IT Security Expert

IT Security Expert

CODIX is an International Software company, headquartered in France, providing iMX, the unique all-in-one innovative solution for Banks, Telecoms, Utilities, Insurance companies, etc.
CODIX is a dynamic company with a rapidly expanding client portfolio (BNP PARIBAS, SOCIETE GENERALE, KBC, BARCLAYS, ORANGE, BANCO SANTANDER, SILICON VALLEY BANK, BOUYGUES TELECOM, EUROFACTOR, EULER HERMES, COFACE, ATRADIUS, etc.) and worldwide presence with its subsidiaries on 4 continents.

We are looking for:

IT SECURITY EXPERT

IT Security Expert will be part of the Security Team, under C.I.O. supervision and control

• Participate in global IT security improvement, being at global organizational level, at production level or at implementation/control of security measures
• Conduct Vulnerabilities and Pentest Audit on the in house created IT Solutions and the supporting IT infrastructure
• Propose and follow up remediation action plan of the identified weaknesses
• Assist teams in evaluating the IT security topics raised by clients

• Knowledge of penetration testing principles, tools, and techniques
• Skill in conducting vulnerability scans and recognizing security vulnerabilities in IT Systems
• Skill in the use of penetration testing tools and techniques
• Criminal record clearance is a must
• Excellent customer service and communication (oral / written) skills required
• Must be able to work independently or with a team
• Fluent English is a must

The candidate must possess one or several of the following certificates:
• OSCP (Offensive Security Certified Professional)
• OSCE (Offensive Security Certified Expert)
• GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
• eWPT (eLearnSecurity Web Application Penetration Tester)
• CEH (EC-Council Certified Ethical Hacker)
• ECSA (EC-Council Certified Security Analyst)
• LPT (EC-Council Licensed Penetration Tester)
• XWF (X-Ways Forensics)
• GPEN (GIAC Penetration Tester)
• CompTIA Pentest+

• Practical knowledge of OWASP
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of hardware and software reverse engineering concepts
• Knowledge of the SDLC and the knowhow to assist during all phases
• Skill in using network analysis tools to identify vulnerabilities
• Skill in utilizing exploitation tools (e.g., fuzzers, packet sniffers, debug, etc.) to identify IT system/software vulnerabilities (penetration and testing)
• Skill in assessing the robustness of security systems and designs
• Red teaming (network attacks, social engineering tests, phishing campaigns) experience
• Blue teaming experience (internal security team that defends against both real attackers and Red Teams)
• Malware analysis
• Threat hunting
• Incident Response analysis and post-incident analysis
• Practical Knowledge of Penetration Network Framework and tools listed in: http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
• Practical knowledge of other methodologies: PTES, PCI DSS are a plus
• Practical knowledge of several dedicated tools: Shodan, Recon-ng, dig, DMitry, theHarvester , Metagoofil, Fierce2.Qualys, nmap, CANVAS, Metasploit, Core Impact, Gleg’s Agora SCADA+ Pack, Social Engineering Toolkit (SET), Common User Password List (CUPP).Hashcat, OWASP ZAP, OpenVAS, sqlmap, nikto2, w3af, SNMP Walk, JBroFuzz lub wpscan, nmap, dirbuster, ike-scan, Unicornscan, p0f, xprobe, etc.
• Number and list of disclosed application vulnerabilities within non-profit activities (i.e. Bug Bounty, Capture the Flag etc.) and reported to institutions/companies, including zero-day vulnerabilities. Placing on Hall of Fame list is a plus
• Forensics analyze will be considered as a plus
• Experience working in Financial Services is a plus
• Intermediate or Fluent French is a plus

• Competitive remuneration package and other benefits
• Friendly working environment with international working standards
• On-boarding and further trainings
• Continuous investment into your professional development
• Unique career opportunities in a rapidly growing international company

Only shortlisted candidates will be contacted. We will collect, store and use your personal data for recruitment purposes only. All job applications will be treated with strict confidentiality.

Send your CV by clicking HERE. Apply now!

We are eager to meet you!