Part of the Group Cybersecurity team, the Cybersecurity FOSS(*) Analyst realizes the following activities:
FOSS Cybersecurity risk analysis (30%)
License compliance analysis (20%)
FOSS audits (20%)
Specification and/or development of tools and scripts associated to FOSS Cybersecurity and compliance analysis (20%)
Cybersecurity compliance advice/control in the projects (10%)
Responsibilities
As part of these activities, you will be in charge of:
Performing FOSS Cybersecurity risk analysis
Assess the risk and criticality of the FOSS vulnerabilities using the Valeo methodology and tool and write the corresponding reports in English
Maintain Valeo Cybersecurity standards
Be a source of propositions and advice on the solutions (technical or organizational) to reduce FOSS Cybersecurity risks
Maintain standard reports and templates for FOSS vulnerabilities communicated to the customers and stakeholders
Manage, measure and provide KPIs related to FOSS Cybersecurity risk analysis
Performing license compliance analysis
Perform project license risk assessment on FOSS components using the Valeo methodology and tool and write the corresponding reports in English
Be a source of propositions and advice on the solutions (technical or organizational) to reduce license risks
Communicate with Valeo legal team for license approvals
Perform analysis of terms and conditions of open source licenses to determine license category
Performs regular reviews and updates on Valeo FOSS license catalog and license policy
Manage, measure and provide KPIs related to license compliance analysis
Performing FOSS audits
Perform FOSS audits based on Valeo FOSS analysis tools
Perform audits on FOSS disclosure documents
Perform audits on FOSS license compliance and cybersecurity risks on various projects
Perform audits on Valeo License Policy applied by FOSS analysis tools
Manage, measure and provide KPIs related to FOSS audits
Control action plans following the audits
Develop tools and scripts
Specify and/or develop tools and scripts associated with Cybersecurity FOSS analysis using high level programming languages (C, C++, Java,...) and scripting languages (Python, Perl, Javascript,..)
Maintain and enhance Cybersecurity FOSS analysis automation tools and scripts
Manage, measure and provide KPIs related to tools and scripts development and maintenance
Travels abroad are expected according to the needs.
Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Risk Management, Engineering or Information Technology.
Fluent in English
[Optional] Certifications related to Cybersecurity
Experience
You justify a significant experience of at least 2 years in Cybersecurity and/or software development.
You have already conducted FOSS analysis and audits and are able to analyze Cybersecurity risks, license risks as well as operational risks associated with FOSS components.
Knowledge
In-depth knowledge of FOSS Cybersecurity risks and solutions
Knowledge of programming languages (C, C++ and Java)
Knowledge of scripting languages (Python, Perl, Javascript)
Knowledge of FOSS license risks, terms and conditions
Knowledge of Cybersecurity standards and rules
Skills
You are structured, methodical with a real concern for the analysis of details while being able to keep the big picture.
Your pragmatism allows you to be effective, to bring solutions and to convince.
You have real communication skills: listening, diplomacy, pedagogy. Your ability to maintain an open mind without prejudice allows you to foster dialogue and the relationship of trust with people with very diverse profiles / professions in an international context
Your writing level in English is excellent and you know how to produce executive summaries.
Finally, your autonomy, your proactivity and your curiosity lead you to be in a dynamic of regular reinforcement of your knowledge.
Your wish
Join an international group where challenges will be a real way for you to progress.