Main Responsibilities:
- Lead several technical and operational security assessments in different environment inside Bouygues' Information System.
- Advise remediation to operational teams for found vulnerabilities and raise security awareness among them in order to reduce the IS security risks.
- Looking for unknown weaknesses and investigating on less known parts of the IS will sometimes be realized with the Blue Team for them to gain better vision.
- Lead OSINT projects to find public vulnerabilities in Bouygues' IS.
Requirements:
- You prefer to be a Web Security Tester/ RED Team player or having experience as BLUE Team member (want to change career path)
- Strong knowledge about basic Security Concepts
- Good to have CEH/ GWAPT/ CompTIA Security+ or similar,
- Understand vulnerabilities assessment report, the context and hypothesis of their exploitation for better security risk assessment. Be able to advise on vulnerability remediation or mitigation
- Define and lead the operational tests and regular checks, automate and industrialize scanning processes
- Technical watch: stay up to date on new vulnerabilities, new attacks ways, new attack vectors and patching state.
- Be able to identify the risk for the business or familiar with Common Vulnerability Scoring System (CVSS)
- Be able to lead OSINT projects and crawl the web to find public vulnerabilities on Bouygues' IS
- Familiar with any Security Standard like OWASP/ CIS/ NIST/ MITRE…
- Experience with security tool:
- Scanning tool
- Audit tool
- Assessment tool
- Bachelor graduated in Network Engineering
- 3 or 5 years experience in cybersecurity
- Development knowledge with the OS (Python, bash, PowerShell),
- Security knowledge on Web, OS, infra, Mobile applications and network,
- Knowledge of different security tools, their pros and their cons.
- Autonomous on the projects you lead
- Capable to communicate about advances and troubles on projects and audits
- The knowledge of audit methodologies is a plus.