Ensure BAEMIN security:

• Implement programs to proactively detect and reduce potential threats and strengthen the BAEMIN security resilience;


• Ensure BAEMIN products and systems to the highest security standards following the design of secure service and processes;


• Perform technical security assessments, code reviews and vulnerability testing to highlight risk;


• Conduct research to identify new security hole against BAEMIN’s products and services by proactively collaborating with software engineers to fix security flaws and vulnerabilities;


• Organize Security Awareness Training for internal as well as execute and operate the phishing assessment program;


• Evaluating the effectiveness of existing cybersecurity training, education, and awareness programs/activities and consistently improving upon communication;


• Promote the information security and data governance culture within the business by being pro-actively involved with the stakeholders.

JOB REQUIREMENT

Education: A Bachelor’s degree in Computer Science/ Information Technology/ Management Information System, or experiences in related fields.

Experience:

• 1 or 3 years experience in cybersecurity


• Development knowledge with the OS (Python, bash, PowerShell),


• Security knowledge on Web, OS, infra, Mobile applications and network.

Skills/Knowledge

• You prefer to be a Web Security Tester /RED Team player or having experience as BLUE Team member (want to change career path)


• Strong knownledge about basic Security Concepts


• Good to have CEH/GWAPT/CompTIA  Security+ or similar,


• Understand vulnerabilities assessment report, the context and hypothesis of their exploitation for better security risk assessment. Be able to advise on vulnerability remediation or mitigation


• Define and lead the operational tests and regular checks, automate and industrialize scanning processes


• Technical watch: stay up to date on new vulnerabilities, new attacks ways, new attack vectors and patching state.


• Be able to identify the risk for the business or familiar with Common Vulnerability Scoring System (CVSS)


• Be able to lead OSINT projects and crawl the web to find public vulnerabilities on Bouygues' IS


• Familiar with any Security Standard like OWASP/CIS/NIST/MITRE…


• Experience with security tool:

o    Scanning tool
o    Audit tool
o    Assessment tool
o    Request/response capture tool (Web app testing)

Attitude

• High learning agility and real passion for coding and programming, innovation, and solving challenging problems;


• High adaptability and flexibility to the rapid changes of the business;


• High responsibility and diligence;


• Intellectual curiosity;