Freelancer profile translated to English.

Description

Cybersecurity and DevSecOps expert, I intervene to secure the entire lifecycle of your applications, your pipelines, and your cloud-native infrastructure to bring best practices or provide opinions on the security of existing systems.

My approach: security should not be a hindrance. I integrate it from the design phase and automate controls as close to the code as possible, so your teams deliver quickly and effectively.

In DevSecOps, I audit and secure the entire development cycle through manual and automated practices: source code, CI/CD pipelines with SAST, SCA, SBOM generation in CycloneDX format, secrets detection, commit signing. If these terms mean nothing to you, my skills should interest you. I have industrialized these practices on critical systems at Enedis.

In the field of AI applied to security, while it remains a sensitive subject, I integrate augmented analysis tools directly into development workflows. Coupled with the expertise of a specialist, AI today detects more vulnerabilities than traditional SAST tools alone with fewer false positives and at a lower cost, particularly for logical flaws and contextual bad practices that scanners overlook.

In offensive security, with my experience in penetration testing, I primarily practice white-box code audits. I participate in bug bounty programs by private invitation (YesWeHack), I am HTB CPTS certified, and I possess approximately 2,000 Root-me points. This regular practice of attack directly informs my defensive recommendations.

Today at Enedis, I hold the role of Cybersecurity Expert and Tech Lead for the Linky communication chains, in addition to being the security referent for several SIE projects in secure zones, with responsibility for vulnerability management and Security by Design prescriptions within a SAFe framework.

Based in Lyon, available for on-site and remote work.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Lyon (up to 20km)

Enedis
Cybersecurity Expert - Tech Lead
ENERGY AND UTILITIES
September 2025 - Today (9 months)
Lyon, France
Internalization within the same context with an expanded scope.

Leading and scoping the implementation of SCA and dedicated security tools under the responsibility of project teams.
Monitoring the implementation of SBOMs in the standard Cyclone DX format.
Monitoring the implementation of regular dependency scans with OWASP Dependency-Track.

R&D on AI usage.
Integrating security from the IDE, ahead of CI chains, to offer personalized suggestions based on private and public repositories (NIST, OWASP, CIS…).
Automating compliance tests and the search for bad practices through rigorously descriptive and customized instructions.

Prescriptions on security topics related to communication chains (infrastructure, applications…) and all components that may interact within this context.

Role of PSO for internal key management ceremonies.
Artificial Intelligence Cybersecurity SBOM SCA DevSecOps
EPSI
Jury of Defense
EDUCATION AND E-LEARNING
July 2025 - July 2025
Lyon, France
Jury for validating technical modules for BAC+4/5 (cloud and cybersecurity subjects) promotions.
Pedagogy Cloud Security Cybersecurity
Enedis
Cybersecurity and DevSecOps Referent Consultant
ENERGY AND UTILITIES
November 2024 - September 2025 (10 months)
Lyon, France
Consultant in seconded employment.
In the context of Enedis securing the communication chains of Linky meters, formerly the Linky program.

Application Security / Product Security
Security referent for a portfolio of 4 application and hardware projects in a secure zone for SIEs.
End-to-end vulnerability and patch management: identification, prioritization, derogation management, remediation steering or risk reduction methods.
Definition and dissemination of Security by Design practices (secure development, hardening, compliance with SSI policies) and prescription of needs according to requirements.
Technical support for teams on security needs in BUILD, RUN, and mitigation plans.
Steering of acceptance testing and security reviews to validate deliverable compliance.
Participation in PI Planning and security coordination within a SAFe / Scrum framework.

DevSecOps
SDLC security audits: source code, Git repositories, CI/CD pipelines, dependencies, SAST flows and results.
Writing hardening guides and security requirements (e.g., Kubernetes offering in a secure zone).
Developing tools and automating security controls in pipelines.
Industrializing development cycle security (commit signing, SAST controls, compliance standards).
Detection of exposed secrets (credential hunting / secret scanning) on repositories, servers, pipelines, and logs.
Vulnerability monitoring and support for continuous improvement of security practices.
DevSecOps DevOps Security Audit Patch Management

Check out Nathan's experience

Be the first to recommend Nathan

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Master of Engineering - MEng
SUPINFO
Title: RNCP35284 - Expert in Information Systems Management Work-Study Program: DevOps Engineer at the Metropolis of Lyon, Architecture and Governance Division
Bachelor of Engineering
SUPINFO
2022
Bachelor of Engineering - BE, Computer Engineering

Check out Nathan's education

HTB CPTS - Certified Penetration Testing Specialist HTBCERT-A8B59D242B
Hack The Box
2024
https://www.hackthebox.com/certificates

Nathan Rodet

Cybersecurity Expert - DevSecOps

About Nathan

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories