You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Mesbah KarimMK

Mesbah Karim

Cloud & AI Cybersecurity Architect

€750/day
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Mesbah

Cloud & AI Cybersecurity Architect, with 11 years of experience working with CISOs and CIOs in regulated finance (CAC40) and the public sector. I help your teams design secure multi-cloud architectures (Azure, AWS, GCP) and transform your regulatory obligations (DORA, NIS2, PCI DSS) into applicable engineering standards, without compromising team velocity.

What I can do for you:

▪ Secure a scaled cloud environment: multi-cloud posture management (CSPM / CNAPP) for over 2,000 applications, tool consolidation (Wiz), 50% less alert noise, SLA for critical vulnerability prioritization within 24 hours.

▪ Industrialize DevSecOps: CI/CD security gates (SAST, SCA, SBOM), 250 CVEs blocked before production across 2,000+ projects, separation of duties, and audit independence preserved.

▪ Structure identities and Zero Trust: federation (Microsoft Entra ID, SAML / OIDC), MFA, governance of 500+ machine identities, eradication of plaintext secrets.

▪ Guide generative AI adoption: chairing an AI security review committee (vendors, LLM usage policy); securing foundation models in R&D framing (MITRE ATLAS, Google SAIF, LLM guardrails, GenAI red-teaming).

▪ Meet sovereign requirements: inter-ministerial projects hosted on SecNumCloud qualified offerings, ANSSI approval dossiers; anticipation of post-quantum transition (crypto-agility inventory).

References: Mobilize Financial Services (Renault Group), BNP Paribas, Adie, DINSIC / DINUM, EY.

Certifications: Microsoft Certified: Cybersecurity Architect Expert (SC-100), Azure Security Engineer Associate (AZ-500), AWS Certified Security – Specialty, CCSK v5, ISO/IEC 27001 Lead Implementer.

I respond within 24 hours. Available for assignments in Île-de-France (on-site or hybrid) or remote, depending on the context. Bilingual French / English.
  • English

    Native or bilingual

  • French

    Native or bilingual

Can work on-site
Paris (up to 50km)

Experience

  • Mobilize Financial Services (Groupe Renault)
    Cloud Cybersecurity Architect (+ AI security framing)
    BANKING AND INSURANCE
    November 2022 - June 2026 (3 years and 7 months)
    Noisy-le-Grand, France
    Referent Architect for the multi-cloud ecosystem (Azure, AWS, GCP) of over 2,000 applications for the captive bank of the Renault Group.

    ▪ Governance of generative AI adoption: chairing the AI security review committee (evaluation of third-party vendors, LLM usage policy, sensitive information leak prevention requirements).

    ▪ AI security R&D framing in a sandbox environment, without production deployment: MITRE ATLAS, Google SAIF, LLM guardrails, inference API exposure controls, GenAI red-teaming, AI incident response playbooks.

    ▪ CSPM / CNAPP consolidation: 4 tools replaced by Wiz; 50% less alert noise, SLA for critical vulnerability prioritization within 24 hours.

    ▪ DevSecOps and supply chain: SBOM / SCA (CycloneDX, Dependency-Track) across 2,000+ projects, CI/CD gates, 250 CVEs blocked before production; separation of duties (SoD).

    ▪ Threat-oriented architecture reviews (STRIDE) and external attack surface governance (WAF, anti-DDoS) for 230+ applications.

    ▪ GCP data foundation: VPC Service Controls, fine-grained IAM around BigQuery, Cloud KMS encryption.

    ▪ Multi-cloud interconnection (Aviatrix) automated with Terraform; segmentation by zones, SASE / CASB path.

    ▪ Machine identities: 500+ managed NHIs, automated secret rotation, 200+ plaintext secrets eradicated from Terraform states.

    ▪ Post-quantum transition: initiation of a crypto-agility inventory, briefings to executive management.

    Associated skills: Cloud Security · Microsoft Azure · AWS · Google Cloud Platform · CNAPP / CSPM · DevSecOps · Kubernetes · Terraform · AI Security
    Cloud Security GCP CSPM CNAPP Artificial Intelligence
  • BNP Paribas
    DevSecOps Cybersecurity Architect
    BANKING AND INSURANCE
    February 2022 - November 2022 (9 months)
    Montreuil, France
    Framing the Security by Design trajectory in a regulated banking environment (PCI DSS), acting as an interface between the Group's Central Cybersecurity and software factories.

    ▪ Translation of regulatory obligations into product security specifications (PSRS) directly actionable by development teams.

    ▪ Integration of SAST (Fortify) and SCA (Sonatype IQ Server) control gates into Build pipelines; delegation of operations to DevOps teams (audit independence); significant reduction of critical vulnerabilities in production.

    ▪ Kubernetes Standards: Network Policies, mTLS between microservices, admission control (OPA Gatekeeper).

    ▪ Facilitation of a network of 20 Security Champions disseminating secure coding standards (OWASP Top 10) within agile squads.

    Associated skills: DevSecOps · SAST / SCA · Kubernetes · PCI DSS · Application Security
    DevSecOps SAST SCA SBOM CI/CD
  • Adie
    Cloud & Identity (IAM) Cybersecurity Architect
    BANKING AND INSURANCE
    May 2019 - February 2022 (2 years and 9 months)
    Paris, France
    Design of the federated identity foundation securing microcredit financial transactions on Microsoft Azure.

    ▪ Conditional Access and risk-based MFA via Entra ID; secret management (Key Vault, HashiCorp Vault).
    ▪ Partner federated access architectures (B2B / B2C, SAML / OIDC).

    Associated skills: IAM (Identity Management) · Microsoft Entra ID · MFA · Microsoft Azure · Zero Trust
    RBAC Docker REST API Scala Microsoft Azure

Recommendations

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Master's Degree in Computer Engineering (Diploma Level – 6 – formerly II)
    IMST
    2014

Certifications

  • Microsoft Certified: Azure Security Engineer Associate (AZ-500)
    Microsoft
    2025
    Azure Policy CSPM Azure Sentinel Privileged Identity Management (PIM) Microsoft Defender Microsoft Azure Conditional Access Azure WAF
  • AWS Certified Security – Specialty
    AWS
    2020
    KMS GuardDuty AWS Shield CSPM IAM Infrastructure Security Cybersecurity Cloud Security Zero Trust AWS

Skill set

Categories