To support our business strategy and digital transformation, AXA is setting up a new information security practice to ensure a coordinated response to the increasing threat of cybersecurity, enabling consistent decision-making across the organization.
Our vision of information security is to protect our stakeholders by securing our information resources, managing our cyber risks and enabling effective and efficient business strategies that are fully sponsored by executives and supported by all AXA employees.
What you will do :
The main mission of the Password Security Management Engineer is to ensure accurate coverage of the various asset scans and keep up to date with the new scopes, participate in the development of the different scripts to have an automated processing chain (data formatting, update scans, collection of results, error analysis), have the ability to resolve incidents, perform data cross-analysis and debugging tasks.
Commit to ensuring continuous improvement with a critical spirit, guaranteeing the consistency of nomenclatures on the different scopes of activity, finally meet the auditors' requirements and their optimization.
Description Level Security Management :
Conduct password scanning related to various clients, environments, technologies, systems and appliances
Ensuring effective coordination with representatives of the different business units and technology specialists
Integrate and manage assets with Detack tool
Effectively communicate password robustness vulnerabilities and risks to asset owners and contribute to remediation efforts
Govern and enforce cybersecurity policies and vulnerability remediation deadlines
Update / Modify / Improve Scripts to cover all needs Critical Reporting Service :
Provide a monthly / Weekly analysis of common vulnerabilities and compliance issues
Produce a periodic dashboard demonstrating remediation progress and cases
Who you are :
Minimum Bac+5 in Networks and Security. Certification
An information Security Certification is highly desired (CCNA Security, NSE4, PCCSA, MCSA, CEHv9 / v10 or / and equivalent) Work Ethics
Due to the sensitive nature of the task, the role holder must have a demonstrated high level of work ethics, secrecy and discretion.
A background check will be performed. Overall work experience in the field :
Familiar with operating systems Unix, Linux, Windows and technologies AD, Oracle, SQL Server, AS400, PowerShell, Detack
Global technical vision of the main security tools / environments : PKI, SIEM, SOC, authentication, IPSEC, AD security, operating system security, Windows account security
Experience managing data security programs like Password Vaulting, Privileged Access Management (CyberArk), Data Loss Prevention
Knowledge of password hashing algorithms and methods used to crack passwords
Experience with Identity Management concepts and processes including authorization, authentication, segregation of duties
Knowledge of best practices around data security
Experience using an ITSM tool such as ServiceNow
Strong fundamentals in networking protocols and troubleshooting
At least 3 years’ experience in the cybersecurity industry
Proven ability to work independently with minimal supervision, must be a self-motivated self-starter that can initiate ideas and take ownership of work
Ability to learn new technologies quickly and with minimal guidance
Capable of following and composing process and procedure documentation, training users in complex topics, and interacting positively with upper management
Critical thinking skills and the ability to solve problems as they arise
PowerShell scripting skills
Familiar with tools such as John the Ripper, Hashcat, Detack
Fluent English. (very important)