
Alternance - Consultant Cybersécurité F/H (H/F)
Hybrid
Cesson, France
Full Time
19-03-2025
Job Specifications
DescriptionVos missions : Nous recrutons un(e) alternant(e) rattaché(e) à l'équipe Conseil & Audit de Rennes. Vous serez accompagné(e) par un consultant expert et participerez aux activités inhérentes au conseil et à l'audit en entreprise : - Analyses de risques notamment en suivant la méthodologie EBIOS RM. - Rédaction de documents (Politique de Sécurité des SI, Plan d'assurance Sécurité, Procédure de sécurité). - Audit et contrôle de conformité en cybersécurité notamment au travers des référentiels normatifs et de bonnes pratiques (guide hygiène informatique, ISO 27001, NIS2...). - Action de sensibilisation. - Droit de la cybersécurité et conformité réglementaire (RGPD...). - Cyber-résilience et gestion de crise. - Conseil technologique en lien avec la sécurité de l'intelligence artificielle. Vos atouts et compétences clés pour le poste : Vous êtes titulaire d'un BAC+3/4 en informatique et/ou réseau et préparez un BAC+5 en alternance. Vous souhaitez vous spécialiser dans les métiers du conseil et de l'audit de la cybersécurité. Curieux(se) et ouvert(e), vous disposez d'une bonne capacité de communication à l'écrit (rédaction de rapports et notes) et à l'oral (réunions, entretiens, restitutions). Une aisance en anglais est un plus. Vous êtes avant tout passionné(e) par le domaine de la cyberdéfense et de la sécurité informatique. Contrat : Alternance de 1 ou 2 ans. Pourquoi nous rejoindre ? Nos collaborateurs sont notre richesse ; nous ne pouvons protéger nos clients sans eux ! Chez Orange Cyberdefense, vous rejoindrez une communauté d'experts passionnés avec lesquels vous réaliserez des missions qui font sens. Nos + : - Notre état d'esprit : Organisation d'afterworks, team building, tournoi de babyfoot & co, implication des salariés dans les projets de l'entreprise ; - Votre carrière : Formations, certifications, assessments, Academy, mobilité interne, missions au sein de nos sites à l'international ; - Notre engagement : partenaire clé en période de crise (protection des services de santé pendant la crise COVID-19, sécurisation des collectes pour Notre-Dame de Paris, etc.), acteur dans la politique RSE du Groupe Orange (égalité des chances, défense de la diversité...) ; - Votre équilibre de vie : télétravail, soutien aux activités sportives et culturelles, organisations de challenges sportifs etc. ; - Nos autres avantages : Participation (Groupe Orange), intéressement, épargne salariale, compte épargne temps, chèques cadeaux etc. Challenge, bienveillance et expertise seront au cour de votre quotidien. Rejoignez-nous !
PROFIL SOUHAITÉ
Expérience
Débutant accepté
Source: France Travail (https://www.francetravail.fr/)
About the Company
Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group. As the leading security provider, we strive to build a safer digital society. Know more
Related Jobs


- Company Name
- Free-Work
- Job Title
- Ingénieurs sécurité nationalité française
- Job Description
- Nous recrutons un ingénieur Devsecops pour une première longue mission chez un de nos clients prestigieux : > Conception et développement d’évolutions d'une solution d'infrastructure de virtualisation réseau sécurisé de type ETSI NFVi en approche "Secure by Design" > Maintien en Condition Opérationnelle et Maintien en Condition de Sécurité: en faisant une veille sur les OSS utilisés, ainsi que sur leurs vulnérabilités, en participation aux co-ingénieries avec l'Architecte sur l'architecture cible pour un objectif multi-niveau de sécurité, en participant à l’élaboration des documentations permettant une évaluation CC EAL4+ de la solution, ainsi qu'aux échanges avec l'ANSSI, en faisant évoluer la solution basée sur des OSSs en DevSecOps afin de répondre aux objectifs de sécurité et à l'ajout de Demande d'Evolution, en participant activement au support correctif pour les affaires utilisant la solution L'objectif de l'équipe passionnée est de faire évoluer en permanence le niveau de sécurité d'une solution référente à fort potentiel.. Cette première mission basée à Gennevilliers ne permet pas (ou très peu) de télétravail. > Support correctif Profil candidat: Vous êtes ingénieur sécurité avec au moins un poste/mission de plusieurs années basé sur de la sécurité opérationnelle, qui vous ont permis de bien comprendre les meilleures pratiques en sécurité défensive (Blue Team) et les solutions technologiques de référence afférentes (SIEM, SOAR, XDR...), et si possible des processus d'homologation / certification (suivi des plans de rémédiation) Vous savez travailler en équipe dans un environnement rigoureux, et qui nécessite la nationalité française du fait de la nature de l'activité du client. Vous avez l'ambition de contribuer à un grand projet chez un grand nom de l'industrie, qui sera structurant pour la suite de votre parcours. L'expérience attendue est de 3 à 10 ans, rémunération selon profil. Plusieurs recrutements sur ce type de poste avec des arrivées entre mai et octobre 2025.


- Company Name
- Voyage Privé
- Job Title
- Chief Information Security Officer (CISO) H/F
- Job Description
- Born in France in 2006, Voyage Privé has grown from an ambitious startup into becoming the Europe's leading travel tech platform. Operating across 9 markets with tens of millions of users, we're not just another e-commerce success story - we're a tech powerhouse revolutionizing online travel. As a mission-driven company, we're unique in combining cutting-edge technology with social impact. Our innovative campus brings together tech talent, professional athletes, students, and artists, creating an ecosystem where digital innovation drives both business growth and positive change. We're now at an inflection point, upgrading our entire technical foundation with cloud architecture, AI, and real-time systems to become a reference and top-of-mind platform for luxury travel, known by travelers for its for excellent offer and customer experience, and by our providers as a high-performance business development partner. Why Join Us? Work at the intersection of cutting-edge technology and a mission-driven company, transforming how millions experience travel. Be part of an entrepreneurial team of innovators that isn't just building technology: we value innovation, ownership, and collaboration, with an emphasis on empowering engineers to make a difference. Shape a fast-growing tech company as we embark on an ambitious plan to scale tenfold in the next decade. Fast-paced, innovative environment with a real impact on high-end travel experiences. A chance to lead security efforts at a strategic and operational level. Direct visibility with the CDO and ExCom, shaping the future of security in a dynamic industry. A collaborative, tech-driven culture that values security as a business enabler. Enjoy a workplace that invests in personal and professional development, offering learning programs, mentorship opportunities, and career growth pathways. Job Description We are a large, renowned, fast-growing e-commerce company specializing in high-end online travel experiences. Security is a strategic priority to maintain the trust our customers have placed in us. Our goal is to protect our assets, manage risk, ensure compliance with regulatory requirements (e.g., PCI-DSS v4, GDPR), and build customer trust, all while supporting innovation in our technology and operations, and a profound transformation of our systems to enable and power our ambitious growth objectives. We are looking for a Chief Information Security Officer (CISO) who will define and execute a global security strategy, lead risk management efforts, and foster a strong security culture across the company. This role will be pivotal in securing our evolving infrastructure, enhancing governance, and demonstrating business impact through security initiatives. Key Responsibilities 1. Define, Drive, and Execute the Security Strategy & Roadmap Develop and maintain a comprehensive security strategy that covers technical, organizational, and physical security aspects. Build and execute a structured security roadmap aligned with the company’s business and technical transformation. Identify, assess, and prioritize information security risks (technical, organizational, human) and define appropriate mitigation plans. Ensure compliance with industry regulations and standards (PCI-DSS v4, GDPR, and other relevant frameworks) in collaboration with legal and business teams. Regularly report security progress, risks, and achievements to the Chief Digital Officer (CDO) and the Executive Committee (ExCom) through Quarterly Business Reviews (QBRs). 2. Proactive Risk Management, Automation & Business Impact Implement risk-based security measures and establish a continuous improvement approach for security operations. Develop automated security dashboards to provide real-time visibility on security posture, including risks, incidents, and security initiatives. Demonstrate tangible business impact of security actions (e.g., revenue protection, reduced fraud, SLA adherence, strengthened partner trust). Establish Key Performance Indicators (KPIs) to measure security effectiveness and ensure alignment with business objectives. 3. Technical, Physical, and Network Security Oversee physical security measures (e.g., access controls, video surveillance, alarms) in coordination with infrastructure and facilities teams. Ensure the security of networks, cloud infrastructure, and hybrid environments (on-premises + cloud). Secure our API-driven, microservices-based architecture, working closely with DevOps and cloud teams. Drive Security by Design and Zero Trust principles in all technology initiatives. 4. Leadership, Team Management & Cross-Team Collaboration Collaborate with product, data, engineering, infrastructure and legal teams to integrate security across all business functions. Work alongside the Office IT Manager for security-related actions within Microsoft environments (Active Directory, Office 365, MFA, etc.). Foster executive buy-in and ensure that security is seen as a business enabler, not a blocker. 5. Security Awareness & Culture Development Promote a strong security culture throughout the company, ensuring all employees understand their role in cybersecurity. Implement company-wide security awareness programs, including phishing simulations and best practices training. Act as a trusted advisor on security matters, maintaining a pragmatic and educational approach. 6. Data Protection, GDPR & Third-Party Risk Management Ensure compliance with GDPR and data privacy regulations, working closely with legal teams. Oversee data protection, anonymization, and secure storage practices. Manage third-party risk by ensuring vendors and partners meet security standards before integration. 7. Incident Management & Continuous Improvement Establish a structured incident management process, covering detection, response, mitigation, and post-incident reviews. Lead internal and external security audits, including penetration tests, organizational security reviews, and compliance assessments. Stay ahead of emerging cybersecurity threats and adapt security strategies accordingly. 8. Budget & Security Investments Define and manage the security budget, ensuring cost-effective investments in security tools and technologies. Justify security spending by demonstrating ROI and risk reduction benefits. Qualifications Technical Skills: Proficiency in IT security tools and concepts: Access management (IAM, SSO, MFA). Infrastructure security (firewalls, VPNs, network monitoring, Wi-Fi security). Application security (OWASP Top 10, API Gateway). Strong knowledge of standards and certifications: PCI-DSS, ISO 27001, GDPR (in collaboration with the legal team). Experience in hybrid environments (on-premise + cloud) and transformation projects. Advanced skills in dashboard creation and automated reporting, with a focus on demonstrating business impact (tools like Power BI, Tableau, or security-specific solutions). Soft Skills: Leadership...


- Company Name
- INTERPOL
- Job Title
- Information Systems Security Analyst - Reserve list exercise
- Job Description
- Vacancy Notice 1067 INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime. INTERPOL strives to achieve a diverse and inclusive workforce and welcomes applications from individuals with diverse backgrounds, experiences, and perspectives. To achieve our Diversity goals, we encourage applications from women and nationals of under/unrepresented member countries who are passionate about our mission. INTERPOL’s recruitment process is merit-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization. Job Title: Information Systems Security Analyst - Reserve list exercise Reporting To: Security Operations Centre Manager Location: Lyon, France Type of contract: Fixed-term contract Duration (in months): 36.00 Grade: 5 Number of post: Reserve list exercise Level of Security screening: Enhanced Deadline for application: 9 April 2025 Conditions applying for all candidates Only professional experience for which candidates can provide official proof of employment will be considered. Candidates could be requested to provide copies of such official documents prior to interviews/test. This selection exercise will be used to generate a reserve list of suitable candidates that may be used to address Organization's similar staffing needs in the future. Tests/interviews in connection to this selection procedure will take place approximately 3 to 4 weeks after the deadline for applications. Applicants are kindly requested to plan their availability during this period accordingly, in case they are short-listed. Selected candidates will be expected to report for duty approximately two to three months after receiving an offer of employment at the latest. INTRODUCTION OF POST The post-holder reports to the Security Operations Center Manager. The Information Systems Security Analyst must know how to source, install and maintain various security systems, including but not limited to unified threat management (UTM), messaging gateway, security information and event management (SIEM), encryption system and endpoint security. As part of the Security Operations Center (SOC) team, the Information Systems Security Analyst is required to observe server logs, firewall logs, intrusion detection logs, web filtering and antiviral systems for any unusual or suspicious activity, in order to prevent compromise. Conducting Incident Management, Business Impact Analysis (BIA) and Disaster Recovery Planning (DRP) is crucial, as well as ensuring that recovery configurations are updated frequently. Information Systems Security Analyst is obligated to monitor external sources to find available security patches and are to prioritize and make recommendations for implementation. Finally, it is expected that Information Systems Security Analyst demonstrates knowledge in the planning and creation of organization security documents and architecture. It is important to remain up to date with detailed knowledge of the IT security industry. This includes the awareness of new or updated security solutions, improved security processes and the development of new attacks and threat vectors. Primary Duties Duty 1: Security and Collaboration in Operations Participate in Security Operations Center (SOC) activities, SOC process improvement and support on-call duties / shift working time. Monitor computer security risks, network events and signals from security tools to identify probable security incidents and communicate information to the relevant stakeholders as necessary. Respond to IT security incidents, review daily alerts, perform triage, carry out in-depth investigations on security events and comply with Interpol’s Incident Management Process. Evaluate events, incidents and attacks, identify the root cause of the attack, implement required security actions to counter the attack, and restore system operations. Proactively explore the weaknesses and vulnerabilities in IT infrastructure. Analyze threats and catch indicators of compromise, indicators of attack and advanced persistent threats. Provide Strategy to Containment and Eradication and recovery procedures based on Disaster Recovery Plan. Ensure a technology watch in order to remain up to date with new developments, trends and techniques in the domain of IT security. Duty 2: Security Engineering Maintain, configure and fine-tune IT security tools and related products, for example (not exhaustive): SIEM, SIM, UEBA, SOAR, Reverse Proxies, Directories, Identity Management, Identity Access, Antivirus, Vulnerability scanners, PKI, Authentication, Application Firewalls, etc. Perform SIEM implementation and management: rules, logic, actions and alert creation to detect potential security incidents across the organization. Gather requirements, perform troubleshooting, aid with the creation of SIEM search queries, improve the effectiveness and quality of the current detections, and reduce numbers of false positives. Ensure that proper use cases, operational controls, procedures, tests and documentations are in place to quickly move from test to production. Proactively seek to improve and develop new strategy based upon observed security events. Perform deep data analysis to gain valuable understanding of the data. Request to onboard new data sources into the SIEM. Perform automated health checks, and ensure effectiveness of events and incident detection. Duty 3: Security and Risk Management Assist the SOC Manager by ensuring feasibility and coherence between organizational security polices and those of the IS&T Operations Sub-Directorate. Propose mitigation steps based on presented Risk Assessments. Participate in initiatives to inform and train colleagues about security awareness and best practices. Assist the SOC Manager in drafting and maintaining various internal Standard Operating Procedures. Assist the SOC Manager to the contribution to the IS Directorate yearly business plan and roadmaps. Liaise with the SOC Manager in order to escalate any strategic IT security risks linked to technology or within the scope of work of the IS&T directorate. Execute the relevant security audits, assessments, penetration tests etc. and advise the SOC Manager on corrective actions or enhancements to IT products or projects. Perform any other duties as required by the SOC Manager. Requirements Training/Education required Three-to-four years’ education at a University or other specialized higher education establishment, in the field of software engineering, computer science, information technology, information security, mathematics, engineering or a related field preferred. One or more internationally recognized IT Security Certifications (CISM, CISSP, CEH, etc.) Experienc...


- Company Name
- CS GROUP
- Job Title
- Développeur/euse fullstack Java / React - Cybersécurité - Le Plessis-Robinson
- Job Description
- Description De L'entreprise Référencé par le Capital Magazine figurant parmi les « Meilleurs employeurs 2023 », CS est une société filiale autonome de Sopra Steria GROUP avec un rayonnement en France et à l’international (plus de 2500 collaborateurs). Experts des systèmes critiques pour les secteurs de la Défense, l'Industrie, le Spatial, la Cybersécurité et l'IA. Partenaire ANSSI, certifié PASSI RGS et LPM, la Business Unit Cybersécurité sécurise les infrastructures des industries les plus critiques (nucléaires, militaires), nous protégeons les informations les plus sensibles (Lettre recommandée électronique, Signature Notariale, etc.). Nous proposons un accompagnement global : de la conception jusqu’aux services managés, en passant par l’intégration systèmes & sécurité, le conseil ainsi que la délégation d’expertise (AT). Description Du Poste Nous recrutons un/e Développeur/euse fullstack Java / React pour rejoindre notre business unit Cybersécurité. Vous rejoindrez les équipes Trusty. Trusty est une gamme complète de services de confiance. Les services souverains de confiance Trusty agissent en complémentarité et garantissent une protection des échanges, des données et des accès en conformité avec les réglementations. Vos missions : Réaliser les spécifications techniques, Développer et créer des tests unitaires, Développer et tester les corrections et évolutions, Participer aux réunions techniques avec le client. L’environnement technique : Java JEE: Spring, Hibernate. Javascript: React. PostgreSQL. Git, Jenkins, Maven, SonarQube, Selenium, Linux, VMWare, Docke rCybersécurité : Certificats x509, PKI, Chiffrement, PaDES/XaDES, BouncyCastle .Qualification sDe formation Bac+5, vous avez une première expérience en développement Java/React. Vous souhaitez vous former et évoluer dans un secteur d’avenir tel que la cybersécurité. Vous êtes intéressé/e par les nouvelles technologies web, les méthodologies DevSecOps, et maîtrisez un maximum des technologies citées précédemment .Vous avez une capacité à travailler en équipe et vous savez résoudre des problèmes complexes ? Vous êtes un/e bon/ne communicant/e et faites preuve de qualités rédactionnelles ? Alors vous êtes la pépite que nous recherchons !À compétences égales, ce poste est ouvert aux personnes en situation de handicap .Informations supplémentaire sIntégrer l’Agence Conseil & Audit, c’est aussi :Des formations dès votre arrivée et tout au long de votre carrière : la CS Academy et la Sopra Steria Academy vous proposent des parcours de formations spécifiques aux métiers et à votre environnement (4400 jours de formation en 2023, 5700 jours de formation prévus pour 2024) ;Des espaces de travail collaboratifs modernes, lumineux et flexibles ;Des facilités d’accès : lignes de bus depuis le centre-ville (transports en commun avec prise en charge à 50%), parking privé pour les automobilistes, les cyclistes et les motocyclistes ;Du télétravail, si le projet le permet ;Une mutuelle prenant en charge votre famille ;Un comité d’entreprise offrant des avantages culturels, sportifs et des réductions sur vos hébergements et transports lors de vos vacances ;Une prime vacances et de cooptation ;Mais aussi… la promesse de se détendre entre midi et deux (babyfoot, jeux, tables extérieures…) .LA SUITE DES ÉVÉNEMENT SSi votre profil correspond, vous aurez un entretien technique avec l’un de nos responsables opérationnels. Puis, vous rencontrerez un/e recruteur/se lors d’un entretien RH. Et nous nous engageons à vous faire un retour par téléphone : )Employeur inclusif et engagé, notre société œuvre chaque jour pour lutter contre toute forme de discrimination et favoriser un environnement de travail respectueux. C’est pourquoi, attachés à la mixité et à la diversité, nous encourageons toutes les candidatures et tous les profils .https://www.soprasteria.fr/nous-connaitre/nos-engagements