By clicking "Accept", you agree to the storage of cookies on your device to improve site navigation, analyze site usage, and assist with our marketing efforts. See our privacy policy for more information.
Arrow to operate the carousel
Back
Freelance

Senior Cybersecurity Consultant - Application Security Specialist - Pentester (M/F)

Apply at
Apply at
Location: 
Paris
Type: 
Hybrid
Salary: 
850€
TJM: 
850
Security of information systems and operating systems
Developer
Project management
IT Management
Security

CUSTOMER

To support and assist the design and development teams in continuing to integrate security best practices into our customer's IT developments, we are looking for a Senior Cybersecurity Consultant - Application Security Specialty - Pentester (M/F) for an end customer based in Paris.

MISSIONS

We are looking for a service provider with dual security and auditing skills to promote security in our client's Research teams.

  • Proficient in secure development best practices, the service will need to integrate with several teams/projects in order to help with architecture and implementation choices on all security aspects(advisory role).
  • In addition, targeted training will be required to reinforce the safety skills of the Research teams(role of trainer).
  • The service will also implement various security mechanisms and address certain audit recommendations or security weaknesses identified in the applications(fulfillment role).
  • Finally, the mission will involve monitoring and testing the correction of vulnerabilities on certain applications or websites(auditor role).

The main tasks are as follows:

I) Support for strategic projects :

  • Application security tips,
  • Security analysis of application architecture,
  • Security checks (code audit, pentest during dev phase, etc.),
  • Helping to secure development phases.

II) Helping design and development teams choose the right technology or framework:

  • Understanding the needs of ETU/DEV teams and IT strategy,
  • Participation in discussions and choices of new application technologies (framework, API Gateway, SSO, etc.),
  • Participation in the definition of configurations for various frameworks and tools
  • Check their correct implementation.
    ‍‍

III) Maintenance and development of code analysis tools (SAST) and libraries (SCA), and dynamic analysis tools (DAST):

  • Define and improve processes for integrating the tool into development processes,
  • Functional configuration of tools,
  • Promote the tool and support design teams in using it,
  • Define and improve code analysis policies,
  • Support research teams in analyzing results,
  • Advise design teams on corrective measures to be implemented.

IV) Follow-up of audit recommendations on the scope of design and development teams:

  • ‍Analyze/challengenew recommendations resulting from penetration tests,
  • Build related action plans with IT teams,
  • Manage the processing of safety recommendations,
  • Carry out reporting.

V) Building, coordinating and monitoring the "Safety in development" awareness plan :

  • Propose a safety awareness plan for the design and development perimeter.
  • Participate in the choice of awareness-raising methods (workshops, CTF, etc.) and implement the plan once it has been validated by the IT Security Manager.
  • Contribute to the development of frameworks and carry out white-box audits or propose vulnerability corrections directly in the code.
  • Requires excellent mastery of OpenID and Oauth concepts and implementation, as well as strong analytical and code comprehension skills.

EXPECTED RESULTS

The service may include, but is not limited to, the production of code in the following languages:

  • PHP
  • JAVA
  • SQL/LDAP (for possible adjustments)

The mission also involves :

  • Maintain security tools used by developers in operational condition (code audit, sca, etc.).
  • Improve the level of application security for developed applications.
  • Produce audit reports detailing the vulnerabilities found, including screenshots, code extracts, etc.

PREREQUISITES

Application security expertise is essential to the mission.

  • Java, PHP, AngularJS, Python,
  • Frameworks Spring, Quarkus, API REST, SOAP, Java RMI,
  • XSS prevention , SQLi, Path Traversal, Cookie security, CSRF etc...
  • Technical audit capability (code or application),
  • Security expertise in modern authentication technologies: OpendID, Oauth,
  • Keycloak tool,
  • IT areas: network, infrastructure, development, etc,
  • A good understanding of standard enterprise architectures(reverse proxy, firewall, DMZ),
  • International context: Francophone and Anglophone.
  • Work on several projects at once,
  • Produce a summary report and give appropriate warnings,
  • Teamwork,
  • Commitment and responsibility.

The service requires writing skills, interpersonal skills and autonomy.
Project management skills are also required.


TEAM

  • 20 people

PROCESS

  • 1 video or meeting with the manager and the team in the form of a technical discussion


TERMS AND CONDITIONS

  • Remote: 2 days / week
  • Location: Paris
  • Area: Finance
  • Duration: 3 years
  • English: Imperative
  • Full remote impossible ❌
Contact us
Contact us

Apply directly to the position of

Senior Cybersecurity Consultant - Application Security Specialist - Pentester (M/F)

We'll be in touch soon!
PDF format - Maximum size: 10MB
Download in progress
fileuploaded.jpg
The download failed. The maximum file size is 10 MB.
Thank you!
We have received your message and we will answer you as soon as possible!
Oops! An error occurred while sending the form.
Do not hesitate to call us directly!
Paris
All France