Deputy Product Security | CRMUM07

• Position: Deputy Product Security
• Team: Mesh Unified Management (MUM)
• Type: Permanent Contract
• Location: Lyon
• Remote : Yes, up to 3 days per week

Deputy Product Security: Experience and Skills

️⭐ Who are we looking for?

Security is at the heart of Stormshield's practices, concerns, and processes in product development. To frame and take responsibility for good practices from the long-term strategic vision to operations, we need a cybersecurity expert imbued with good practices and able to communicate and structure these approaches within teams.

We are not looking for a specialist in a specific technology or cloud provider, but someone who is agnostic, able to quickly understand a new environment and carry convictions with the support of the Product Security Officer (PSO). You will need to have strong skills in SaaS-delivered products, with a transverse understanding from the lowest layers to the application layer and a DevSecOps approach. In-depth knowledge of networks would be a plus, as the stakes on this theme are very high. Your role is based on a PSO and a team responsible for conducting security audits and penetration tests, with whom you will work.

✏️ What are the missions of the Deputy Product Security?

• Ensure product compliance with security best practices, including those defined by ANSSI and the PSO;
• Conduct risk analyses on different systems;
• Define the Security Assurance Plan;
• Work on creating a PRA;
• Plan a resilience and security validation plan;
• Operationally reinforce the application of recommendations carried by the PSO;
• Detect, communicate, and analyze sensitive points of the product and its infrastructure and ensure their control;
• Carry the subject of security on a daily basis to the closest teams, as a reference on the subject;
• Participate in defining and improving security practices (Standards, Tools, etc.);
• Constitute, communicate, and deploy the product's security roadmap;
• Contribute to Stormshield's security community.

⚙️ What is the technological environment?

• Node.js/TypeScript on the backend, React on the frontend, all in Clean Architecture with a bit of GraphQL;
• Automated tests (Vitest, Cucumber, Gherkin), connected to XRay;
• CI/CD in DevOps mode: Kubernetes, Docker, GitLab CI. Monitoring with Prometheus and Grafana;
• Security strength: Keycloak, OpenFGA and cool tools to ensure;
• Agile/Scrum mode with Jira and Confluence.

🔗 What team for the Deputy Product Security?

You will be integrated into the MUM team, managed by Nina. This team consists of 25 people (Developers, Quality Engineers, DevOps, Tech Leaders, Scrum Masters, Product Owners), divided into three teams and organized into two-week sprints.

1. An initial exchange with William, our recruitment officer, to discuss who you are and your current career goals.
2. A phone interview with Nina, accompanied by François, Product Owner of the team. This is a first point to explain the team's functioning and the vision of the position in more detail.
3. A technical interview with Akli, PSO, Sébastien, head of the Security team and part of the references of your future team
4. A final meeting with Audrey to evaluate your skills and alignment with Stormshield's values and company culture.

As a human-centered company, we prioritize the integration of people with disabilities (RQTH).