Cybersecurity FOSS Analyst- GISACC

• Company Cybersecurity FOSS Analyst- GISACC
• No. of Openings 10+
• Salary Not Disclosed
• Work Type on-site

Job Description :

Mission

Part of the Group Cybersecurity team, the Cybersecurity FOSS(*) Analyst realizes the following activities:

• FOSS Cybersecurity risk analysis (30%)
• License compliance analysis (20%)
• FOSS audits (20%)
• Specification and/or development of tools and scripts associated to FOSS Cybersecurity and compliance analysis (20%)
• Cybersecurity compliance advice/control in the projects (10%)

Responsibilities

As part of these activities, you will be in charge of:

• Performing FOSS Cybersecurity risk analysis
  • Assess the risk and criticality of the FOSS vulnerabilities using the Valeo methodology and tool and write the corresponding reports in English
  • Maintain Valeo Cybersecurity standards
  • Be a source of propositions and advice on the solutions (technical or organizational) to reduce FOSS Cybersecurity risks
  • Maintain standard reports and templates for FOSS vulnerabilities communicated to the customers and stakeholders
  • Manage, measure and provide KPIs related to FOSS Cybersecurity risk analysis

• Performing license compliance analysis
  • Perform project license risk assessment on FOSS components using the Valeo methodology and tool and write the corresponding reports in English
  • Be a source of propositions and advice on the solutions (technical or organizational) to reduce license risks
  • Communicate with Valeo legal team for license approvals
  • Perform analysis of terms and conditions of open source licenses to determine license category
  • Performs regular reviews and updates on Valeo FOSS license catalog and license policy
  • Manage, measure and provide KPIs related to license compliance analysis

• Performing FOSS audits
  • Perform FOSS audits based on Valeo FOSS analysis tools
  • Perform audits on FOSS disclosure documents
  • Perform audits on FOSS license compliance and cybersecurity risks on various projects
  • Perform audits on Valeo License Policy applied by FOSS analysis tools
  • Manage, measure and provide KPIs related to FOSS audits
  • Control action plans following the audits

• Develop tools and scripts
  • Specify and/or develop tools and scripts associated with Cybersecurity FOSS analysis using high level programming languages (C, C++, Java,...) and scripting languages (Python, Perl, Javascript,..)
  • Maintain and enhance Cybersecurity FOSS analysis automation tools and scripts
  • Manage, measure and provide KPIs related to tools and scripts development and maintenance

Travels abroad are expected according to the needs.

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Risk Management, Engineering or Information Technology.

Fluent in English

[Optional] Certifications related to Cybersecurity

Experience

• You justify a significant experience of at least 2 years in Cybersecurity and/or software development.
• You have already conducted FOSS analysis and audits and are able to analyze Cybersecurity risks, license risks as well as operational risks associated with FOSS components.

Knowledge

• In-depth knowledge of FOSS Cybersecurity risks and solutions
• Knowledge of programming languages (C, C++ and Java)
• Knowledge of scripting languages (Python, Perl, Javascript)
• Knowledge of FOSS license risks, terms and conditions
• Knowledge of Cybersecurity standards and rules

Skills

• You are structured, methodical with a real concern for the analysis of details while being able to keep the big picture.
• Your pragmatism allows you to be effective, to bring solutions and to convince.
• You have real communication skills: listening, diplomacy, pedagogy. Your ability to maintain an open mind without prejudice allows you to foster dialogue and the relationship of trust with people with very diverse profiles / professions in an international context
• Your writing level in English is excellent and you know how to produce executive summaries.
• Finally, your autonomy, your proactivity and your curiosity lead you to be in a dynamic of regular reinforcement of your knowledge.

Your wish

• Join an international group where challenges will be a real way for you to progress.