DXC – CDG stands out for a culture strongly focused on performance and competitiveness, where ambition, challenge and customer orientation shape priorities. This dynamic is balanced by a collaborative culture, fostering trust, empowerment and close managerial support. It also integrates an innovation dimension, encouraging initiative, adaptability and experimentation. Finally, a well-established organizational culture provides structure, ensuring process rigor, reliability and operational efficiency. [+]

• Define and evolve client cloud security architecture, integrating Zero Trust, defense-in-depth, and least privilege principles.


• Design security patterns for Azure architectures: secure landing zones, network segmentation (NSG, Azure Firewall, Private Endpoints), secret management (Azure Key Vault), encryption of data at rest and in transit.


• Microsoft Defender for Cloud: secure score, recommendations, alerts, integration with Azure workloads (VMs, AKS, App Services, SQL, Storage).


• Azure Policy and Microsoft Defender for Cloud Regulatory Compliance (ISO 27001, CIS Benchmarks, NIS2, DORA).


• Ensure the security of containerized and Kubernetes architectures: AKS hardening, Microsoft Defender for Containers, image management (scanning, secure registry), network policies.


• Contribute to securing multi-cloud (AWS, GCP) and hybrid (on-premises / Azure Arc) environments with a unified governance approach.

• Integrate security into CI/CD pipelines (Azure DevOps, GitHub Actions, GitLab CI): SAST, DAST, SCA, secret scanning, dependency control.


• 
  Microsoft Defender for DevOps, GitHub Advanced Security (GHAS), SonarQube, Checkmarx, Snyk, Trivy, or equivalents.


• Conduct threat modeling sessions (STRIDE, PASTA) with development teams early in projects and for new features.


• Support developers on secure coding best practices: OWASP Top 10, secret management, input validation, API security (OAuth 2.0, JWT, API Gateway).


• Define and enforce Security Gates in delivery pipelines: criticality thresholds, blocking policies, exception management.


• Lead application security testing programs: pentest, bug bounty, security code reviews, in collaboration with internal teams or specialized providers.

• 
  Good knowledge of the Microsoft Security stack in an integrated approach: Defender XDR, Sentinel, Entra ID, Purview, Intune / Endpoint Manager.

• 
  Microsoft Sentinel: development of detection rules (KQL), response automation (SOAR / Logic Apps / Playbooks), data connectors, Workbooks, and Threat Intelligence.


• 
  Microsoft Defender for Endpoint, Defender for Identity, and Defender for Office 365.


• 
  Microsoft Purview: classification, DLP, sensitivity labels, information barriers, audit, and compliance.


• 
  Microsoft Entra Private Access / Internet Access (Global Secure Access / SSE).


• Define endpoint and mobile device compliance policies via Microsoft Intune, in line with Entra ID Conditional Access policies.

• Manage cloud security posture through Defender for Cloud dashboards, Azure Secure Score, and regulatory compliance reports.


• Define and track application and cloud security KPIs/KRIs: scanning coverage, vulnerability debt, MTTR, pipeline compliance rate.


• Participate in security committees, architecture reviews, and cloud transformation governance bodies.


• Maintain continuous monitoring of critical CVEs affecting cloud workloads and application dependencies, and manage remediation plans.


• Mentor and guide cloud security engineers and DevOps teams on security practices and tool usage.

Education Level: Master's degree (Bac +5) minimum.

Professional Experience Level:

• Minimum 7 years of experience in Windows system administration and SharePoint solutions (required).


• Completed a minimum of 4 SharePoint solution integration and/or migration projects.

Technical Skills — Cloud & Infrastructure

• 
  Microsoft Azure: service architecture (compute, network, storage, PaaS), native security (NSG, Azure Firewall, DDoS Protection, Private Link, Key Vault, Managed Identities).


• 
  Microsoft Defender for Cloud and the entire Microsoft CNAPP suite: CSPM, CWPP, KSPM, DSPM.


• 
  Azure Sentinel (Microsoft Sentinel): advanced KQL, custom detection development, SOAR integration, data connectors.


• Good knowledge of AWS and GCP environments: IAM, native security services, and integration into multi-cloud governance.


• Proficiency in containerized architectures: Docker, Kubernetes / AKS, Helm, image registry security, runtime security.


• Knowledge of zero-trust network architectures: ZTNA, SSE, SASE, micro-segmentation, identity and context-based conditional access.

Technical Skills — Application & DevSecOps

• Proficiency in DevSecOps tools: SAST (SonarQube, Checkmarx, Semgrep), DAST (OWASP ZAP, Burp Suite Enterprise), SCA (Snyk, Dependabot, Black Duck), secret scanning (Gitleaks, TruffleHog).


• Good knowledge of CI/CD pipelines: Azure DevOps, GitHub Actions, GitLab CI — and integrating security gates into delivery workflows.


• Understanding of modern application architectures: microservices, REST/GraphQL APIs, serverless (Azure Functions), event-driven, and their specific attack vectors.


• Proficiency in application security frameworks and standards: OWASP Top 10, ASVS, SAMM, CWE/SANS Top 25.


• Scripting skills for automation: PowerShell, Python, Bash; knowledge of Infrastructure as Code (Terraform, Bicep, ARM) from a security perspective.

Cross-Functional Skills

• Ability to see the big picture and connect technical challenges with business objectives and regulatory constraints.


• Recognized technical leadership: facilitating communities of practice, mentoring, contributing to the security roadmap.


• Excellent interpersonal skills, ability to persuade and engage diverse stakeholders — CISO, CTO, development teams, management.


• Quality writing in French and English: policies, architectures, consulting deliverables, presentation materials.

Education & Certifications

• Master's degree (Bac+5) in IT, cybersecurity, networks, or equivalent.


• AZ-500 (Azure Security Engineer Associate), SC-100 (Cybersecurity Architect Expert), SC-200 (Security Operations Analyst), SC-300.


• Valued security certifications: CISSP, CCSP (ISC²), CISM, or equivalent.


• Additional cloud certifications: AWS Security Specialty, GCP Professional Cloud Security Engineer.


• Application security certifications are a plus: CSSLP (ISC²), GWEB (GIAC), Kubernetes certifications (CKS).

Languages:

• French: fluent.


• English: fluent — producing technical deliverables, leading workshops, daily communication with vendors and international teams.