In Digital Cyber Security Dept., we are looking for a Digital Cyber Security Expert into the Vulnerability Operations Center, one pilar of the Vulnerability Operations Center & Legal Ops Team.
Position is focus on Internet Risk Exposure . The activity is global, relates to different categories of assets (Web sites, APIs, Routers, IPs,…) and the team is responsible for detection, analysis and remediation to any possible cyber-threats and/or non-compliances. Digital Cyber Security Expert needs to be an expert in cyber security. He/She must have expertise in principles of ethical hacking, secure development, and system hardening (Top 10 OWASP, Top 25 CWE, Patch management, …).
Develop end-to-end Vulnerability Management process in order to decrease our risk exposure on Internet
Develop automation of scope update in order to ensure assets exposed on Internet are monitored
Promote the different Vulnerability Detection Services around the company (Vulnerability scanners, Pentest, Bug Bounty, Compliance scanner, …)
Contribute to maintaining up-to-date inventory of assets exposed on Internet (usage, type, ownership, components installed, …)
Chase Shadow-IT on Internet in order to keep back the control of any system handling Sanofi’ data
Define the roadmap, moving forward step by step with concrete results and promote the value for Cyber Security team.
Contribute to the VOC activity extension to better protect the company
Own and drive Cyber solutions with our vendors
Contribute to define the roadmap and priorities.
Envision proactive detection capability to build automatic response capability based on business context.
Define and Implement the relevant use cases working with the business and Cyber Security Network.
Manage end-to-end the vulnerability remediation and steer the lessons learned.
Promote the vision and the Cyber value added for the company.
Build and develop the activity according to your roadmap, delivering step by step with visible results.
Work across Digital organization and business entities to enable the most valuable use cases.
Integrate your activity in the existing Cyber ecosystem leveraging the current Cyber components.
Report on regular basis about achievements and metrics.
Communicate via multiple channels to make people more cautious using experience feedback.
Ensure that on-site support teams are trained and ready to answer in case of end user request or alert.
Based on your technical experience and Cyber expertise on some key components like Web site, APIs, Infrastructure components, Database, PowerBI, build a consistent management of vulnerabilities from end-to-end, and contribute to identifying any deviation to best practices.
Leverage as much as possible existing security features already purchased and identify the best combination.
Formal Education and Experience Required
University/Master’s Degree in Computer Science, preferably in Information Security.
Real world Vulnerability Management experience.
10 years of professional experience in IS/IT, of which 5 years is in IS/IT Security.
Security Certifications like CISSP or CEH.
Expertise and Competencies
Significant expertise in secure development of Digital components (Web site, Web services, APIs, …)
Experience feedback on Vulnerability detection scanners would be preferred
Basic understanding of network infrastructure components, WAF, proxy, and firewalls is necessary.
Experience in Vulnerability management would be preferred.
Basic skills in building SQL request and PowerBi dashboards would be preferred.
Leadership and strong communication skills.
Ability to translate complex technical stories into non-technical language is necessary.
Mastery of English is required.
Experience feedback on O365 and Zscaler cloud services would be preferred.
Basic understanding of computer networks, firewalls, intrusion prevention technologies, and Antivirus technologies is necessary. Real world experience working with these technologies is expected.
Expertise as a red team penetration tester or a blue team system defender would be preferred.
Experience with Security Information Event Management (SIEM) systems and Event Detection and Response (EDR) technology.
Basic scripting skills in Python, Powershell and Visual Basic would be expected. More advanced programming skills are not required but would add strongly to the profile.
Sanofi Inc. and its U.S. affiliates are Equal Opportunity and Affirmative Action employers committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race; color; creed; religion; national origin; age; ancestry; nationality; marital, domestic partnership or civil union status; sex, gender, gender identity or expression; affectional or sexual orientation; disability; veteran or military status or liability for military status; domestic violence victim status; atypical cellular or blood trait; genetic information (including the refusal to submit to genetic testing) or any other characteristic protected by law.
At Sanofi diversity and inclusion is foundational to how we operate and embedded in our Core Values. We recognize to truly tap into the richness diversity brings we must lead with inclusion and have a workplace where those differences can thrive and be leveraged to empower the lives of our colleagues, patients and customers. We respect and celebrate the diversity of our people, their backgrounds and experiences and provide equal opportunity for all.