You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Yassine B.YB

Yassine B.

Cybersecurity / Vulnerability Analyst / GRC

€550/day
Paris, FR
3-7 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Yassine

Cybersecurity consultant specializing in vulnerability management, hardening, and compliance, I support large companies in concretely strengthening their security posture.

I am involved in the entire information system security cycle: from risk identification to remediation, including automation and security indicator management.

During my experiences at BPCE, Crédit Agricole, Orange Cyberdefense, and Saint-Gobain, I developed solid expertise in demanding environments, particularly in banking and industrial sectors.

What I do concretely

  • Management of vulnerability management programs (scans, prioritization, remediation)
  • Definition and implementation of hardening policies (CIS Benchmark, critical environments)
  • Compliance with ISO 27001, PCI DSS v4.0, NIST
  • Coordination between technical, security, and business teams
  • Production of executive reporting and security KPI monitoring
  • Process automation (Python, PowerShell)
  • Improvement of dashboards and monitoring (Splunk, ELK)


Technical Expertise

  • Tools: Qualys (VMDR, Policy Compliance, CSAM, TotalCloud), Splunk, Nessus, Tenable, Burp Suite
  • Scripting: Python, PowerShell
  • Systems: Windows, Linux, Cloud environments
  • Frameworks: ISO 27001, PCI DSS, CIS Benchmark, EBIOS RM


Added Value

  • Both technical and organizational vision
  • Ability to industrialize vulnerability management
  • Strong experience in regulated environments (banking / finance)
  • Comfort in international contexts (collaboration with US teams)


Types of missions sought

  • Management and optimization of vulnerability programs
  • Security compliance (ISO 27001, PCI DSS)
  • Definition of hardening standards
  • Automation and improvement of security processes
  • Security support for projects (ISP / SIP)
  • French

    Native or bilingual

  • English

    Native or bilingual

Can work on-site
Paris (up to 40km)

Experience

  • BPCE Infogérance & Technologies
    Vulnerability Analyst & Hardening
    BANKING AND INSURANCE
    August 2023 - May 2026 (2 years and 9 months)
    Paris, France
    Operational security expertise Level 4:
    - Implementation of monthly scans on all Assets / regular meetings with teams impacted by critical vulnerabilities
    - Implementation of Hardening/Vulnerabilities on Containers and IoT
    - Implementation of Hardening on servers in sensitive areas (PCI-DSS, Swift, etc.) / regular meetings with technical and application teams
    - Implementation of monthly scans on new masters to ensure a high level of risk coverage – same for packaged applications (creation of an Approved buffer)
    - Hardening of DBMS, Middleware, Internet Servers, Cloud Providers
    - Adaptation of our Splunk Dashboards to future evolutions (CMDB, BPCE-IT organization, etc.)
    - Automation of processes via Python scripts
    - Support international teams in vulnerability and hardening management
    Qualys Splunk Vulnerability Management VOC Vulnerability Management
  • Crédit Agricole-GIP
    PMO (Project Manager Officer)
    BANKING AND INSURANCE
    February 2023 - May 2023 (3 months)
    Guyancourt, France
    Achievements:
    Regulatory Watch
    - Monitoring of audit recommendations
    - Compliance monitoring

    PCI DSS Project Management
    - Management of various workstreams and projects within the framework of PCI DSS certification
    - Organization of weekly meetings with the various teams of the different workstreams/projects
    - Weekly presentation of progress status to Program Management
    PCI DSS Security Audit
  • Orange Cyberdefense
    Cybersecurity Consultant
    CONSULTING AND AUDITS
    September 2022 - February 2023 (5 months)
    Paris, France
    France Relance Mission:
    - "Pack Relais" only – Writing of the PSSI for a Town Hall under the France Relance framework.
    - Writing of quick reference guides in case of IT crisis (Ransomware, phishing, DDOS, etc.)

    Implementing Security in Projects (Safran):
    - Study of the security level in the projects of the Safran group (DICT level, Threat Events, compliance with RGPD laws, identification of technical expectations and constraints)
    - Study of the DATG (General Technical Architecture Document) of each project to see if the security aspect is taken into account.

    Internal Organizational Audit ISO27001 (Orange Group):
    - Annual review of an audit conducted last year on the entire DTSI entity of Orange.
    - Conducting interviews with each head of department of the DTSI.
    - Writing of each report after interviews
    - Verification of provided evidence

    VOC (Sodexo):
    - Mission carried out through workshops to determine the gaps and strengths of the Sodexo Group's vulnerability remediation process
    Audit ISP ISO 27001 ISSP GDPR

Recommendations

Be the first to recommend Yassine

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Master of Science in Cyber Security
    Université de Paris
    2022
    Master, Cybersécurité
  • Bachelor's Degree, Computer Science
    Université de Paris
    2020
    Licence, Informatique

Certifications

  • SecNum Cybersecurity
    ANSSI
    2021
  • Qualys Vulnerability Management (VM) Specialist (2024)
    Qualys
    2024

Skill set

Categories