Technical Security Analyst

You will join the Cyberdefense and Digital Fraud (CDF) department which is responsible for defining the Groups cybersecurity strategy and ensuring its implementation across all entities.

Within CDF Security Review Management (SRM) brings together four complementary teams that ensure the Groups security posture:

Cyber Program Assessment: evaluates entities cyber maturity through reviews and evidence collection.

Redteam: conducts offensive security tests (pentests red teaming) to identify vulnerabilities and strengthen resilience against cyberattacks.

Cyber Assessment: performs technical audits and due diligence in the context of mergers and acquisitions and critical third-party evaluations.

Review Coordination & Remediation Monitoring: manages the review lifecycle coordinates missions analyzes reports and oversees the implementation of corrective actions.

These teams combine their expertise to ensure a harmonized approach to security and provide a comprehensive and reliable view of risks across the Group.

Your Role on a Daily Basis

As a Technical Security Analyst you will join SRM04 (Review Coordination & Remediation) a transversal team responsible for coordinating security reviews and monitoring remediation plans. It interacts with Redteam Cyber Assessment and Cyber Program teams to ensure a consolidated risk view prioritize actions and continuously improve security processes.

The objective is to strengthen the team in charge of technical analysis of security reviews and the associated remediation management for Group entities.                                                                                                                                                                                                                                                      

Main Tasks:

• Technical Analysis of Security Reports
• Analyze various security exercise reports (penetration tests Redteam technical assessments).
• Identify major vulnerabilities and weaknesses.
• Assess the relevance of technical conclusions and provide tailored recommendations. 
• Monitoring of Remediation Plans
• Help entities understand findings their impact and remediation expectations.
• Review assess and challenge remediation plans proposed by entities.
• Ensure overall follow-up of action plans resulting from security reviews.
• Evaluate the quality and relevance of evidence provided (configurations logs scans technical artifacts).
• Consolidate progress analyze blockers and produce reliable summaries for governance.
• Prepare clear and structured reporting for different levels of the Group.
• Coordination of Reviews with Entities
• Contribute to coordinating the different stages of reviews: scoping kickoff restitution and follow-up.
• Ensure communication with entities and the flow of information necessary for smooth execution.
• Cross-functional Contribution
• Participate in the continuous improvement of SRM04 processes tools and methodologies.
• Contribute to coordination between teams involved in the different lines of defense (technical teams Redteam ISA CyberProgram Audit) to ensure consistency information sharing and avoid duplication.

Qualifications :

• 3 years of experience in cybersecurity (pentesting technical audit SOC/IR security assessment).
• You possess strong knowledge of attack concepts and techniques (MITRE ATT&CK exploitation post-exploitation).
• You have experience analyzing Redteam/Pentest reports.
• You master security requirements: IAM/PAM monitoring hardening secure architecture patch & vulnerability management.
• You can analyze technical evidence (logs configurations scans) challenge experts and simplify complex topics.

Language Skills:

• English

Additional Information :

Remote Work :

No

Employment Type :

Full-time