Cybersecurity Specialist (Cloud & Application Security)Pierre & Vacances - Center Parcs
Paris (75)CDI
Il y a 8 heuresSoyez parmi les premiers à postuler
Critères de l'offre
Métiers :
- Certification / Security Specialist
Expérience min :
- débutant à 10 ans
Secteur :
- Hôtellerie, Restauration, Tourisme, Loisirs
Lieux :
- Paris (75)
Conditions :
- CDI
- Temps Plein
L'entreprise : Pierre & Vacances - Center Parcs
Créé en 1967, le Groupe Pierre & Vacances-Center Parcs est le leader européen du tourisme de proximité. Aujourd'hui, avec ses marques touristiques complémentaires - Pierre & Vacances, Center Parcs, Sunparks, Villages Nature Paris, Aparthotels Adagio et Maeva.com - le Groupe exploite un parc touristique de 45 800 appartements et maisons, situés dans 282 sites en Europe. En 2019/2020, le Groupe a réalisé un chiffre d'affaires de 1 298 millions d'euros.
Si vous souhaitez rejoindre une entreprise internationale où vous pourrez faire la différence, travailler dans un environnement où votre bien-être compte, envoyez-nous votre candidature sans plus attendre !
Description du poste
The Pierre & Vacances Center Parcs Group #PVCP, European leader in local tourism with more than 13,000 employees, aims to create memorable experiences in places where life is good.
Your missions :
Cloud Security Engineering :
* You'll take a hands-on approach to implementing security controls within our cloud environments (Azure and/or GCP).
* You will ensure our cloud configurations are compliant with industry standards like CIS controls and NIST frameworks.
* This includes configuring and managing Identity and Access Management (IAM), network security groups, and encryption strategies.
Application Security :
* You will be directly involved in the code. This means performing static and dynamic application security testing (SAST/DAST) to identify vulnerabilities and working with development teams to remediate them. You'll also be responsible for integrating security tools and automated checks directly into our CI/CD pipelines.
Threat Modeling & Risk Assessment :
* Proactively identify and assess security risks in our applications and cloud infrastructure.
* You'll participate in threat modeling exercises and help the team understand and mitigate potential threats before they become a problem
* Incident Response: You will be a key part of the team that investigates and responds to security incidents, particularly those related to our applications and cloud services.
Project Management:
* Projects and execution which are in the scope of the CISO department.
Internal Consultant:
* Consultant on Cyber Security for Internal Teams (DIOSI)
Policies:
* Creation and enforcement
KPI:
* CIS, NIST and ISO270001
Your missions :
Cloud Security Engineering :
* You'll take a hands-on approach to implementing security controls within our cloud environments (Azure and/or GCP).
* You will ensure our cloud configurations are compliant with industry standards like CIS controls and NIST frameworks.
* This includes configuring and managing Identity and Access Management (IAM), network security groups, and encryption strategies.
Application Security :
* You will be directly involved in the code. This means performing static and dynamic application security testing (SAST/DAST) to identify vulnerabilities and working with development teams to remediate them. You'll also be responsible for integrating security tools and automated checks directly into our CI/CD pipelines.
Threat Modeling & Risk Assessment :
* Proactively identify and assess security risks in our applications and cloud infrastructure.
* You'll participate in threat modeling exercises and help the team understand and mitigate potential threats before they become a problem
* Incident Response: You will be a key part of the team that investigates and responds to security incidents, particularly those related to our applications and cloud services.
Project Management:
* Projects and execution which are in the scope of the CISO department.
Internal Consultant:
* Consultant on Cyber Security for Internal Teams (DIOSI)
Policies:
* Creation and enforcement
KPI:
* CIS, NIST and ISO270001
Description du profil
* Developer Background: You must have been a developer. Strong, hands-on experience with modern programming languages like Python, Go, or Java. You should be comfortable with development tools like Git and have a solid understanding of software development workflows.
* Cloud & Containerization Expertise: A deep understanding of Azure and/or GCP. You should also have hands-on experience with containerization technologies like Docker and Kubernetes. You're not just familiar with the concepts; you've worked with them and know how to configure them for security and performance.
* Security Knowledge & Implementation:
* Deep understanding of common web application vulnerabilities (e.g., OWASP Top 10, OWASP SAMM, OWASP API Security).
* Proven experience implementing and enforcing security best practices based on CIS controls and NIST frameworks for Azure and/or GCP.
* Experience with security tools for vulnerability management and application security testing.
* Advantage, knowledge on AI, especially Graph technology/Engineering
* Cloud & Containerization Expertise: A deep understanding of Azure and/or GCP. You should also have hands-on experience with containerization technologies like Docker and Kubernetes. You're not just familiar with the concepts; you've worked with them and know how to configure them for security and performance.
* Security Knowledge & Implementation:
* Deep understanding of common web application vulnerabilities (e.g., OWASP Top 10, OWASP SAMM, OWASP API Security).
* Proven experience implementing and enforcing security best practices based on CIS controls and NIST frameworks for Azure and/or GCP.
* Experience with security tools for vulnerability management and application security testing.
* Advantage, knowledge on AI, especially Graph technology/Engineering
Référence : 98WeNX1Z_177332665673769