Freelancer profile translated to English.

Back to original language

Description

I help youraise the security levelof your applications and information systems.

Let's identifypragmatic solutionstogether to intelligently reduce your exposure to cyber risks.

Why hire me?

I amvery passionateabout Cybersecurity and software development.

Astrong technical appetite without ignoring your organizational needs(risk management, PSSI, SMSI).

**Examples of services**:

Support for implementing an S-SDLC
Security by Design
Security tooling for your CI/CD pipeline (SAST, DAST, SCA, secret detection)
Training developers in secure development.

*Integrating securityat all stages of your development cycle

Stress-testing your system or application through **offensive testing**.
Support for **remediation**:
Writingsecurity patchesfor your in-house developments.

*Pair programmingwith your developers

Writing security non-regression **tests**.

**Part-time CISO (120€/hour)**:

Ideal for small organizations wanting to launch a cybersecurity program.

I hold the following certifications:

*CISSPsince June 2016

*ISO 27001Lead Implementer since 2018

Industry field of expertise

Languages

French
Native or bilingual
Spanish
Native or bilingual
English
Native or bilingual
Italian
Basic
Portuguese
Basic

Workplace preferences

Can work on-site

Aix-en-Provence (up to 30km)

Doctolib
Senior Product & Application Security Engineer
HEALTH AND WELLNESS
September 2018 - May 2022 (3 years and 8 months)
Paris, France
With the CISO, I laid the groundwork for the "Cybersecurity" entity at Doctolib, which now has over 20 cybersecurity experts.

I notably contributed to:
Empowering our teams in the design and construction of a secure-by-design and vulnerability-free product.
Ensuring the privacy of our users' data.
Building an S-SDLC for the Doctolib product
Specifying security features with the product
Performing threat modeling on our new project and new features
Identifying, qualifying, and correcting vulnerabilities
Ensuring security and confidentiality from the design stage on new projects
Training developers in secure development.
Pair programming with developers on sensitive features
Working hand-in-hand with the Legal, Risk and Compliance, Engineering, and Product teams.

I was a key contributor regarding:
The recruitment and growth of the security team
The ISO27001 certification process
Spreading risk-based culture
Implementing a fluid and efficient vulnerability management process
ISO 27001 OWASP Application Security Product management S-SDLC
British Telecom (BT)
Ethical Hacking Team Leader
DIGITAL AND IT
February 2016 - September 2018 (2 years and 7 months)
Île-de-France, France
BT Ethical Hacking French Team Leader
Ethical Hacking management
British Telecom (BT)
Ethical Hacker
DIGITAL AND IT
March 2011 - September 2018 (7 years and 6 months)
Paris, France
- Penetration tests (100+), mostly for banks, insurances, e-commerce websites
- Secure source code reviews.
- Secure configuration review.
- Risk Assessments
- Security Standard gap analysis
- Application Security
- Internal tools development and enhancement.
- System administration (IDS, Firewall, Proxmox VE)