about the role
As Security Technical Auditor, you manage a small team performing technical security assessments of ITN environments. You propose and perform different types of audits depending on the target (penetration tests, code audit, configuration review, etc.). You identify vulnerabilities and propose remediation actions.
Your activities and tasks
Management of a small team
- Build a global vision of the Information System to be audited
- Improve and keep up to date the existing Repositories (together with operational teams)
- Perform or manage the implementation of continuous and automated vulnerability scans and technical controls.
- Execute and document security audits on different ITN environments, ensuring compliance with Policies and best practices:
Collect the configuration items of the equipment to be audited and perform a review of the configurations (configuration audits)
Collect the architecture elements of the systems to be audited and perform an architecture review (architecture audit).
Perform a review of the source code of the components of the environment (code audit)
Define attack scenarios and carry out attacks on the target environment (intrusion tests)
Conduct team interviews to assess the impacts of the detected vulnerabilities on a system
Write reports incorporating an analysis of the vulnerabilities encountered and an identification of the causes, and highlight and evaluate the security risks and impacts for the business Unit.
- Define recommendations to address risks arising from the vulnerabilities identified
- Collaborate with ITN teams to implement technical recommendations
- Produce dashboards of security and compliance levels
- Monitor security assessments, tests or audits carried out by entities
Technical monitoring and design of audit tools:
- Ensure a permanent watch on attack scenarios, new threats and associated vulnerabilities
- Develop tools used for audits
- Identifying new ways to detect faults that may affect a system
Master (or equivalent) including specialization in Cybersecurity or several years of professional experience on Cybersecurity.
- Intrusion tests : mastered skills on security audit techniques, Scripting, Configuration of security-related tools
- Software development skills related security-related tools
- Cyber defense: knowledge of attack and intrusion techniques and environmental vulnerabilities
- Knowledge of Operating System Security, Network security and protocols
- Knowledge of application layers
- Knowledge of the information system and architecture principles
- Knowledge of governance, norms and standards: mastery of audit methodologies
- Knowledge in Reverse engineering of systems
- Legal knowledge of ITN law relating to IS security and data protection
- Cybersecurity technology watch and study of trends
Fluent in both French and English
- Synthesis capacity
- Ability to popularize technical findings
- Writing of reports adapted to different levels of interlocutors
- Ethical sense
- Ability to work in a team
You will be part of the Performance, Quality and Security department. Within this department, the GlobalSec team animates and monitors OBS Security, relying on a community of actors in charge of the Security of their own entity or domain. GlobalSec defines the OBS sectorial security policies (global security management, physical security, security incidents, vulnerability, security audit management, Information Security Management System) in line with Orange Group security policies, and manages the OBS Security Referential. It ensures that OBS entities implement the Orange or OBS sectorial policies, defining their own entity policies on these bases if necessary, and organizes controls via audits or pentests. GlobalSec manages main processes or activities such as security Derogation management, Vulnerability management; security Crisis management, Suppliers security management, Products Security, including Risks management
Orange Gbl Sol for Business
Orange Business Services manages and integrates the complexity of international communications, freeing our customers to focus on the strategic initiatives that drive their business. Our extensive experience and knowledge in global communication solutions, together with our understanding of multinational business and local support in 166 countries and territories, ensure that our customers receive a consistent, global solution wherever they do business.