App security analyst 1

MISSION

As part of the Michelin Groups Cybersecurity Expert (Business Support Business Protection Promotion of Responsible Security Behavior) in a field defined by the Michelin (Department DOTI) for ISIT security activities at DOTI and as a member of the CSSI team at DOTI :

• He/she is the privileged point of contact for all security aspects of his/her entity and liaises with his/her management team for the implementation of and compliance with security rules and practices.
• Together with DOTI/SSI he/she defines the security roadmap for his/her entity communicates it and contributes to its adoption.
• Provides the necessary support to project teams and daytoday operations to ensure that security requirements are effectively implemented (e.g. followup of action plans following penetration tests MGSR (security guidelines by Michelin).
• Deploys the Security by design approach within the entity and contributes to security education and training which includes but not limited to SAT (security acceptance testing) vulnerability management obsolescence management patch management enforcement of strong authentication and security by design framework.
• Participates in the network of entity security correspondents and monitors the various adhoc subjects initiated with Group Security.
• Maintains a technological and innovation watch for elements specific to his entity in terms of safety in line with the entitys needs and requirements (for all nonspecific matters other entities oversee safety watch).
• Conducts and provides firstlevel support for risk analysis within the entitys application perimeter and contributes to vulnerability detection and remediation (EBIOS analysis vulnerability scan followup patch forum).
• He/she contributes to the dissemination and evangelization of best practices and safety regulations by coordinating a network of safety contacts within his/her entity.
• He/she will act as backup to the Team Lead technical team.

KEY EXPECTED RESULTS

PERFORMANCE MEASUREMENT

1 Security by design enforcement

• All projects should follow the best practices of SecByDesign max deviation should not cross 0.02 defects

2 Vulnerability & Patch management

• Maintain the N1 cycle and approach and ensure all assets library and platform is updated with latest patch

3 Security Acceptance Testing

• All project should qualify the specific security requirement on project and should not overcross the requirement

4 Obsolescence Management

• Lifecycle management of all ISIT assets platform OS DB Middleware frontend backend and libraries
• Deviation should be mitigated within stipulated timeframe maintain proactive eol and eos information and communicate with business for refresh

5 Security Authentication / Privilege management

• Strong security authentication for integrated system and human interacted software systems if user is privilege then it must go thru MFA or Passwordless authentication mechanism.
• Generic IDs and PKI certificate lifecycle should be maintained and managed within due course of timeline.

MAIN ACTIVITIES

By following security charter & process:

• Identifies evolution of critical assets and local points of contacts.
• Contributes to cybersecurity plan and evolutions of cybersecurity methods.
• Select CIS Framework controls validate what is needed with respect to business services & solution
• Lead the business team to create right synergies between core security team and PNI security team
• Work with the business to promote a culture of Risk awareness and control and to ensure consistency of practice and approach.
• Being proactive to provide right learning content to your team of developer to adopt the security by design framework
• Ensure the implementation of good security practices by dev/indus/test/operation teams including in devops mode.
• Ensure regular reviews of user accounts on the scope of consolidation to ensure a good level of security
• Ensure regular reviews to ensure that the observed scope is compliant and that there is no shadow IT identify the possible shadow IT.
• Verifies project security architectures in conjunction with the DOTI and group security teams.
• Controls the security level of dev/indus/test/prod environments and compliance with security rules for multitenant cloud environments and outsourcing actions.
• Ensure timely creation of roadmap and leading discussion with business to ensure all platforms are refreshed on timely manner OS/DBs are updated once they are reaching their lifecycle middleware libraries are refreshed and used as and when they become obsolete
• Follows up progress of corrective action plans until closure.