Cybersecurity Team Lead - F/M
Overview
Job Description: SE DEVS Platform Operations – Cybersecurity Team Lead – SecOps Context The “DEVS” division of SE creates new business and technology capabilities for the group to develop Internet of Things enabled offers and grow Digital Services, to support our customers in their efficiency and sustainability challenges. Inside this organization, the OPS team is managing the deployment, the monitoring and the security of Preview and Production environments of ETP (Ecostruxure Technology Platform), the IoT platform of Schneider Electric fully based on the Azure could. The Ops team is organized with 4 domains: Devops, Techops, Secops, Finops. The team operates as an agile organization, focused on efficiency, collaboration and innovation. All services, offers, technological platforms, are hosted and operated in public cloud environments (Azure), and make an extensive use not only of IaaS services but also of PaaS/SaaS services.
Responsibilities
- Lead the Cyber Security function with the help of a team and of resources on the side of Managed Service Providers.
- Ensure that all work across various disciplines in IT are assessed in terms of vulnerabilities and exposure to internal or external attack.
- Vet any new project work intending on being released to production in terms of security.
- Safeguards information system assets on the public Cloud by identifying and solving potential and actual security problems by continuously monitoring for security-relevant events and configuration changes that negatively affect security posture.
- Protect system by defining access privileges, control structures, and resources based on Best Practices & recommendations of our Public Cloud Service Providers.
- Recognize problems by identifying anomalies, reporting violations.
- Assist in maturing the current cyber environment through implementation of security improvements.
- Determine security violations and inefficiencies by conducting periodic audits.
- Keep users informed by preparing reports and communicating system status.
- Maintain quality service by following organization standards.
- Maintain technical knowledge by attending educational workshops and reviewing publications.
- Ensure that we fulfill the Crown Jewel requirements of compliance.
- Deliver or support projects.
- Provide guidance and expertise to the DevSecOps team in its day‑to‑day work.
- Participate in a DevSecOps framework with cybersec architects, IS officers and development teams of the IoT offers/platforms/services.
- Get the DevSecOps team processes and policies aligned with the SE end‑to‑end cybersec strategy.
- Participate in the Incident Response process and SOC/SIEM services.
- Assess various operational changes and engineering design changes to determine the impact on the security posture of the solution.
Qualifications
- Excellent communicator who can earn stakeholders’ trust and discuss with a wide range of different profiles/cultures/management levels.
- Team player able to find its place in our DevSecOps community and lead by influence.
- Tech‑savvy Information Security professional able to think beyond classic IaaS‑based security paradigms.
- Autonomous and proactive Information Security professional who can propose and implement solutions in an agile and fast‑moving IoT environment.
- Fluent English speaker able to perform all tasks in this language (DevSecOps team located in Grenoble, France; Boston, US; Bangalore, India).
- To perform the tasks associated to this job, you will also have to demonstrate skills and track record with:
- Risk management
- Security operations management
- Azure security services and operations
- Security architecture
- Auditing, security architecture, risk analysis
- Cybersecurity
- Familiarity with IoT and Cloud PaaS/IaaS environments (Microsoft Azure mandatory, AWS nice‑to‑have), or ability to acquire this familiarity in a challenging timeline.
- Experience in a small/medium organization delivering services inside a large ecosystem is a good asset.
- Certifications such as CISSP, ISO27k or ethical hacking are a plus but not a requirement.