Freelancer profile translated to English.

Description

Looking for an expert who can secure your applications end-to-end, while guiding your teams in integrating best practices? I am a freelance cybersecurity professional specializing in application security, with a solid background in companies like Amundi, Sodexo, Bouygues Telecom, and Oppida.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
Arabic
Basic

Workplace preferences

Can work on-site

Montigny-le-Bretonneux (up to 50km)

Sodexo
Application Security Expert
February 2024 - Today (2 years and 4 months)
Issy-les-Moulineaux, France
Implementation of application security governance:
• Establishment of application security directives/policies
• Implementation of application security risk audit plan
• Establishment and facilitation of application security awareness and training programs
• Implementation of an application security incident management plan
• Ensuring compliance with security processes in projects

Implementation of operational application security management:
• Implementation of a SAST & SCA code audit tool for development teams (Veracode)
• Facilitate application security awareness and training sessions
• Monitor the implementation of security requirements in projects
• Implementation of a containerization tool (images and containers/runtime)
• Implementation of an audit tool for Infrastructure as Code (IaC)
• Perform project penetration tests for production release
• Implement security mechanisms in "CI/CD" (Continuous Integration & Continuous Deployment)
• Implementation of an API protection solution (Imperva, Akamai/Noname, Checkpoint)
• Establish highly technical derivations of application security requirements
Amundi Asset Management
Application Security Expert
February 2021 - January 2024 (2 years and 11 months)
Paris, France
:
• Definition and implementation of an awareness tool
• Raise developer awareness on good development practices
• Facilitate "CTF" (Capture The Flag) sessions with developers
Design:
• Define and maintain security requirements (OWASP)
• Participate in security-focused architectural discussions and choices
Code & Tests:
• Implement security mechanisms in "CI/CD" (Continuous Integration & Continuous Deployment)
• Integrate automatic Checkmarx scans (JenkinsJob)
• Validation through a manual test plan according to project context
Deployments:
• Regular scans of production sites (Acunetix, Nessus)
• Manual penetration testing
Project Monitoring:
• Monitor the implementation of security recommendations (JIRA)
Security Audit
OPPIDA
Cyber Security Consultant
March 2020 - November 2020 (8 months)
Montigny-le-Bretonneux, France
Windows and Linux configuration audit
CIS Compliance Windows Server
CIS Compliance Debian Linux
Complementary manual audit
Authentication mechanism audit
Two-factor authentication
Strong authentication
Security audit on a Client-Server infrastructure
Architecture study
Configuration study
Attack and traffic injection
Recovery of found information
Security audit on Web applications
Information gathering on the application
Automatic scan for entry point detection
Complementary manual scan
Penetration and injection attempts
Recovery of found information
Numerous security audit missions for my clients