Expert en cybersécurité

We are looking for a Security Consultant who will take ownership of day-to-day security operations, including:

• Vulnerability management
• Detection engineering and tuning (Defender, Sentinel)
• Security incident investigation
• Security policy compliance
• Operational reporting

This is a technical, hands-on position focused on practical execution and continuous improvement of our security defenses.

Role description

Concretely, the security consultant will work within the Security team in close collaboration with platform team, the application squads but also with all other entities to answer to these concerns:

• Follow up cloud security metrics on a regular base, detect degradation and improvement areas, discuss with concerned parties
• Organize, follow-up & validate the vulnerability scanning, and pentests performed by 3rd parties with the concerned entities
• Work closely with the different team to ensure all findings are understood, the remediation is clear, patches are applied in a timely and effective manner. This includes performing regular maintenance tasks, monthly patching and resolving issues related to patching promptly
• Perform & document Security Assessment of new applications and products to identify weakness earlier in the process
• Follow up security KPI, both on prem and in cloud: provide information, detect early the deviation, solve issues, coordination with remediating parties.
• Monitor and investigate security alerts on multiple platforms
• Adapt detection use cases to business requirements
• be part of the Incident response team
• Follow up specific focus points, such as workstation patching and protection against vulnerabilities, asset decommissioning and security configuration.
• Perform Periodical security reviews and control of user management (joiners and leavers, …)
• Solve operational Security issues and provide scripts, advice, assistance information and warnings, as well as recommendations based on security controls
• Perform Application Security Assessments
• Provide technical expertise and support to other entities regarding security best practices and overall cybersecurity threats. This implies to build some knowledge about our products, and an active monitoring of security information sources to detect potential issues within the context.
• Manage clients certificate using property tools and issue activation codes to customers
• Identify and install necessary security updates and software patches
• Suggest and perform hardening improvements on workstations
• Suggest improvements in terms of processes (such as better controls, better automation, …) and help during the implementation.
• Learn and assist our application security program, participating in code reviews, pen testing and threat modelling.
• Feed the Agile backlog of the different squads with stories and tasks, whether they are assigned to the security engineer or to a different person.

Must-have Required Skills/Qualifications/Knowledge

• Experience: 3+ years in operational cybersecurity, ideally in a SecOps role
• Experience in pen testing or secure code review (e.g., OWASP Top 10).
• Familiarity with MITRE ATT&CK, threat modeling, and red/blue team collaboration
• Technical experience or affinity in one or more of the following areas: patching and hardening, network protocols, endpoint protection, user management in (Azure) AD Intune etc
• Understanding of cloud computing technologies, and emerging computing trends
• Strong attention to detail
• Solid understanding of Windows & Linux operating systems with a proved experience is preferred
• Systematic, organised, structured, open to learn, and curious for new security trends
• Understanding of Agile principles
• You speak at least one of the national languages, and you are fluent in English
• You are a team player who is humble, pro-active and people-smart