SERMA SAFETY & SECURITY

6 Jobs

199 Employees

About the Company

SERMA Safety & Security is your single point of contact for the security and dependability of your products and systems.

Because Cybersecurity and Dependability are intricately linked, and the Security of connected objects has to be managed at system level, SERMA Safety & Security has developed a one-stop comprehensive offer incorporating Expertise, Evaluation,Consultancy and Training , covering hardware, software and information systems.

Created in 2015, SERMA Safety & Security, known as S3, is renowned for its expertise in the field of safety and security - the result of over 20 years' experience:

> The security lab, created in 1998 , which carries out several hundred security evaluations each year in France and abroad (ranging from electronic chips to the full electronic system)
> A specialised business line devoted to Consultancy, Training and Expertise, carried over from Surlog and OPALE Security, two firms that have since been integrated into the company

The company provides support to every sector and application cases for which data confidentiality, assets protection, service security, service availability & integrity, operations safety, etc. are of prime importance. Typical applications as embedded and connected systems, product and industrial security, internet of things, information systems are the kind of subjects that SERMA experts are accustomed to manage.

SERMA's offer is organized with the following activities:

> Security formal evaluation, provided by a security laboratory licensed by the French ANSSI security agency
> Security expertize and consulting
> Safety expertize and consulting

WE ARE HIRING !
Do you want to find out more about our business lines? Our projects? The benefits of being part of SERMA?
Get in touch with our employees on LinkedIn or contact us!

Listed Jobs

Company Name: SERMA SAFETY & SECURITY
Job Title: Stage Développeur/Ingénieur Cyber embarquée H/F - (KSC/IEC/122025)
Job Description: **Job Title**: Embedded Cybersecurity Developer Internship **Role Summary**: Join a research‑and‑development team to design, develop, and validate exploitation techniques for hardware and radio‑frequency vulnerabilities using the next‑generation HARDSPLOIT tool. Work on embedded Linux and bare‑metal RISC‑V FPGA platforms targeting communication protocols such as UART, I²C, and CAN. **Expectations**: - Complete a 6‑month internship starting April 2026, fully dedicated to tool development and testing. - Collaborate closely with software and hardware engineers to advance penetration‑testing capabilities. **Key Responsibilities**: - Study the architecture and capabilities of HARDSPLOIT NG. - Develop new attack modules that exploit UART, I²C, CAN, and other GPIO‑connected protocols. - Port existing attack code to the HARDSPLOIT NG platform. - Design hands‑on exercises, lab scenarios, and demonstration demos for training purposes. - Test and validate attacks on provided training hardware boards. **Required Skills**: - Proficient in Python programming. - Experience designing, implementing, and testing exploitation code. - Strong understanding of wired communication protocols (UART, SPI, I²C, CAN). - Basic knowledge of hardware security concepts and hardware penetration testing. - Team‑player mindset with excellent collaboration abilities. **Required Education & Certifications**: - Bachelor’s or Master’s degree (Bac+5) in Embedded Systems, Cybersecurity, Electrical Engineering, or related fields. - No specific certifications required, but familiarity with security standards (e.g., ISO/IEC 27001) is a plus.

Company Name: SERMA SAFETY & SECURITY
Job Title: Coordinateur résilience et sécurité du SI H/F - (KSC/PSC/012026)
Job Description: **Job Title** SI Resilience and Security Coordinator (H/F) – (KSC/PSC/012026) **Role Summary** Coordinate and execute resilience and continuity plans for information systems, ensuring compliance with regulatory requirements in a banking environment. Lead preparedness exercises, maintain operational readiness, and support crisis management for physical or logical disruptions. **Expectations** - Deliver end‑to‑end coordination of resilience exercises and post‑exercise actions. - Maintain continuous operational condition of the SI resilience program. - Collaborate with production teams, stakeholders, and internal communications to drive improvements. - Provide expertise in risk analysis, impact assessment, and continuity planning within the financial sector. **Key Responsibilities** 1. **Exercise Preparation & Coordination** - Validate technical roadmaps for resilience exercises. - Define eligible scope based on known constraints. - Create macro‑planning and restoration plans. - Mobilize and coordinate production participants during weekend drills. - Draft and present technical post‑exercise reports. 2. **Operational Readiness of SI Resilience (PSI)** - Track post‑exercise action plans and report progress. - Continuously improve procedures and documentation in collaboration with production teams. - Lead production stakeholders and serve as internal communication bridge for enhancement requests. - Capture lessons learned to increase real‑event response capability. 3. **Crisis Management Support** - Assist in managing incidents that trigger a global PSI response (physical or logical unavailability). - Contribute to incident containment, recovery, and post‑mortem activities. **Required Skills** - Planning and execution of Business Continuity (BC) / Disaster Recovery (DR) (PCA/PRA). - Risk analysis and impact assessment (EBIOS, MEHARI, BIA). - Stakeholder coordination and training. - Strong written and verbal communication. - Analytical mindset, rigor, and autonomy. - Ability to thrive in fast‑paced, demanding environments. **Required Education & Certifications** - Master’s degree or engineering school diploma (Bac+5) in Cybersecurity, Information Security, or related field. - Equivalent professional experience (2‑5 years) in cybersecurity, preferably within banking or finance. - Relevant certifications (e.g., CISSP, CISA, ISO 27001 Lead Implementer, ITIL, or equivalent) are advantageous.

Company Name: SERMA SAFETY & SECURITY
Job Title: Ingénieur sécurité applicative - Paris (H/F) - (KSC/PSC/012026)
Job Description: Application Security Engineer **Role Summary**: Apply technical security expertise to integrate and audit application security solutions (SAST/SCA/DAST/IAST tools) for enterprise clients in banking, with a focus on vulnerability management, audit documentation, and automation. **Expectations**: Junior-to-mid-career professional with 3-5 years in application security, strong technical communication, and hands-on experience in DevSecOps practices. **Key Responsibilities**: - Execute and document semi-automated and manual application security audits. - Train developers/DevOps teams on security tools and best practices. - Triage security vulnerabilities, recommend remediation strategies, and track progress. - Collaborate with providers and internal teams on penetration testing. - Develop automation scripts (Python/Shell/PowerShell) for security workflows and access management. **Required Skills**: - Expertise in Checkmarx (SAST), Qualys WAS (DAST), Contrast Assess (IAST), and SCA tools. - Proficient in Java, .NET, Python, and CI/CD pipelines (GitLab, Jenkins, Azure DevOps). - Deep knowledge of OWASP Top 10, CWE, CVSS, and remediation methodologies. - Ability to create clear audit reports, remediation plans, and security documentation. - Scripting automation for security tasks. **Required Education & Certifications**: - Minimum of a 5-year bachelor’s degree (Engineering) or Master’s in Cybersecurity/Computer Science. - 3-5 years in application security roles, auditing, or DevSecOps environments.

Company Name: SERMA SAFETY & SECURITY
Job Title: Analyste SOC N2 (Splunk/The Hive) H/F - (KSC/PSC/012026)
Job Description: Job title: SOC N2 Analyst (Splunk/The Hive) Role Summary: Provide second‑line security operations support by detecting, qualifying, and analyzing security incidents across infrastructure, applications, and business systems. Manage vulnerability handling, incident response planning, remediation tracking, and develop detection scenarios with Splunk and The Hive. Expectations: - Operate as part of a SOC team in a banking client environment. - Communicate findings clearly and synthesize technical details for stakeholders. - Work autonomously with rigorous attention to detail. Key Responsibilities: - Detect, qualify, and investigate security incidents using Splunk and The Hive. - Handle vulnerability lifecycle: acceptance, qualification, and monitoring. - Lead incident response plans and coordinate remediation activities. - Design and implement detection scenarios and alert processing workflows. - Maintain documentation and reporting for incident trends and remediation status. Required Skills: - Proficient with Splunk (search, dashboards, alerting). - Proficient with The Hive (case management, playbooks). - Strong analytical and problem‑solving abilities. - Excellent communication and presentation skills. - Ability to work independently and manage multiple tasks. Required Education & Certifications: - Bachelor’s or Master’s degree (Bac+5) in Computer Science or related field. - Minimum 2 years of experience in cybersecurity; SOC operational experience preferred. - Relevant cybersecurity certifications (e.g., CompTIA Security+, CEH, CISSP) are advantageous.

View 6 more jobs at SERMA SAFETY & SECURITY