About Yassine
- Management of vulnerability management programs (scans, prioritization, remediation)
- Definition and implementation of hardening policies (CIS Benchmark, critical environments)
- Compliance with ISO 27001, PCI DSS v4.0, NIST
- Coordination between technical, security, and business teams
- Production of executive reporting and security KPI monitoring
- Process automation (Python, PowerShell)
- Improvement of dashboards and monitoring (Splunk, ELK)
- Tools: Qualys (VMDR, Policy Compliance, CSAM, TotalCloud), Splunk, Nessus, Tenable, Burp Suite
- Scripting: Python, PowerShell
- Systems: Windows, Linux, Cloud environments
- Frameworks: ISO 27001, PCI DSS, CIS Benchmark, EBIOS RM
- Both technical and organizational vision
- Ability to industrialize vulnerability management
- Strong experience in regulated environments (banking / finance)
- Comfort in international contexts (collaboration with US teams)
- Management and optimization of vulnerability programs
- Security compliance (ISO 27001, PCI DSS)
- Definition of hardening standards
- Automation and improvement of security processes
- Security support for projects (ISP / SIP)
French
Native or bilingual
English
Native or bilingual
Experience
- BPCE Infogérance & TechnologiesVulnerability Analyst & HardeningBANKING AND INSURANCEAugust 2023 - May 2026 (2 years and 9 months)Paris, FranceOperational security expertise Level 4:- Implementation of monthly scans on all Assets / regular meetings with teams impacted by critical vulnerabilities- Implementation of Hardening/Vulnerabilities on Containers and IoT- Implementation of Hardening on servers in sensitive areas (PCI-DSS, Swift, etc.) / regular meetings with technical and application teams- Implementation of monthly scans on new masters to ensure a high level of risk coverage – same for packaged applications (creation of an Approved buffer)- Hardening of DBMS, Middleware, Internet Servers, Cloud Providers- Adaptation of our Splunk Dashboards to future evolutions (CMDB, BPCE-IT organization, etc.)- Automation of processes via Python scripts- Support international teams in vulnerability and hardening management
- Crédit Agricole-GIPPMO (Project Manager Officer)BANKING AND INSURANCEFebruary 2023 - May 2023 (3 months)Guyancourt, FranceAchievements:Regulatory Watch- Monitoring of audit recommendations- Compliance monitoringPCI DSS Project Management- Management of various workstreams and projects within the framework of PCI DSS certification- Organization of weekly meetings with the various teams of the different workstreams/projects- Weekly presentation of progress status to Program Management
- Orange CyberdefenseCybersecurity ConsultantCONSULTING AND AUDITSSeptember 2022 - February 2023 (5 months)Paris, FranceFrance Relance Mission:- "Pack Relais" only – Writing of the PSSI for a Town Hall under the France Relance framework.- Writing of quick reference guides in case of IT crisis (Ransomware, phishing, DDOS, etc.)Implementing Security in Projects (Safran):- Study of the security level in the projects of the Safran group (DICT level, Threat Events, compliance with RGPD laws, identification of technical expectations and constraints)- Study of the DATG (General Technical Architecture Document) of each project to see if the security aspect is taken into account.Internal Organizational Audit ISO27001 (Orange Group):- Annual review of an audit conducted last year on the entire DTSI entity of Orange.- Conducting interviews with each head of department of the DTSI.- Writing of each report after interviews- Verification of provided evidenceVOC (Sodexo):- Mission carried out through workshops to determine the gaps and strengths of the Sodexo Group's vulnerability remediation process
Recommendations
Be the first to recommend Yassine
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master of Science in Cyber SecurityUniversité de Paris2022Master, Cybersécurité
- Bachelor's Degree, Computer ScienceUniversité de Paris2020Licence, Informatique
Certifications
- SecNum CybersecurityANSSI2021
- Qualys Vulnerability Management (VM) Specialist (2024)Qualys2024