About Megane
French
Native or bilingual
English
Fluent
Experience
- CHANEL SAS - GDS Chanel.comCYBERSECURITY CONSULTANT (ISP | GRC | CLOUD SECURITY | RESILIENCE)LUXURY GOODSSeptember 2024 - Today (1 year and 11 months)Neuilly-sur-Seine, FranceContext: Responsible for the security of the Chanel.com platform, the mission involves supporting delivery teams (USA, Korea, UK, Japan, China, etc.) in integrating security from the design phase (Security by Design) for global e-commerce platform projects. The main objective is to deploy the security roadmap and industrialize cybersecurity practices around three strategic pillars: Risk Management - IT Resilience - Vulnerability Management.Responsibilities:- Security Roadmap Steering- ISP (Integration of Security in Projects) - Risk Management- Vulnerability Management- IT Resilience Management- Third-Party Management
- SAFRAN SAECLOUD SECURITY CONSULTANT | SECURE ARCHITECTURE | DATA GOVERNANCEAVIATION AND AEROSPACEApril 2024 - August 2024 (4 months)Paris, FranceContext: Design of a secure cloud architecture for granular access management to a data platform in a highly regulated environment (sensitive data and sovereignty constraints). The objective was to control data access based on user nationality, geographical location, and security profile, while respecting compliance and export control constraints.The mission involved proposing a technical component for fine-grained data authorization, with federated authentication already in place but without a contextual authorization mechanism.Responsibilities:•Gathering and analyzing project-related documents•Identifying and scoping the mission's perimeter•Collaborating with IAM, Data Platform, and Cloud teams to align federated authentication mechanisms with authorization mechanisms•Analyzing the existing authentication architecture based on identity federation•Exploring contextual authorization models combining identity attributes (nationality, profile), data metadata (tags), and geographical location constraints to meet sovereignty and export control requirements.•Identifying the limitations of traditional S3 policies for complex contextual rules.•Studying native AWS capabilities (IAM, S3 policies, Lake Formation, Datazone) for granular data access management.•Designing a target architecture based on AWS Lake Formation for centralized application of access policies on S3, Redshift, and EMR, with permission propagation to analytical services (SageMaker notebooks, Spark jobs, SQL engines).•Proposing hybrid solutions integrating on-premise data governance tools for tagging and classification of sensitive data, in line with the overall data governance strategy.
- GRDFCYBERSECURITY CONSULTANT - ISP | GRC | VULNERABILITY MANAGEMENT | CLOUD SECURITYENERGY AND UTILITIESJuly 2023 - March 2024 (8 months)Paris, FranceContext: Engagement within GRDF's Application Security team to embed security into projects from the design phase (Security By Design). Facing the digitalization of the group's activities, several solutions/applications are deployed within GRDF's IT department. Cybersecurity is involved from the project's inception to ensure that deployed products/solutions comply with GRDF's security policy and cybersecurity best practices.Responsibilities:•Integration of Security in Projects (ISP)For any new project/solution/infrastructure to be deployed on the IS:- Analysis of needs and cybersecurity-related challenges- Audit and identification of vulnerabilities related to the project context- Risk analysis and assessment based on an internal methodology- Analysis and identification of security flaws in the application architecture (Design Review)- Definition of an action plan / Master plan for implementing security for each phase of the application development lifecycle.- Drafting the final opinion of the Cybersecurity team, including requirements to be implemented before production.•Analysis of Security Assurance Plans (PAS)•Management of network access requests / Flux validation committee•Management of requests for derogation from Cybersecurity best practices•Vulnerability Management•Technical referent for Cloud topics
Recommendations
Be the first to recommend Megane
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Cybersecurity EngineerUniversity of Technology of Troyes
Certifications
- SC-100: Microsoft Cybersecurity ArchitectMicrosoft2023
- AZ-500: Microsoft Certified Azure Security Engineer AssociateMicrosoft2022