Our client is the global benchmark for optimized resource management. The Group designs and deploys solutions for water, waste and energy management, which contribute to the sustainable development of cities and industries.
It is also known and recognized in the IT world as one of the precursors of a strategy to migrate all of its infrastructure in the cloud (AWS, GCP) and its user IT fleet to Chromebooks and Gsuite.
Information system cybersecurity has become, for several years, a major priority, in particular to adapt to new challenges around the cloud.
To continue his security plan, our client is looking for an operational cybersecurity engineer.
Reporting to the Group Operational Security Manager, within the Group Security Department, the position has a strong international context. You work as a security technical referent for all the security managers of Group entities.
You participate in particular in supporting the security teams of each BU in the Group on the use of existing security solutions (incident response, vulnerability scans, etc.), in developing security standards, in securing cloud environments (GCP, AWS), monitoring the most critical security actions, etc. Depending on your profile, you may also be required to assist the entities in their projects for securing industrial environments (OT).
Under the authority of the Group Operational Security Manager, you are responsible for:
● Highlight your advanced technical expertise to contribute to the choice and implementation of appropriate security solutions,
● Participate in the development and updating of security policies and ensure their dissemination and explanation to entities (international context),
● Provide technical support on cybersecurity tools provided to all of the Group's RSSIs,
● Participate in the technical analysis and manage the resolution of security incidents in connection with the impacted entities and external actors (CSIRT, ANSSI, ...),
● Optimizing and automating security controls (AWS / GCP, Windows, Active Directory, Linux, third-party editors (Qualys, Acunetix, etc.),
● Carried out the technical watch relating to market security solutions and current events,
● Participate in the implementation and animation of the cybersecurity community which brings together Veolia cybersecurity experts around the world,
● Identify, communicate, present risks and provide solutions associated with cybersecurity news to the cybersecurity community,
● Pilot and provide technical support during vulnerability and intrusion audits on the services used by the Group or specific entities and ensure the dissemination of their results and the definition of remediation actions then their follow-up,
● Identify and document existing initiatives and good practices in Veolia,
● Participate in the development of regular user and IT security awareness campaigns,
● Investigate the resources exposed on the Internet without having followed the validation process.
Graduated from a Bac +2 minimum, you have several years of experience in IT security or in the field of production with a strong appetite for cybersecurity.
Expected skills among the following:
● Good understanding of technologies, risk analysis and methodologies related to cybersecurity,
● Knowledge of the Cloud services used (including Gsuite, GCP and AWS),
● Good knowledge of Windows and Unix systems environments (Linux…), and TCP / IP network,
● Proven knowledge of development languages intended to automate security checks, etc. (Python, NodeJS),
● Knowledge of security risks (web, system, network) and being able to popularize them,
● Knowledge of standard security standards and also specific to the Cloud (ISO 27001, SecNumCloud, etc.),
● Be able to demonstrate vulnerability exploitation,
● Good knowledge of the tools, protocols and techniques implemented on industrial computer systems (OT) are a real plus,
● Knowledge of security standards specific to industrial IS (ISO 27001, IEC 62443, etc.) is a real plus,
● A good knowledge of the tools, protocols and techniques implemented on industrial IT systems is also an advantage,
● Fluent in English,
● Optional: knowledge of security issues in industrial environments, being able to assist requesting entities for the implementation of the security policy, in industrial environments (existing installations or on projects).