Apply now »

Vulnerability Analyst

Purpose

Within IDEMIA IPS in the Cybersecurity team, you will take the role of a Vulnerability Analyst and a DevSecOps Expert.

Key Missions

  • Key Responsibility:

  • Categorize, prioritize, and perform an initial assessment of a vulnerability.
  • Analyze the results vulnerability assessments or penetration tests.
  • Prepare reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
  • Formulate vulnerability information, details and assessments that are clear and understandable by different levels of stakeholders (management, developers, customers)
  • Understand the design or implementation flaw that causes or exposes the vulnerability to exist.
  • Develop risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed.
  • Learn about a new vulnerability from reading public sources or other third-party sources

  • Outside of this primary Vulnerability Analyst scope, you will also have a secondary DevSecOps Analyst/Expert role that you will be trained for, with the following responsibilities:

  • You will assist, support, and guide project teams in understanding, analyzing, tracking, and remediating vulnerabilities detected by automated tools (e.g. SAST, SCA) and document this process and its conclusions in a formal report.
  • You will guide project teams towards using DevSecOps tools and methods, and participate in their implementation, usage deployment, and day-to-day use.
  • This may be by documenting and formalizing processes, methods, guides, trainings related to cybersecurity, as well as by driving or participating to cybersecurity-related automation and scripting tasks.
  • Participate in the setup of third party or custom tools related to DevSecOps (general scripting). 
  • Participate to the evaluation, review, selection, mapping, and setup of security tooling.

Profile & Other Information

Required Skills:

  • Vulnerabilities Assessment
  • Threat Analysis
  • Client Relationship Management, External Awareness.
  • Data Privacy and Protection
  • Legal, Government, and Jurisprudence Awareness
  • Risk Management
  • Asset and Inventory Management
  • Technology Awareness
  • Computer Network Defense

Important Soft skills: 

  • Able to work, learn, and investigate subjects autonomously.
  • Good oral and written communication skills. Presenting Effectively.
  • Read, written, and spoken English is mandatory. 

Some nice to have skills: 

  • 5 years of experience in a cybersecurity role, preferably in defense.
  • Computer Forensics
  • SW system architecture knowledge 
  • Experience in the development of applications (may be Java, C++, Javascript, etc.)
  • Good understanding of SAST, SCA and DAST tools to automate the detection of security issues.
  • Good understanding of Software development lifecycle in an Agile environment

Apply now »