Description

Expert Sécurité Infrastructures & Remédiation Opérationnelle

Tech Lead spécialisé dans le Hardening et la gestion des vulnérabilités au sein d'environnements internationaux. Expert dans l’alignement des infrastructures critiques sur les standards CIS et les exigences réglementaires (NIS2, DORA, PCI-DSS).

Reconnu pour ma capacité à piloter des équipes multi-culturelles dans la résolution de failles critiques, j'assure une visibilité totale sur l'exposition aux risques grâce à un reporting Splunk avancé et une culture du résultat basée sur les KPI.

Langues

Français
Bilingue ou natif
Anglais
Capacité professionnelle complète

Préférences en matière de lieu de travail

Accepte de travailler sur site

Paris (jusqu’à 50 km)

BPCE IT
Tech lead Hardening & Vulnerability Analyst
BANQUE & ASSURANCES
novembre 2022 - Aujourd'hui (3 ans et 7 mois)
Paris, France
Vulnerability & Audit Governance: Led the end-to-end remediation lifecycle using Qualys across global infrastructure, ensuring all audit findings were translated into actionable technical roadmaps.

Compliance Enforcement (PCI-DSS, NIS2, DORA): Orchestrated hardening initiatives for high-sensitivity zones, maintaining strict alignment with regulatory requirements and hosting regular steering committees to close non-compliance gaps.

Strategic Remediation Tracking: Facilitated monthly reviews with cross-functional teams to drive the closure of critical vulnerabilities and track the progress of security recommendations.

Hardening Standardization: Engineered and deployed OS/Middleware hardening baselines based on CIS Benchmarks, achieving a measurable increase in the global infrastructure security posture.

Continuous Risk Control: Integrated mandatory security scans for new system masters into the deployment pipeline to ensure "secure-by-design" compliance.
 
Splunk Monitoring & Reporting: Created executive dashboards to track remediation KPIs and the progress of security audit actions.
 
Global Support: Acted as the primary point of contact for international business units, providing expert guidance on vulnerability mitigation and hardening standards.
Ministry ofHealth (Orange Cyber defense)
Cybersecurity Consultant
septembre 2021 - novembre 2022 (1 an et 2 mois)
Paris, France
Administration, supervision and maintenance of security equipment Security incident Management and request processing
Vulnerability analysis and reporting with Nessus
Firewalling and Network traffic analysis (F5, Palo Alto, Juniper) Bind DNS management and analysis
Managing VIP on F5
Proofpoint management.
Rampar
Noc Analyst
septembre 2017 - août 2021 (3 ans et 11 mois)
Sèvres, France
L2//L3 Support
Qualys expertise, scanning and reporting, created multiple weekly scan with various intensity, weekly and monthly report
Server patch management on an iso 27001 infrastructure Linux Administration (kerberos, password manager)
Splunk, Data analysis and reporting, created dashboards and extracted datas in order to troubleshoot multiple issues
Vulnerability remediation on both windows server and linux
Checkpoint management, network troubleshooting and port opening, whitelisting
Windows Administration, managed active directory and made GPO, deployed update through WSUS.