Role Description Le poste contribue à la maîtrise de la fonction de sécurité de défense ainsi que des SI. Dans le domaine de la Sécurité de Défense, DGA TT est un site à forte sensibilité. Ses activités le font participer à de nombreux programmes d'armement et programmes d'études amont classifiés. De plus, ses moyens exceptionnels (polygone d'essai en particulier) le rendent sensible à toute menace. Le poste est habilité à maîtriser toutes les questions relatives à la protection du secret. Le poste se caractérise par un environnement très complexe. La réglementation en terme de sécurité de défense et des systèmes d'information est vaste et complexe. La complexité de la protection du site et de ses SI est considérable. La réglementation fournit un cadre de réponse, mais pas les solutions. La problématique du poste est de contribuer à la juste appréciation des multiples situations qui se présentent afin d'étudier puis proposer des solutions à l'OS. Qualifications - Poste ouvert au 41.39-2 - Expérience en sécurité de défense - Une formation supplémentaire en sécurité de défense sera proposée en complément. Requirements - Documents à transmettre: CV et lettre de motivation obligatoires. Company Description - Personnes à contacter: - dga-cppsud.mobilite.fct@intradef.gouv.fr - jean-guy.chervais@intradef.gouv.fr

• Act as the primary advisor for IAM security • Lead access governance initiatives with Okta Identity Governance (OIG) • Drive the evolution of a Zero Trust security model • Define and maintain security baseline for Okta • Identify security risks within IAM ecosystem • Review integration security requirements for applications • Serve as the IAM subject matter expert during security incidents

Role Description This is the first dedicated Application Security role at Lucidya, making it a high-impact and foundational position. You will play a critical role in shaping Lucidya’s application security strategy, working closely with engineering teams to identify risks, close security gaps, and ensure our applications are secure by design. You’ll operate at the intersection of security engineering, software development, and cloud infrastructure, thinking like an attacker while enabling developers to build secure, scalable systems. What You’ll Be Doing Core Responsibilities - Develop and implement automated security testing and vulnerability detection workflows integrated into the Software Development Lifecycle (SDLC). - Conduct security reviews of web applications, mobile applications, APIs, and cloud environments (public and private). - Perform penetration testing on web, mobile, API, and desktop applications, as well as supporting infrastructure. - Evaluate application defenses, identify architectural and design-level security gaps, and recommend mitigation strategies. - Think like an attacker to proactively identify vulnerabilities and complex security risks before they reach production. - Collaborate closely with engineering teams to support secure coding practices and security-aware development. - Conduct code reviews with a security focus, especially for critical services and deployments. - Research emerging threats and contribute to the development or adoption of new security tools and techniques. Day-to-Day Responsibilities - Review application code and architecture from a security perspective. - Support and guide teams on secure development lifecycle (SDLC) practices. - Work closely with developers during feature development and releases to ensure security controls are in place. - Participate in threat modeling, vulnerability triage, and remediation tracking. - Contribute to defining and evolving Lucidya’s application security strategy. Success Metrics - Measurable reduction in application vulnerabilities, including findings from external security assessments. - Clean and secure application releases with minimal critical or high-risk findings. - Successful integration of security practices across SDLC pipelines. - Improved security posture and readiness as validated by internal and external reviews. First 90 Days - Gain a deep understanding of Lucidya’s system architecture, codebase, and security landscape. - Identify key security gaps and prioritize remediation plans. - Begin embedding security workflows into CI/CD and development processes. - Establish trust and working relationships with engineering teams. Qualifications - 2-4 years of experience in application security, security engineering, or a related role. - Background as a software engineer transitioning into security is highly valued. - Hands-on experience securing applications built with Ruby on Rails and React. - Experience performing penetration testing on modern web applications and APIs. Requirements - Strong understanding of the Secure Development Life Cycle (SDLC). - Hands-on penetration testing experience (web, mobile, APIs). - Cloud security experience with AWS and/or GCP. - Ability to assess application architecture and identify design-level risks. Certifications (Preferred / Non-Negotiable) - CISM - OSCP - SANS GIAC Soft Skills - Strong communication skills and ability to work cross-functionally. - Comfortable engaging with developers, engineers, and stakeholders. - Proactive, ownership-driven mindset in a fast-growing environment. Nice-to-Have - Experience working in SaaS or AI-driven products. - Exposure to building security functions from scratch. - Prior experience with security tooling development or automation. Hiring Process - Screening Interview – Esraa Adel, Talent Acquisition Partner - First Technical Interview – Mostafa Asaad, Technology Manager - Technical Task - Second Interview

• Monitor security dashboards (SIEM, EDR), perform initial triage and investigation of security alerts, and assist with managing endpoint protection systems. • Assist in scheduling and executing internal vulnerability scans; track and report on remediation efforts for identified security gaps. • Support the collection of evidence for regulatory audits (e.g., system logs, access reports) and assist in drafting and updating IT security policies and procedures. • Help conduct user awareness training programs, including phishing simulations and security best practices education for the entire organization.