Axa Group Operations defines and leads the technology strategy of the Group so that the AXA IT platform enables innovation & growth while ensuring the quality of service, aligned to business-driven priorities
Teams work together to enable the move from ‘traditional insurer to ‘technology led company’, by :
Providing streamlined, efficient & innovative IT services and products
Ensuring a consistent customer experience with harmonized processes and a dedicated customer facing
Being a catalyst of Cloud adoption and industrialization of operations, while optimizing cost
Managing the AXA IT Platform, including the implementation of the IT strategy and the definition of the business & application architecture
Protecting AXA Services employees, assets and data and ensuring security is an integral part of the IT culture and processes
Driving the IT governance & the execution of the AXA global IT strategy
Under Axa Group Operations, the Cyber Defense department provides the entities and markets with first line of defense services (field operations including Information Security Operations (ISOPs) and Security Operations Centre to protect, detect and react to Cyber threats.
The main mission of the Password Security Management Engineer is to ensure accurate coverage of the various asset scans and keep up to date with the new scopes, participate in the development of the different scripts to have an automated processing chain (data formatting, update scans, collection of results, error analysis), have the ability to resolve incidents, perform data cross-analysis and debugging tasks.
Commit to ensuring continuous improvement with a critical spirit, guaranteeing the consistency of nomenclatures on the different scopes of activity, finally meet the auditors' requirements and their optimization.
• Conduct password scanning related to various clients, environments, technologies, systems and appliances
• Ensuring effective coordination with representatives of the different business units and technology specialists
• Integrate and manage assets with Detack tool
• Effectively communicate password robustness vulnerabilities and risks to asset owners and contribute to remediation efforts
• Govern and enforce cybersecurity policies and vulnerability remediation deadlines
Update/Modify/Improve Scripts to cover all needs
· Provide a monthly/Weekly analysis of common vulnerabilities and compliance issues
Produce a periodic dashboard demonstrating remediation progress and cases’ status
Minimum Bac + 5 in Networks and Security.
• An information Security Certification is highly desired (CCNA Security, NSE4, PCCSA, MCSA, CEHv9/v10…or/and equivalent)
• Due to the sensitive nature of the task, the role holder must have a demonstrated high level of work ethics, secrecy and discretion. A background check will be performed.
Overall work experience in the field:
· Familiar with operating systems “Unix, Linux, Windows” and technologies “AD, Oracle, SQL Server, AS400, PowerShell, Detack”
· Global technical vision of the main security tools / environments: PKI, SIEM, SOC, authentication, IPSEC, AD security, operating system security, Windows account security
· Experience managing data security programs like Password Vaulting, Privileged Access Management (CyberArk), Data Loss Prevention
· Knowledge of password hashing algorithms and methods used to crack passwords
· Experience with Identity Management concepts and processes including authorization, authentication, segregation of duties
· Knowledge of best practices around data security
· Experience using an ITSM tool such as ServiceNow
· Strong fundamentals in networking protocols and troubleshooting
· At least 3 years’ experience in the cybersecurity industry
SKILLS & ABILITIES
· Proven ability to work independently with minimal supervision, must be a self-motivated self-starter that can initiate ideas and take ownership of work
· Ability to learn new technologies quickly and with minimal guidance
· Capable of following and composing process and procedure documentation, training users in complex topics, and interacting positively with upper management
· Critical thinking skills and the ability to solve problems as they arise
· PowerShell scripting skills
· Familiar with tools such as John the Ripper, Hashcat, Detack
· Fluent English. (very important).