Freelancer profile translated to English.

Description

Systems security expert. I primarily address information system security issues across all architectural components.

I advise and support companies in integrating security during both BUILD and RUN phases.

My skills enable me to respond to, support, and guide technical teams on operational security projects by providing technical solutions.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 50km), Paris (up to km)

AXA
Tech Lead / Qualys Expert
BANKING AND INSURANCE
January 2025 - February 2026 (1 year and 1 month)
Paris, France
Role – Tech Lead / Qualys Expert
Tech Lead responsible for deploying the new Qualys ETM module, with advanced expertise in
Qualys platform administration (VM, Policy Audit, CSAM…).
Challenges: Transitioning from a prioritization model based "on detection severity" to a risk-based model
focused on "asset criticality and its detections" to mobilize teams responsible for remediating critical assets.
As part of the ETM launch, with AXA as a Design Partner, I work closely with the
Qualys ETM PO, reporting malfunctions and product improvement requests
to meet expectations.
Actions taken:
• Integration of Qualys ETM with IT environments (Scanning Solutions and ITSM..).
• Responsible for integrating external data (API, scripts, ETL)
• Enrichment of Qualys assets (ServiceNow CMDB source)
• Interventions in complex hybrid environments (on-premise / cloud) and multi-site.
• Automation of vulnerability scans and analysis.
• Evolution of the TruRisk Score calculation (formula, vulnerability and asset weights)
• Optimization of correlation rules during asset integration
• Management of product correction and evolution requests with the publisher (weekly meeting).
• Implementation of Vulnerability Prioritization based on risk for IT/Security departments to
support technical teams in remediation.
• Creation of Dashboards: Coverage, Vulnerability, and Patch Management in UD.
• Training of CDPs for presentation to entities.
• Deployment on the Group's Pilot Entities.
• Support for CDPs during follow-up committees/presentations of new features.
• Implementation of Statistics, reports, and alerts for transition to BAU.
Qualys VOC Vulnerability Management Hardening IT Risk Management
BPCE Infogérance & Technologies
Systems Security Expert
BANKING AND INSURANCE
March 2020 - December 2024 (4 years and 9 months)
Charenton-le-Pont, France
Role: Systems Security Expert - Qualys Expert - Systems Security Department
DSS systems intervenes on all infrastructure elements to control and organize the remediation of vulnerabilities and hardening of equipment configurations.

Challenges: Reduce the number of vulnerabilities and define, implement, and manage the hardening process.

Actions taken:
IT asset management
Vulnerability Management
Patch Management (Increased frequency of SRV, WKS, DC, DB cycles)
Compliance of critical perimeters
Management of the Qualys infrastructure (Agent, Appliance, proxy, sensor, subscription configuration…)
Automation of VM and PC vulnerability scans
Collection and consolidation of Qualys data.
Monitoring and remediation of cross-functional vulnerabilities
Support for systems/application/business teams
Creation of specific vulnerability and hardening dashboards
Monitoring the reduction of vulnerabilities and obsolescence
Definition of Hardening Processes
Planning, presentation, and coordination of hardening and recovery actions

Dashboard creation
Data historization and KPI provision
Facilitation of monthly committee meetings
Annual review of vulnerability and hardening management processes
Regulatory watch (DORA, NIST, ..)
...

Management:
Team organization and coordination
Crisis management
Audit responses.

Success factors:
Organization
Planning
Communication
Tools and Project Methodologies: QUALYS, Splunk, O365 Suite, ServiceNow, Azure, GCP, AWS,..

NATIXIS CIB AMERICA – NEW YORK Nov. 2022 – April 2023
NATIXIS March. 2020 – Oct 2022
AXA
Senior Technical Project Manager Infrastructure / Security
February 2018 - March 2020 (2 years and 1 month)
Île-de-France, France
Role: Project Manager - Systems and Security Infrastructure (S&D French Market)
The "French Market" division is the single point of contact for AXA group entities in the SOUTHERN EUROPE region. My role is to meet the infrastructure and security needs of the OPCOS (Group Entities).

Projects completed:
Infrastructure:
Resumption of the deployment of a Group invoice management solution (17 Countries)
Upgrade of ITESOFT, CODA, POPPULO Business Solutions..
Separation of an AXA LE entity to ARCHITAS
Creation of a new AXA NEXT entity
Migration of solutions to Private Cloud/Azure
Deployment of servers (Core-IT, Private or Public Cloud, SaaS, PaaS, IaaS)
Decommissioning of infrastructures (CITRIX, EXCHANGE)
Site relocation (collines de l’arche to Java-Pont Cardinet)
Security:
MTSB - Hardening of configurations for 5 Entities GIE, ALM, ALE, AGRE, and AGS
Actions on OS, Domain Controller, IIS, APACHE, SQL, Oracle…
Strengthening of the Password Policy
Patch Management: Corrections of severities 4 and 5
Review of Assets to confirm the GIE perimeter
ISMS Participation
ISO 27001 Participation (Infra Referent)
Deployment of data classification (AIP, AIP scanner,)
Strengthening of PROXY Policies (On Prem, CLOUD)
Correction of vulnerabilities detected during Pentests
Participation in improving QUALYS, CAS processes and tools
Review of Access Management (IAM, PAM) CyberArK, ArcSight

Success Factors:
Ability to consolidate collected information
Technical knowledge
Project visibility.
Adherence to deadlines and budgets
Technical environment: Windows, Linux, Oracle, SQL, Private/Public Cloud, Azure, GCP, AWS, AXWAY, CyberArk,..

Tools and Project Methodologies: Power BI, Excel, MS Project, SharePoint, ITIL. ServiceNow, Fireflow, Perform, Confluence