You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Lamiae ObilaLO

Lamiae Obila

Cybersecurity Engineer

€670/day
Nanterre, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Lamiae

IT Security Engineer specializing in cybersecurity and risk analysis. I am looking for new missions that will allow me to grow and support clients in their security integration processes in projects. I am ISO27005 and ISO27001 certified. I am Fortify certified (MicroFocus code audit tool) and also SCRUM certified, so I can take on IT Security project management roles. I am a smiling, committed, and ambitious person. Feel free to contact me if my profile inspires you.
  • English

    Native or bilingual

  • French

    Native or bilingual

  • Arabic

    Native or bilingual

  • German

    Basic

Can work on-site
Nanterre (up to 50km)

Experience

  • Bnpparibas
    Cybersecurity Consultant
    BANKING AND INSURANCE
    October 2025 - Today (10 months)
    Montreuil, France
    • Analysis of risk assessments carried out by the 1st line of defense (1LOD) on cloud outsourcing projects.
    • Review of the Group's cloud outsourcing projects, including APIGEE Hybrid, Power Platform, and AI solutions.
    • Conducting IT and security risk analyses, according to the ISO 27005 methodology, prior to business and technical projects.
    • Study of requests for derogation from Group standards.
    • Management of security derogations and formalization of risk acceptances in coordination with IT and Risk teams.
    • Evaluation and validation of security solutions in hybrid environments, including Cloud platforms (Azure, GCP, AWS, IBM Cloud).
    • Monitoring compliance with the Group's security policy and support for cross-functional cybersecurity initiatives.
    • Active contribution to security committees and collaboration with business teams, IT architecture, DPO, compliance, 1LOD, and Cloud CISO.
    • Monitoring the application of data encryption requirements and the use of KeyVault (Azure Key Vault or Thales HSM).
    • I contributed to the study of several projects: DSP2 and DSP3 business projects, Cloud Migration, SaaS solutions, APIGEE Hybrid, AKAMAI API Security.
    Risk Analysis ISO 27005 EBIOS RM Azure Cloud AI Security
  • AXA Wealth Services
    CISO Consultant
    BANKING AND INSURANCE
    April 2021 - June 2025 (4 years and 2 months)
    Nanterre, France
    • Conducting IT and security risk analyses according to ISO 27005 standards, in line with the Group's IT Risk policy
    • Development and improvement of risk management procedures: assessment models, risk sheets, security policies (ISO 27001/27002);
    • Drafting and management of derogations and risk acceptances, in conjunction with security, IT, and business stakeholders;
    • Conducting periodic security reviews of suppliers (audit, due diligence), with follow-up of associated action plans;
    • Organization and management of penetration tests in coordination with a service center, external providers, and internal teams;
    • Monitoring vulnerability remediation: coordination of fixes, re-tests, and long-term action tracking;
    • Contribution to the detection of risky behaviors, potential incidents, or compliance deviations in projects;
    • Participation in the security analysis of technical architectures, validation of security requirements in project deliverables;
    • Support for project teams in integrating cybersecurity from the design phase, in accordance with internal standards and frameworks (ISO 27001, OWASP, PCI DSS);
    • Contribution to the implementation and verification of PAM controls (cyberark);
    • Active contribution to the implementation and management of cybersecurity service lines at the corporate and European zone level: DevSecOps, SOC, vulnerability management, SAF (Security Assurance Framework);
    • Participation in the evaluation and validation of security solutions (API Management, AWS and Azure Cloud), with a security architecture-oriented approach;
    • Securing key projects: cloud migration (AWS, Azure), SI APIfication project, security configuration of the Mashery API Management solution;
    • Monitoring security KPIs and developing dashboards for the CISO and local and group stakeholders.
    API Management REST API ESG WAF
  • EQUENS WORLDLINE
    APPLICATION SECURITY CONSULTANT
    DIGITAL AND IT
    February 2016 - March 2019 (3 years and 1 month)
    Blois, France
    1. Application Security:
    • Development of secure Back End applications in the payment domain (Issuer and Acquirer side) and personal data security: JAVA, Spring, REST/GraphQL API, SWAGGER, API MANAGEMENT (APIGEE), Unix, MYSQL, GIT, HG, Jenkins, JBOSS, Docker;
    • Implementation of APIGEE and integration of APIs and web services in the Monetary domain (within the scope of DSP2);
    • Study and development of cryptography algorithms based on NIST recommendations;
    • Monitoring of penetration tests (Pentest) and report generation;
    • Configuration and integration of HSM devices (DEP/BULL);
    • Configuration of several tools like JMAC, ActiveMQ;
    • Analysis and security audit of code: Manual code review and using SONARQUBE;
    • Mastery of payment standards (PCI DSS/ISO 27001), NIST recommendations, and GDPR.
    2. Integration and Operational Security:
    • Staging and Production Delivery;
    • Implementation of the Patch Management process;
    • Monitoring and analysis of security incidents;
    • Configuration of the ISMP alerting platform;
    • Defining a platform roadmap;
    • Configuration, optimization, and delivery of REDHAT environments;
    • Deployment of platforms with an internal solution;
    • Platform monitoring using Splunk and HORUS;
    • Implementation of an API MANAGEMENT platform (APIGEE);
    • Securing applications with SSO (Single Sign-On);
    • Platform migration;
    • Design of applications and software architecture studies;
    • SQL and NoSQL database administration (Cassandra, MongoDB);
    • Study, development, and integration of an OAuth 2.0 solution in a JAVA/J2EE application.
    3. Level 2/3 Technical Support:
    • Ensuring resolution of Application and Security incidents;
    • Knowledge transfer (Internship supervisor);
    • Post-migration assistance;
    • Conducting presentations in French and English at technical events.
    Code Audit SCRUM Java JBoss Application Server PCI DSS OAuth APIGEE GRAPHQL API CASSANDRA SSO SPLUNK HSM

Recommendations

Be the first to recommend Lamiae

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Software Administration and Security
    INSA Centre Val de Loire
    2016
  • Computer Network Security
    Ecole Nationale des sciences appliquées KENITRA
    2014

Certifications

Skill set

Categories