Cybersecurity Engineer

**OUR STORY**:
\uD83C\uDDEA\uD83C\uDDFA Join Scaleway and shape the sovereign cloud of tomorrow

Since 1999, we have been designing secure, sustainable infrastructures aimed at supporting the most ambitious companies.

Historically known for our dedicated servers (Dedibox), we made a strategic shift to cloud computing in 2015. Staying true to our principles of simplicity, flexibility, and technical excellence, we have become one of the leading players in Europe in the sector.

With the rise of artificial intelligence, we have strengthened our commitment, supported by the Iliad Group, which is investing €3 billion to develop a serious, sovereign AI alternative to American and Asian giants.

Every day, thanks to our rich catalog of products and services (bare metal, containerization, serverless, AI, etc.), Scaleway proudly serves 38,000 private and public sector clients, from Photoroom to Mistral AI, Golem AI, and ADEME.

\uD83D\uDCCD Our offices are located in **Paris, Lille, Toulouse, Bordeaux, Rouen, Rennes and Lyon.**

**WHY WE NEED YOU ?**

Our growth is driving us to strengthen our GRC department. This key role is essential in strengthening our cybersecurity posture by ensuring our practices align with the best standards, regulations, and technological developments.

**This role has three main focuses**:

- You will actively contribute to the implementation and maintenance of security controls driven by the security policies, standards, etc., defined by the rest of the GRC team, as well as the associated tooling.
- You will be the interface with business teams for integrating security into their projects and responding to various questions, including those from clients (security questionnaires).
- You will work closely with the Engineering team on Application Security and Secure SDLC topics, in collaboration with the SOC-CSIRT team.

**YOUR FUTURE TEAM**:
We work in a collaborative and international environment where the diversity of Scalers, combined with a spirit of sharing, helps bring new projects to life every day, advancing our ambitions together.

You will be part of a team of 4 people and you will report directly to the Head Of Cyber Governance Risk & Compliance.

**YOUR DAILY ROUTINE**:

- Implementation and Maintenance of Security Controls
- Set up and manage cybersecurity awareness programs (including phishing simulations), and develop training materials for all employees.
- Draft and maintain technical security documentation, provide technical support for compliance projects (ISO 27001, HDS, SecNumCloud), and assist with certification audits.
- Advise, support, and validate projects in terms of security (Security by Design), including risk identification, third-party security validation, and architecture validation.
- Maintain and enhance our Trust Center (online documentation platform) with certifications, audit reports, and other relevant information.
- Provide accurate and tailored information and participate in meetings with clients who have questions about our security and compliance posture.
- Define and implement the S-SDLC strategy, in collaboration with the CIO, Engineering, and SOC-CSIRT to ensure consistent integration of security into development processes.
- Identify key controls to be implemented (SAST, secret detection, etc.) and define an improvement plan.
- Define related processes, aligned with existing ones (CI/CD, vulnerability management, product release, etc.).
- Configure tools to address the above points (RIOT, Safebase, etc.).

**ABOUT YOU**:
**SOFTSKILLS**:

- Proven analytical and synthesis skills
- Rigor, organization, and attention to detail
- Excellent oral and written communication skills in both French and English
- Autonomy, proactiveness, and team spirit
- Ability to interact with various stakeholders (technical, business, executives, clients)

**HARDSKILLS**:

- 3 to 5 years minimum in cybersecurity, ideally in Security Engineering, Application Security and/or Audit roles.
- Understanding of IaaS, PaaS, and cloud environments
- Knowledge of integrating security into projects
- Knowledge in Application Security (OWASP Top 10) and associated controls (SAST, DAST, dependency checks, etc.)
- Familiarity with cybersecurity frameworks (ISO 2700x, NIST, CIS Controls)
- Understanding of certification requirements like HDS and SecNumCloud
- Familiarity with risk management methodologies (EBIOS RM)
- Understanding of key regulations (GDPR, NIS 2, LPM, etc.)

**WHAT YOU WILL FIND AT SCALEWAY ++++**

**Hybrid work**:We offer up to 3 days of remote work per week.

**Offices**:Our offices are spacious, dynamic workspaces with bold design, conveniently located near public transport. Most of our offices feature outdoor spaces (terraces) and bike parking facilities.

**Dining**: Our chef provides a healthy meal service at the headquarters, and breakfast is available across all our sites year-round. Scalers working from regional sites enjoy a Swile card for lunches.

**We