Cyber Security Expert - DevOps & AppSec - All Genders
Gentilly
Sanofi
We are an innovative global healthcare company with one purpose: to chase the miracles of science to improve people’s lives.Le contenu du poste est libellé en anglais car il nécessite de nombreuses interactions avec nos filiales à l’international, l'anglais étant la langue de travail.
ABOUT THE JOB
In the DIGITAL Cyber Security Department, we are seeking a Cybersecurity DevSecOps & Application Security Expert to join our VOC & Legal Ops Team. The role will primarily focus on application security and code review related to application development. The team is global and is responsible for monitoring the cyber risk level and reducing the attack surface.
- Location: FRANCE, Gentilly (Paris area) or Lyon
- % Remote working and % of travel expected: In line with our hybrid working model
- Job Type: Permanent
Main missions
- Contribute to develop, improve, and promote the DevSecOps activity and associated processes and tools
- Onboard business applications in DevSecOps processes, with a primary focus on application code review
- Support the business stakeholders who are developing applications for Sanofi
- Make understandable the Cyber risks and core review issues, and how to remediate
- Manage and support our Cyber services toolset in the DevOps ecosystem
- Build and contribute to deliver the appropriate dashboards to drive our roadmap and business stakeholders’ engagement
Key Responsibilities
- Promote the Cyber roadmap and key services
- Promote Digital standard related to application development
- Think Cyber-as-a-Service model to empower business stakeholders to take ownership of their applications’ security
- Always contextualize the risk and ensure that it is understood; strive to make the best decision and maintain the right balance
- Do not trust but run checks and controls
- Build automation everywhere you can and industrialize our cybersecurity processes
- Lead and or contribute to Cyber in-house tools development (end-user web portal, technical services, etc.)
Digital Environment
- Total scope of thousands business applications, written in many different languages; source code hosted in GitHub
- Strong objective to automate DevSecOps controls and limit cybersecurity human resources effort
- International context and multiple third-party vendors and developers, with variable DevSecOps maturity levels
- Strong partnership with Enterprise Architecture and some highly mature departments to define development practices and technologies evolution
- Growing investments on IA projects, aligned with Data and AI strategy
- Daily interactions with European and Americas-based colleagues
ABOUT YOU
Formal Education and Experience Required
- University/Master’s degree in Computer Science, preferably in Cybersecurity
- Application Security and Penetration testing experience
- Computer Programming skills, especially in Python, PowerShell, C#, Symfony and API Platform
- 5 to 7 years of professional experience in application development, of which 3 to 5 years is in DevOps or Cybersecurity
- Security Certifications like CISSP or CEH (Certified Ethical Hacker) are welcome
Expertise and Competencies
- Expertise as a penetration tester at the application level
- Expertise in OWASP and MITRE attack framework
- Large knowledge in IT, development languages and frameworks and DevOps environments (GitHub), AWS and Azure cloud services
- Scripting skills in Shell, Python, PowerShell are expected
- Knowledge in containers technologies (RedHat OpenShift and Kubernetes)
- Leadership and strong communication skills with the ability to effectively convey complex security concepts to technical and non-technical stakeholders
- Strong decision making and, capacity to balance human effort vs application business value
- Curiosity and appetite for learning new technologies
- Appetite for challenges
- Ability to translate complex technical stories into non-technical language is necessary
- Mastery of English is required
PURSUE PROGRESS, DISCOVER EXTRAORDINARY
Better is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people – people from different backgrounds, in different locations, doing different roles, all united by one thing: a desire to make miracles happen. So, let’s be those people.
At Sanofi, we provide equal opportunities to all regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.
Watch our ALL IN video and check out our Diversity Equity and Inclusion actions at sanofi.com!
At Sanofi diversity and inclusion is foundational to how we operate and embedded in our Core Values. We recognize to truly tap into the richness diversity brings we must lead with inclusion and have a workplace where those differences can thrive and be leveraged to empower the lives of our colleagues, patients and customers. We respect and celebrate the diversity of our people, their backgrounds and experiences and provide equal opportunity for all.
As part of its diversity commitment, Sanofi is welcoming and integrating people with disabilities.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Automation AWS Azure C CEH CISSP Cloud Computer Science DevOps DevSecOps GitHub Kubernetes Monitoring OWASP Pentesting PowerShell Python Scripting Strategy
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs