProfiler)
Securing ElasticSearch queries and implementing event monitoring
Participating in security audits and implementing recommendations
Developing secure Java Web Services with REST API and Jersey
Automating SSL/TLS certificate management to ensure communication security
Implementing a real-time monitoring system to detect security flaws quickly
Securing and encrypting data during indexing phases
DevSecOps CI/CD Jenkins ELK Cybersecurity