Cyber Security Expert_ DevSecOps

In Digital Cyber Security Dept., we are looking for a Digital Cyber Security Expert into the Vulnerability Operations Center, one pilar of the Vulnerability Operations Center & Legal Ops Team.

Position is focus on Internet Risk Exposure . The activity is global, relates to different categories of assets (Web sites, APIs, Routers, IPs, ) and the team is responsible for detection, analysis and remediation to any possible cyber-threats and / or non-compliances.

Digital Cyber Security Expert needs to be an expert in cyber security. He / She must have expertise in principles of ethical hacking, secure development, and system hardening (Top 10 OWASP, Top 25 CWE, Patch management, ).

Main missions :

Develop end-to-end Vulnerability Management process in order to decrease our risk exposure on Internet

Develop automation of scope update in order to ensure assets exposed on Internet are monitored

Promote the different Vulnerability Detection Services around the company (Vulnerability scanners, Pentest, Bug Bounty, Compliance scanner, )

Contribute to maintaining up-to-date inventory of assets exposed on Internet (usage, type, ownership, components installed, )

Chase Shadow-IT on Internet in order to keep back the control of any system handling Sanofi’ data

Define the roadmap, moving forward step by step with concrete results and promote the value for Cyber Security team.

Contribute to the VOC activity extension to better protect the company

Key Responsibilities :

Strategic Vision

Own and drive Cyber solutions with our vendors

Contribute to define the roadmap and priorities.

Envision proactive detection capability to build automatic response capability based on business context.

Define and Implement the relevant use cases working with the business and Cyber Security Network.

Manage end-to-end the vulnerability remediation and steer the lessons learned.

Promote the vision and the Cyber value added for the company.

Project management

Build and develop the activity according to your roadmap, delivering step by step with visible results.

Work across Digital organization and business entities to enable the most valuable use cases.

Integrate your activity in the existing Cyber ecosystem leveraging the current Cyber components.

Report on regular basis about achievements and metrics.

Communicate via multiple channels to make people more cautious using experience feedback.

Ensure that on-site support teams are trained and ready to answer in case of end user request or alert.

Based on your technical experience and Cyber expertise on some key components like Web site, APIs, Infrastructure components, Database, PowerBI, build a consistent management of vulnerabilities from end-to-end, and contribute to identifying any deviation to best practices.

Leverage as much as possible existing security features already purchased and identify the best combination.

Profile :

Formal Education and Experience Required

University / Master’s Degree in Computer Science, preferably in Information Security.

Real world Vulnerability Management experience.

10 years of professional experience in IS / IT, of which 5 years is in IS / IT Security.

Security Certifications like CISSP or CEH.

Expertise and Competencies

Significant expertise in secure development of Digital components (Web site, Web services, APIs, )

Experience feedback on Vulnerability detection scanners would be preferred

Basic understanding of network infrastructure components, WAF, proxy, and firewalls is necessary.

Experience in Vulnerability management would be preferred.

Basic skills in building SQL request and PowerBi dashboards would be preferred.

Leadership and strong communication skills.

Ability to translate complex technical stories into non-technical language is necessary.

Mastery of English is required.

Experience feedback on O365 and Zscaler cloud services would be preferred.

Basic understanding of computer networks, firewalls, intrusion prevention technologies, and Antivirus technologies is necessary.

Real world experience working with these technologies is expected.

Expertise as a red team penetration tester or a blue team system defender would be preferred.

Experience with Security Information Event Management (SIEM) systems and Event Detection and Response (EDR) technology.

Basic scripting skills in Python, Powershell and Visual Basic would be expected. More advanced programming skills are not required but would add strongly to the profile.

GD-SA

LI-SA

Pursue , discover

Better is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people people from different backgrounds, in different locations, doing different roles, all united by one thing : a desire to make miracles happen.

So, let’s be those people.

At Sanofi, we provide equal opportunities to all regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, ability or gender identity.

Watch our and check out our Diversity Equity and Inclusion actions at !