ON-X, an independent French consulting and expertise firm, specializes in the integration of digital in businesses, administrations and communities.
Benefiting from 30 years of experience and three agencies (Paris, Toulouse, Montbéliard) to meet these new challenges, our firm is organized around 5 areas of expertise that accompany our clients successively to define the transition strategy, to pass the major stages of decision support, to architecture then to lead their implementation projects and finally to steer the services delivered.
Our mission : to serve our clients over time, to be a decisive player in the definition and implementation of digital transformation projects.
Within the Security division, you will contribute in a security auditor position to:
Perform type of services (according to affinities):
Organizational and physical audit (if competent)
Source code audit (if competent)
Infrastructure Intrusion Test
Intrusion testing of Android/iPhone/Blackberry mobile apps
Web Application Intrusion Test
Win32/64 heavy client application intrusion test (if proficient)
Post-mortem (forensic) analysis in Windows environment for treatment of targeted attacks
Reverse engineering analysis of Win32/64 malware (if competent)
Evaluates and analyzes technical risks related to ON-X client architectures or organizations.
Perform advanced technical studies on security architectures and solutions.
Provide support to our clients faced with incidents or crises.
Contribute to the development of the business with our clients.
Coach other auditors (depending on your level of experience).
Participate in research, monitoring and development of tools on the audit activity. Budgets and software/hardware resources are made available to consultants.
Participate in the Francophone security community by attending and/or giving lectures at events (JSSI, HIP, NSC, Blackhat Europe, SSTIC, etc.) or working groups (OSSIR, FPTI) and by writing publications in the specialized press (MISC).
Attend specialized and certified training (SANS).
BAC+5 training or equivalent.
Good knowledge of systems (Unix/Windows) and network (TCP/IP protocols and services).
An initial experience either in the practice of audit and intrusion testing or in the following areas would be a plus:
integration of solutions,
securing networks and systems,
development of security tools,
Good writing skills.
Autonomy and sense of relationship and listening.
Ability to work and communicate in English.