Cybersecurity engineer - DevSecOps expert (f/m/d)
Our Security Engineering team is seeking a Cybersecurity engineer based in Paris or Lille.
The Cybersecurity team is at the heart of the company, fueling the existing business model, building the new digital ecosystem, protecting the Decathlon brand and building customer trust. The team is made up of 3 core areas (digital risk management, architecture, security operations) and a network of over 80 security referents worldwide.
As part of the Group's Cybersecurity teams, we are looking for a Cybersecurity engineer with DevSecOps expertise. Possessing excellent communication skills in an international context, the main mission will be to lead our Secret Management, Key Rotation initiative and to ensure the Maintenance in Operational Condition (MCO) of DevSecOps tools.
Your responsibilities:
- Implement a comprehensive Secret Scanning solution for the company and develop tools around this solution (scripting/reporting).
- Build a unified enterprise-wide process to automate key renewal (Automated Key Rotation) by collaborating with business, development, and infrastructure teams.
- Effectively communicate complex security concepts to diverse audiences, from technical teams to management.
- Create clear and concise documentation and presentations on best practices for Secret Management and Key Rotation and keep them up to date.
- Regularly lead workshops and training sessions to educate teams across the organization.
- Define and maintain Key Performance Indicators (KPIs) for the Secret Management and our Key Rotation program.
- Drive the integration of Secret Scanning and Key Rotation tools into our DevSecOps pipeline.
- Analyze the results from Secret Scanning tools and provide actionable insights to the relevant teams.
- Act as a security ambassador, promoting a culture of security awareness throughout the organization.
- Be responsible for MCO (Maintaining Operational Conditions) or MRO (Maintain, Repair & Operations) and the continuous improvement of DevSecOps tools, namely SAST, SCA, and Secret Detection, in collaboration with another Technical Security Engineer.
- Manage our customer tickets related to our application security tools.
- Actively participate in the DevSecOps program within Decathlon Digital as a direct contributor and expert through active involvement in:
- the training of the Security Champions community
- awareness events
- promoting the culture and best practices of DevSecOps
What you will need to succeed:
- A degree in Computer Science, Cybersecurity, or related field
- Minimum of 3 years of experience in IT security, with a focus on AppSec (Application Security)
- Strong communication skills, both written and oral, with proficiency in:
- Simplification: Explaining technical concepts to non-technical audiences
- Documentation: Writing and maintaining up-to-date documentation and providing regular, clear, and comprehensive reports
- Presentation: Delivering presentations and training
- Collaboration: Facilitating communication among various stakeholders outside the Security teams
- Solid knowledge of Secret Scanning tools, key management systems, and automated rotation techniques
- Familiarity with SAST (Static Application Security Testing) & SCA (Software Composition Analysis) tools
- Experience with DevSecOps practices in CI/CD pipelines
- Proficiency in Python programming language
- Familiarity with the application development lifecycle
- Mastery of authentication and authorization tools and protocols
- Experience with cloud environments (AWS, GCP, Azure)
- Understanding of common security vulnerabilities (OWASP) and attack vectors
- Demonstrated ability to work effectively with diverse teams in business, development, and infrastructure domains
- Proficiency in English; additional languages are a plus
Compétences souhaitées :
- Expérience en technical writing (documentation, blog posts, whitepapers, etc)
- Expérience avec SAST (Static Application Security Testing) , SCA (Software Composition Analysis), DAST (Dynamic Application Security Testing) et autres application security tools
- Connaissance de la conteneurisation et de la sécurité du runtime et cloud accounts
- Familiarité avec les compliance standards relatifs à la data protection et best practices liées au key management
- Familiarisation avec les security audits ou penetration testing
WHAT YOU GET
- Work from home up to 2 days per week
- Opportunity to work in either of Decathlon Technology's offices in Lille or Paris (with regular travel to Lille, at a frequency of 2 or 3 days every 15 days).
- Hardware provided in accordance with your missions and our social commitments (Mac, Windows, Chromebooks)
- A local project team and within a global network (international career path)
- Skills development and mentorship (diversity of projects, technical certification from the first year, internal and external training, etc.).
Remuneration package (employee share ownership, monthly/quarterly bonuses)
DECATHLON DIGITAL CONTEXT
What if technology allowed us to push the boundaries and take sports experiences to new levels? That's exactly our goal at Decathlon Digital! We are a team of 5,000+ experts in software engineering, product management, data, cloud, and cybersecurity, distributed across Paris, Lille, and Amsterdam. Together, we are creating the largest digital sports platform, leveraging tech innovation from design to value chain optimization, connected experiences and product second life.
Changing the game for good. We are in this for the love of sports. And like everything we love, we want it to last. That’s why we are embarking on a journey to create a more sustainable tech model, reducing our direct environmental impact while maintaining a safe, diverse, and inclusive space for all our people to learn and thrive together. Team up with us to design the digital future of sports.
Postuler à ce poste
*
indique un champ obligatoire