Vulnerability Analyst

Purpose

Within IDEMIA IPS in the Cybersecurity team, you will take the role of a Vulnerability Analyst and a DevSecOps Expert.

Key Missions

Key Responsibility:

• Categorize, prioritize, and perform an initial assessment of a vulnerability.
• Analyze the results vulnerability assessments or penetration tests.
• Prepare reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
• Formulate vulnerability information, details and assessments that are clear and understandable by different levels of stakeholders (management, developers, customers)
• Understand the design or implementation flaw that causes or exposes the vulnerability to exist.
• Develop risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed.
• Learn about a new vulnerability from reading public sources or other third-party sources

Outside of this primary Vulnerability Analyst scope, you will also have a secondary DevSecOps Analyst/Expert role that you will be trained for, with the following responsibilities:

• You will assist, support, and guide project teams in understanding, analyzing, tracking, and remediating vulnerabilities detected by automated tools (e.g. SAST, SCA) and document this process and its conclusions in a formal report.
• You will guide project teams towards using DevSecOps tools and methods, and participate in their implementation, usage deployment, and day-to-day use.
• This may be by documenting and formalizing processes, methods, guides, trainings related to cybersecurity, as well as by driving or participating to cybersecurity-related automation and scripting tasks.
• Participate in the setup of third party or custom tools related to DevSecOps (general scripting). 
• Participate to the evaluation, review, selection, mapping, and setup of security tooling.
   

Profile & Other Information

Required Skills:

• Vulnerabilities Assessment
• Threat Analysis
• Client Relationship Management, External Awareness.
• Data Privacy and Protection
• Legal, Government, and Jurisprudence Awareness
• Risk Management
• Asset and Inventory Management
• Technology Awareness
• Computer Network Defense

Important Soft skills: 

• Able to work, learn, and investigate subjects autonomously.
• Good oral and written communication skills. Presenting Effectively.
• Read, written, and spoken English is mandatory. 

Some nice to have skills: 

• 5 years of experience in a cybersecurity role, preferably in defense.
• Computer Forensics
• SW system architecture knowledge 
• Experience in the development of applications (may be Java, C++, Javascript, etc.)
• Good understanding of SAST, SCA and DAST tools to automate the detection of security issues.
• Good understanding of Software development lifecycle in an Agile environment.