Freelancer profile translated to English.
Back to original languageAbout Noreddine
I am looking for a long-term assignment as a PKI engineer (integration, configuration, maintenance, automation, and RUN on solutions: EJBCA, ADCS, IDNOMIC, Opentrust, evertrust, ncipher, CMS, PGP/GPG, ...)
French
Native or bilingual
English
Fluent
Can work on-site
Paris (up to 50km)
Experience
- Modern data engineeringPKI EngineerBANKING AND INSURANCEJanuary 2023 - Today (3 years and 4 months)Paris, France
- ALXYR CONSULTINGSenior Consultant and Trainer in CybersecurityTELECOMMUNICATIONSOctober 2016 - January 2023 (6 years and 3 months)Rabat, Morocco• Vulnerability Management:- Analysis and definition of resources concerned by vulnerability assessment- Passive and active search for external perimeter vulnerabilities using OSINT tools (censys, shodan, google, hunter.io, ...)- Port scanning via NMAP, AdvancedIPscanner, ... and identification of exposed services- Configuration and selection of policies and scan templates on the tools used- Vulnerability scanning with Nexpose, Nessus, Qualys, Acunetix, IBM AppScan, ... in two modes: authenticated and unauthenticated- Generation of different scan report formats- Analysis, classification of vulnerabilities, and elimination of false positives- Prioritization and development of a vulnerability remediation plan- Assistance and implementation of recommendations for vulnerability remediation- Re-evaluation• PKI:- Implementation of a 3-tier EJBCA and ADCS PKI infrastructure (rootCA, IssuingCA, IssuingCA mobile)- Generation and installation of TLS certificates for internal web applications (apache, Tomcat, IIS)- Implementation of mutual authentication between user workstations and servers.- Installation and integration of Comodo EV certificates on Web and Mail servers as well as on the WAF- Creation of PowerShell scripts for ADCS PKI administration for the entire IT park (500+ devices).- Automation of certificate lifecycle management.- Migration of the Microsoft PKI platform to EJBCA (key factor).• Audit:- External, internal, and application penetration testing in black box, gray box, and white box modes- Audit of security configurations for network equipment, workstations, servers, PDAs, and mobile devices- Audit of information system architectures- Organizational and technical audit of SCADA systems- Source code review of applications (web, thick client, webservice, and mobile)- Hardening of network equipment, servers, and workstations in compliance with CIS Benchmarks- Digital investigation and incident response- Malware analysis and reverse engineering- Audit of security service providers for PASSI homologation- Conducting security awareness sessions and training in penetration testing, ethical hacking, and secure development
- FREELANCEConsultant and Trainer in CybersecurityJanuary 2013 - October 2016 (3 years and 9 months)Rabat, MoroccoExternal, internal, and application penetration testing of information systems• Audit of security configurations for network equipment, workstations, servers, PDAs, and mobile devices• Audit of information system architectures• Source code review of applications (web, thick client, webservice, and mobile)• Digital investigation and incident response• Malware analysis and reverse engineering• Conducting security awareness sessions and training in penetration testing and ethical hacking
Recommendations
Be the first to recommend Noreddine
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master in Codes, Cryptography, and Information Security,Faculty of Science Rabat2013Master en Codes, Cryptographie et Sécurité de l'information,
- Audit and penetration testing,Ernst &Young Global Limited2012Audit et test d'intrusion,