Application Security Engineer

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 155,000 people worldwide, including 4,000 in Marseilles where its head office is located.

ROLE

The Penetration Tester role will be in charge of delivering penetration to improve the software and infrastructure security of the CMA CGM Group.

Reporting to the Group Head of Application Security, this role will be a deep technical security expert, able to validate the proper security implementation of CMA CGM Group assets.

A proven experience in red team assessments and infrastructure penetration tests is required.

RESPONSIBILITIES

· Deliver all kind of applications penetration tests: Web applications, APIs, mobile Applications, thick client applications

· Deliver infrastructure penetration tests: Active Directory, Wi-Fi, networks, etc.

· Ability to identify full compromission path and kill-chain.

· Compromise modern infrastructures (containerized, microservices) and cloud platforms (AWS, GCP, Azure)

· Advanced knowledge of attack vectors and exploit techniques, including zero-day vulnerabilities

· Provide technical expertise and understanding to other services (ex. SOC, Forensic)

· Provide recommendations / mitigations to remediate or mitigate vulnerabilities

· Coordinate with various IT and business teams to prepare and organize penetration tests

QUALIFICATIONS & PROFILE

Education:

· Bachelor or Master degree in Computer Science, Information Technology or relevant degree

· OSCP, OSWE, OSCE or any other relevant certification

Knowledge & Experience:

· 8 years of experience in penetration testing

· Proven experience with infrastructure penetration tests and red team assessments

· Excellent knowledge of OWASP Top10, CWE…

· Excellent understanding of micro-services architectures & APIs

· Proven penetration tester experience

· Use of various tools such as Burp Suite, Zap, Kali distribution…

· Network skills (routing, encapsulation, VPN, firewalling, DNS…)

Other:

· The ability to interact with CMA CGM colleagues, build good relationships at all levels and across all business units and organisations, and the ability of influence stakeholders of all levels

· Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.

· Ability to work with others effectively, with 3rd parties, internal teams, and international business units, promoting knowledge sharing within and across teams

· Highly self-motivated and directed, with keen attention to detail

· Ability to properly manage time and priorities

· Rigor and quality

· Customer-oriented approach

· Fluent English mandatory, French optional

Please ensure you are familiar with the CMA CGM Corporate Internal Mobility guidelines