Freelancer profile translated to English.
Back to original languageAbout Oussama
Passionate about security challenges with experience in vulnerability management, with solid experience in DEV and CI/CD that facilitates my code analysis (SAST/SCA) as well as vulnerabilities reported by DAST tools. I support dev teams in implementing secure applications by performing analysis and also providing support on security and cloud aspects.
French
Native or bilingual
English
Fluent
Can work on-site
Paris (up to 50km)
Experience
- TF1 SAApplication Security ConsultantDIGITAL AND ITMay 2024 - May 2025 (1 year)Boulogne-Billancourt, FranceSAST/SCA vulnerability analysis on Snyk• Validation of DATs• Challenging teams on their findings analysis and best code practices• Monitoring team progress• Code analysis and proposal of patching methods.• Scanning images and containers by Snyk through azure devops pipelines• Implementation of SSO for applications using AAD as IDP.• Analysis of vendor responses to the SAAS and Onprem eligibility questionnaire• Implementation of DAST scans by Acunetix and Burpsuite• Analysis of DAST reports.• Raising developer awareness on OWASP top 10 reported by Snyk• Monitoring Azure policies• Validating and verifying vulnerability reports on bug bounty (Yogosha)• Collaborating with teams to initiate remediation based on the criticality of vulnerabilities reported by researchers
- BNP Paribas - Securities ServicesCybersecurity ConsultantBANKING AND INSURANCEDecember 2022 - Today (3 years and 6 months)93100 Montreuil, France• Analysis of findings on Fortify and NexusIQ• Reducing scan noise• Analysis of releases before deployment• Challenging teams and security champions on their findings analysis• Participation in the development of a remediation strategy• Client support for prevention and remediation• Continuous process improvement,• Monitoring team progress• Code analysis and proposal of patching methods.• Adaptation of existing scripts on instances• Implementation of a script to retrieve the GrandFather of applications.• Fixing scan methods.• Monitoring compliance with remediation plans.• Performing sample checks requested by CISOs• Assisting teams in implementing scans through Jenkins pipelines.
- ThalesVulnerability Management ConsultantDEFENSE AND MILITARYOctober 2020 - November 2022 (2 years and 1 month)Paris, France• Assisting group entities in their implementation of supervision, audit, and remediation processes• Technical implementation: Scanners, Agents• Asset management• Scan management (AZURE, Authenticated or not),• Management of analysis reports (Dashboards, Reports),• Client support for prevention and remediation,• Continuous process improvement,• Monitoring of alert and incident tickets.• Definition and implementation of vulnerability scan policies.• Implementation of frictionless Azure assessment for Tenable.io• Resolution of Acunetix bugs for report export• Automation of dashboards for vulnerability KPIs within SLA and overdue by scanning tools• Automation of dashboards for Pentest KPIs• Automation of ticket cloning and assignment on JIRA outside SLA• Sharing reports on Sharepoint• Automatic creation of JIRA tickets for vulnerabilities outside SLA.• Management and administration of CrowdStrike Falcon, including deployment, configuration, and monitoring of agents on Endpoints.• Analysis of security alerts on CrowdStrike.• Configuration of security policies on Crowdstrike Falcon
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Engineering degree, Computer ScienceNational School of Applied Sciences of Tangier2016Diplôme d'ingénieur, Informatique
- MPPreparatory classes for Grandes Écoles2013MP