Cyber Security Consultant - Public Cloud OSM

· Validate the security exceptions and access requests raised by the cloud and Devops teams for the applications/infrastructure hosted on the cloud within the scope.
· Review, escalate and track the status of the critical security advisories and bulletins shared by the CSP impacting the native services consumed by SOCGEN on the cloud.
· Work with vulnerability management SOC and security delivery teams in enhancing the applications/infrastructure coverage, hosted on the cloud for the detection and response.
· Participate in the regular governance calls with cloud teams and CSP to enhance or improve the security posture on the cloud within the scope.
· Support the risk assessments and security evaluations of the applications/infrastructure hosted/provisioned on the cloud in line with the SG’s framework/standards/guidelines.
· Review and follow-up on escalated cloud native services non-compliance alerts remediation status within the scope using the CNAPP with the cloud teams on the cloud.
· Update and maintain process documentation, and security reporting dashboards (KPIs, KRAs) for the services on the cloud.
· Contribute to security audits support with artifacts (internal audit / regulators) within its scope of the applications/infrastructure hosted on the cloud.
· Review and follow-up on the recommendation to address the gap findings based on the security assessments and audit reports available from CSPs within the scope on the cloud.
· Maintain, update, and regularly review the major incident response plan with the CSPs and internal stakeholders.
· Participate in the cyber tabletop exercise to identify the gaps and recommendations to follow-up with cloud teams in closure there by enhancing detection and response capabilities of the application/infrastructure on the cloud.
· Conduct periodic conditional access review ensuring the least privilege access is maintained through identify lifecycle management.

a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; }

Responsibilities

• Validate security exceptions and access requests raised by Cloud and DevOps teams for applications and infrastructure hosted on the cloud within the defined scope.
• Review, escalate, and track the status of critical security advisories and bulletins issued by Cloud Service Providers (CSPs) that impact native cloud services consumed by the organization.
• Collaborate with Vulnerability Management, SOC, and Security Delivery teams to enhance detection and response coverage for cloud-hosted applications and infrastructure.
• Participate in regular governance meetings with cloud teams and CSPs to improve the security posture of cloud services in scope.
• Support risk assessments and security evaluations of cloud-hosted or provisioned applications and infrastructure, ensuring alignment with corporate security frameworks, standards, and guidelines.
• Review and follow up on remediation of non-compliance alerts for cloud-native services using CNAPP tools in collaboration with cloud teams.
• Maintain and update process documentation and security reporting dashboards, including KPIs and KRAs for cloud security services.
• Contribute to internal and external audit activities by providing required artifacts related to cloud-hosted applications and infrastructure.
• Track and follow up on CSP-provided security assessment findings and audit recommendations to ensure timely remediation.
• Maintain, update, and periodically review cloud major incident response plans with CSPs and internal stakeholders.
• Participate in cyber tabletop exercises and follow up on recommendations to enhance detection and incident response capabilities for cloud applications and infrastructure.
• Conduct periodic conditional access reviews to ensure least-privilege access is maintained through effective identity lifecycle management.

• 10+ years of experience in Cloud Security, Threat Modeling, Cloud Risk Assessments, Vulnerability Management, AWS, Azure, SOC, or related fields.
• 5+ years of hands-on experience in public cloud security operations in Microsoft Azure or AWS.
• Strong understanding of cloud-native security services across Azure or AWS.
• Good understanding of infrastructure and application security architecture, compliance frameworks, and risk management principles.
• Excellent analytical, problem‑solving, communication, and stakeholder‑engagement skills.
• Solid knowledge of cloud security frameworks, tools, and technologies—such as CIS, OWASP, CNAPP, SOC, DevSecOps, DAST/SAST, NIST, CCM.

• Required / Strongly Recommended:
  • SC-900
  • AZ-500
  • AWS Security Specialty
  • CEH
• Optional / Good to Have:
  • SC-300
  • CCSK
  • CCSP

“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating? 
You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.