Security Technical Controls team manager

Your work environment

Within the Digital Technology department, the Security team is accountable for defining and implementing the Orange Business security strategies. One of mission of the security team is to bring forward a stronger security strategy across orange Business through regalian activities, transversal programmes and reinforced security processes.

The Global Security team animates and monitors Orange Business Security, relying on a community of actors in charge of the Security of their own entity or domain. The Global Security team defines the Orange Business sectorial security policies (global security management, physical security, security incidents, vulnerability, security audit management, Information Security Management System) in line with Orange Group security policies and manages the OBS Security Referential. It ensures that Orange Business entities implement the Orange or Orange Business sectorial policies, defining their own entity policies on these bases if necessary, and organizes controls via audits or pentests.

Your mission

As Manager of the security technical controls team, you manage a team in charge of performing global technical security assessments of ITN environments, mainly using tools that are provided by the Orange group or Orange Cyberdefense. You propose and design some controls, and have them run by the team. In addition, your team can perform different types of audits depending on the target (penetration tests, code audit, configuration review, etc.). Once vulnerabilities have been identified, you propose remediation actions with the responsible entities and ensure proper follow-up.

Your activities and tasks

§  Security alerts and Vulnerability Management

o    Watch for Critical vulnerability alerts coming from Orange CERT and communicate to all necessary security actors of Orange Business. Follow-up with all entities with the assessment and impacted perimeters. Consolidate assessment reports from all business units and communicate with Orange CERT.

o    Assess new vulnerabilities and work with security actors to determine impact within Orange Business.

o    Process all security alerts received from Orange CERT, Orange Group (DSEC) and provide feedback in timely manner. Perform the necessary initial investigation and ensure that security flaw is addressed by the responsible entity.

o    Produce dashboards on how vulnerabilities are managed within Orange Business and the associated compliance levels with security policies.

o    Responsible for ensuring a consistent global vulnerability management process across Orange Business.

§  Cybersecurity rating

o    Ensure a consistent inventory of Public IP addresses and asset inventory across Orange Business with the support of security actors across Orange Business.

o    Working with Cybersecurity rating companies (Bitsight) and DSEC to improve security score of Orange Business.

o    Work with all the impacted entities and ensure identified vulnerabilities are remediated in a timely manner.

o    Produce dashboards and demonstrate progress and address false positives.

o    Ensure internal cybersecurity ratings tools (DSEC tool) is corrected used to scan all Orange managed assets.

§  Audit and Control

o    Use available vulnerability scanning tools to determine if OBS assets are vulnerable.

o    Write reports incorporating an analysis of the vulnerabilities encountered and an identification of the causes and highlight and evaluate the security risks and impacts for the business Unit.

o    Develop and put in place scripts are facilitate vulnerability scanning and audits.

o    Perform or manage the implementation of continuous and automated vulnerability scans and technical controls.

o    Perform a review of the source code of the components of the environment (code audit) using CI/CD chain with the support of CIO department within CTIO.

o    Accountable for ensuring that Orange Business assets exposed over the internet are scanned at the frequency level as defined by the security policies and vulnerabilities found are remediated.

o    Collaborate with ITN teams to implement technical recommendations.

o    Ensure that security controls are properly implemented on critical infrastructures such as Active Directories (AD). Ensure that AD is scanned, and vulnerabilities are remediated, security monitoring systems are well implemented).

o    Ensure penetrations testing are performed on key assets and infrastructures and keep a consolidated report that can be used to communicate externally.

Technical monitoring and design of audit tools:

- Ensure a permanent watch on attack scenarios, new threats and associated vulnerabilities

- Develop tools used for audits

- Identifying new ways to detect faults that may affect a system

§  Team management

·         Measure the maturity and performance of the team in Mauritius and put actions plans in place to improve efficiency and productivity. Find adequate training to improve increase competency level of the team.

·         Ensure activities are evenly distributed across the team and monitor their progress.

·         Set objectives with team members and performance reviews.

·         Ensure team remains motivated and productive.

·         Acts as a facilitator and ensure all people related matters and addressed.