About Mesbah
English
Native or bilingual
French
Native or bilingual
Experience
- Mobilize Financial Services (Groupe Renault)Cloud Cybersecurity Architect (+ AI security framing)BANKING AND INSURANCENovember 2022 - June 2026 (3 years and 7 months)Noisy-le-Grand, FranceReferent Architect for the multi-cloud ecosystem (Azure, AWS, GCP) of over 2,000 applications for the captive bank of the Renault Group.▪ Governance of generative AI adoption: chairing the AI security review committee (evaluation of third-party vendors, LLM usage policy, sensitive information leak prevention requirements).▪ AI security R&D framing in a sandbox environment, without production deployment: MITRE ATLAS, Google SAIF, LLM guardrails, inference API exposure controls, GenAI red-teaming, AI incident response playbooks.▪ CSPM / CNAPP consolidation: 4 tools replaced by Wiz; 50% less alert noise, SLA for critical vulnerability prioritization within 24 hours.▪ DevSecOps and supply chain: SBOM / SCA (CycloneDX, Dependency-Track) across 2,000+ projects, CI/CD gates, 250 CVEs blocked before production; separation of duties (SoD).▪ Threat-oriented architecture reviews (STRIDE) and external attack surface governance (WAF, anti-DDoS) for 230+ applications.▪ GCP data foundation: VPC Service Controls, fine-grained IAM around BigQuery, Cloud KMS encryption.▪ Multi-cloud interconnection (Aviatrix) automated with Terraform; segmentation by zones, SASE / CASB path.▪ Machine identities: 500+ managed NHIs, automated secret rotation, 200+ plaintext secrets eradicated from Terraform states.▪ Post-quantum transition: initiation of a crypto-agility inventory, briefings to executive management.Associated skills: Cloud Security · Microsoft Azure · AWS · Google Cloud Platform · CNAPP / CSPM · DevSecOps · Kubernetes · Terraform · AI Security
- BNP ParibasDevSecOps Cybersecurity ArchitectBANKING AND INSURANCEFebruary 2022 - November 2022 (9 months)Montreuil, FranceFraming the Security by Design trajectory in a regulated banking environment (PCI DSS), acting as an interface between the Group's Central Cybersecurity and software factories.▪ Translation of regulatory obligations into product security specifications (PSRS) directly actionable by development teams.▪ Integration of SAST (Fortify) and SCA (Sonatype IQ Server) control gates into Build pipelines; delegation of operations to DevOps teams (audit independence); significant reduction of critical vulnerabilities in production.▪ Kubernetes Standards: Network Policies, mTLS between microservices, admission control (OPA Gatekeeper).▪ Facilitation of a network of 20 Security Champions disseminating secure coding standards (OWASP Top 10) within agile squads.Associated skills: DevSecOps · SAST / SCA · Kubernetes · PCI DSS · Application Security
- AdieCloud & Identity (IAM) Cybersecurity ArchitectBANKING AND INSURANCEMay 2019 - February 2022 (2 years and 9 months)Paris, FranceDesign of the federated identity foundation securing microcredit financial transactions on Microsoft Azure.▪ Conditional Access and risk-based MFA via Entra ID; secret management (Key Vault, HashiCorp Vault).▪ Partner federated access architectures (B2B / B2C, SAML / OIDC).Associated skills: IAM (Identity Management) · Microsoft Entra ID · MFA · Microsoft Azure · Zero Trust
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master's Degree in Computer Engineering (Diploma Level – 6 – formerly II)IMST2014
Certifications
- Microsoft Certified: Azure Security Engineer Associate (AZ-500)Microsoft2025
- AWS Certified Security – SpecialtyAWS2020