CV/Mission d'Architecte ebios freelance

Exemple de missions de Sébastien,
Architecte ebios habitant le Tarn-et-Garonne (82)

• and security architect

  Freelance – Network
  Jan 2019 - 2020

  OBJECTIVES:
  With the role of network and security architect, I had in charge to define a technical architecture for manufacturing assets connection (Industry 4.0). The perimeter was SAFRAN manufacturing sites (19 worlwide sites). I had to analyze SAFRAN corporate security standards, collect the need (sites audit,assets inventpry, business consultation) and propose according technical scenarios (pros/Cons, costs, maturity, context). I was in front of technical experts and solution providers.
  L
  
  SKILLS AREA – SPECIALTIES
  IOT/O environnements
  Network security infrastructures (Palo Alto firewalls, Cisco Catalyst (9X000 switches/routers). Network segmentation and micro-segmentation.
  Business requirements
  Technical design
  File transfert services solution (“passe-plat” based on fullsync, netapp and windows servers))
  Remote maintenance tools (beyond trust)
  
  ACITIVITIES
  Legacy analysis (manufacturing assets inventory)
  SAFRAN security standards (based on ANSSI preconisations) analysis
  Architecture scenarios proposition (workshop, pro and cons, associated cost). Some parts was based in design to cost method.
  ARD (DATG) document writing, presentation and delivery
  Workshop management

• onsultant

  CGI – Security c
  2017 - 2019

  OBJECTIVES:
  With the role of security consultant, I had in charge many missions around security for CGI bundles: Governance, risk management and compliance. I had in charge Security Policy definitions,( ISO 27001 compliance, GDPR compliance, Data Recovery Plan, security audits follow-up). I was also acting as architect internal development projects.
  In addition, I was also acting as security offers responsible: people recruitment and management, commercial offers writing … This activities was led “ part time”: 20% of my working time.
  
  SKILLS AREA – SPECIALTIES
  RGPD
  ISO27701
  EBIOS
  GDPR
  Static Application Security Testing (SAST, code analysis tools), Dynamic Application Security Testing (DAST, Pentest and vulnerabilities scan)
  System security (containers, hypervisors)
  Patch management (CVE analysis)
  Functional design
  
  ACITIVITIES
  Risk Analysis on customers application
  Seurity By Design
  Support to development project: security architecture definition

• 2017 - 2018

  CGI - Technical project manager for LABANQUEPOSTALE
  
  OBJECTIVES:
  With the role of technical project manager, I had in charge the upgrade of LAN and Security infrastructure in the datacenter (100 equipments replaced). The customer was LABANQUEPOSTALE. I led the overall project, taking under my responsibility the architecture definition, the contractual negotiation, the communication, and the team management. The main challenges were operational and planning constrains. I had to lead changes with more than 20 participants on the more sensible ones. I was managing a team of 4 FTE for the project.
  
  SKILLS AREA – SPECIALTIES
  Project management
  Security infrastructures (CISCO ASA, FORTINET solutions)
  Network infrastructures (CISCO NEXUS)
  Monitoring architectures (SPLUNK, NAGIOS,
  ITIL environnment
  
  ACITIVITIES
  Project road map definition (planning, workload, miles stones)
  Interface with business (migrations impact analysis, Move Into Production dates planification communication)
  Move Into Poduction preparation (CAB communication and participation)
  Migration scenarios definition, technical solutions (proposed by architects) validation
  Resources management (4 FTE)

• ALTRAN – Security architect for AIRBUS defense and Space
  2016 - 2017

  OBJECTIVES:
  With the role of security architect, I had In charge to support AIRBUS Defense and Space in the compliance with French security directive �” related to 𠇍iffusion restreintes” data processing.
  We had to analyze the requirements, make an image of the legacy and, based on EBIOS risk analysis, determine the parts of the information systems which have to be enhanced in order to reach the compliance.
  I took in charge the definition of security solutions from requirements analysis to Architecture description. I was the relay between project team, experts and the operational responsible.
  The main challenge of this mission was the environment of AIRBUS defense and space. They have strong confidentiality and industrial constrains due to the content of their business.
  
  SKILLS AREA – SPECIALTIES
  Administration bastion solution (Wallix)
  Network segmentation for industrial environments
  Authentication infrastructures (Kerberos, Microsoft Active Directory, NTLM V1 and V2) …)
  
  ACITIVITIES
  Business Requirements Dossier writing
  Architecture Dossier redaction
  Editors selection and coordination (wallix, Cyberark)
  Architecture scenarios identification and proposition (BESPOKE Vs COTS, budget, pros/cons …)
  Risk analysis support

• ALTRAN – Network and security architect for AIRBUS GROUP (CORP IT)
  2012 - 2016

  OBJECTIVES:
  As a network and security architect, I had to define and deliver solutions for AIRBUS (CORP IT team). I was a member of the architect core team. The main challenge was the international configuration of the project. I had in charge the lead of technical design from the requirements to the move into production. The perimeter was a wide network connecting 600 remote sites and based on 5 regional networks. We worked with high level experts helping us on all these subjects (CCIE architects).
  
  SKILLS AREA – SPECIALTIES
  MPLS WAN network (VRFs technologies, BGP, QOS)
  Network flows analysis based on netflow
  Security infrastructures (IPSEC solutions, Internet proxies, Firewalls, SYSLOG, PKI)
  
  ACITIVITIES
  Ensure technical coordination of WAN carriers (OBS, NTT, Telefonica)
  Workshops organization and participation (architecture committees follow-up)
  Architecture needs analysis, architecture documents delivery
  Architecture committees
  Sensible move into production organization and coordination (detailed action plan definition, impacts analysis, technical experts interface)

• Responsable d'exploitation Agricole

  2009 - 2011

  Reprise et Gestion de l'exploitation agricole familiale. Mise à jour de l'outil de production,
  conversion à l'Agriculture Biologique. Mise en places de partenariat, redéfinition des modes
  de vente.

• Chef de projets réseaux et sécurité

  - SOGETI pour AIRBUS
  2005 - 2009

  
  Lancement des appels d’offre, sélection et négociations contractuelles. Organisation des réunions, coordination, plannings, reporting, communications. Définition et validation de la solution technique. Application de la méthodologie projet GPP d𠆚irbus.
  
  Intervention en tant qu'architecte sur des projets à dimension internationale ( Chine,
  États-Unis, Espagne). Déplacements en France, Allemagne et Chine.
  Périmètre technique: Réseaux LAN/WAN, MAN Ethernet, Interconnexions LAN/WAN, Firewalls (), VRFs, authentification (RADIUS/LDAP), routage et switching Cisco, VPNs IPSEC, DMZ.

• Ingénieur d’études en sécurité informatique

  TRANSICIEL pour AIRBUS
  2001 - 2005

  Validation du niveau de sécurité de solutions informatiques, proposition technique de solutions sécurité. Gestion de projets sécurité à temps partiel.
  Périmètre technique: Firewalls, systèmes d𠆚uthentification (LDAP, RADIUS) et sécurité WEB (Siteminder), DMZ.

• Ingénieur d𠆞xploitation réseaux et sécurité –

  CR2A-DI pour AIRBUS
  1999 - 2001

  Administration et exploitation d’équipements réseauw et sécurité
  Périmètre technique: LAN, PPP, firewalls checkpoint, RADIUS Activcard/RSA, Solaris
  IPSEC.

• Network and security architect

  aujourd'hui

  Project manager
  
  SKILLS SUMMARY
  SKILL LEVEL
  Enterprise architecture and associated framework (TOGAF certified) Expert
  Project management Advanced
  Governance, risk management and compliance (GRC). Security standards and norms (ISO 2700X, EBIOS, SSP/PAS, DRP …) Intermediate
  Security architectures
  (Firewall, Bastions, IDS/IPS, IPSEC solutions, SIEM, Identity and Access Management) Expert
  Network architectures – LAN, WAN, Datacenter with associated protocols and tools (IP protocols, MPLS, BGP, QOS, fabric networks …), monitoring architectures. Expert
  DAST (Dynamic Application security Testing), Statis Application Testing (SAST), Pathc management Intermediate
  System infrastructures (LINUX, windows, private cloud solutions, backup and storage solutions) Intermediate
  Finance and cost evaluation Advanced
  
  *Different level of expertise: Novice, Beginner, Intermediate, Advanced, Expert