Product Cybersecurity Specialist

The EcoAct Consulting division, part of Schneider Electric's Sustainability Business unit, provides climate consulting and project development services to help companies implement Net-Zero strategies and achieve carbon neutrality. We aim to lead with sustainable solutions that create real value for both the climate and our clients. As a Gold Partner of CDP, a founding member of ICROA, and a strategic partner for the Gold Standard for Global Goals, we are committed to environmental challenges. Our diverse team shares a passion for sustainability and works collaboratively to develop impactful solutions.

Join EcoAct's Climate Data Analytics (CDA) team to help scale our impact on climate change by developing digital products and data analytics that support low-carbon, climate risk-oriented, nature-based, and transformative strategies. Our scope includes climate risk assessment, carbon footprinting, reduction strategies, biodiversity, and more, designing innovative methodologies to meet client needs.

• Assist in all phases of the Software Development Lifecycle, ensuring compliance with the Secured Development Lifecycle process.
• Synchronize processes with IEC 62443-4-1 and ISASecure SDLA standards for SDL.
• Enhance rigor and consistency in security practices across products.
• Support End-to-End (E2E) initiatives across all software and system development lifecycles.
• Contribute to specifications of digital products with a focus on cybersecurity and data security.
• Promote best coding practices and process QA reports.
• Develop Threat Models and Architecture/Design Documentation.
• Create Static Code Analysis standards and reports.
• Implement Unit Tests for secure implementation (input validation, error handling).
• Ensure traceability between security requirements and test reports.
• Review vulnerability test reports and ensure non-regression.

Must have:

• At least 4 years' experience as a security analyst in product development or infrastructure security teams.
• Experience with DevOps culture and CI/CD pipelines (e.g., Git CI).
• Knowledge of cloud infrastructure (Microsoft Azure) and databases (SQL, NoSQL).
• Understanding of OWASP standards (ASVS, TOP 10) for secure coding.
• Hands-on experience with SAST tools (Coverity, Fortify, SonarQube) and SCA tools (Blackduck, Veracode).
• Fluent in French and English.

Nice to have:

• Master's in Cybersecurity.
• Knowledge of IEC 62443-4-1 and ISASecure SDLA standards.
• Experience with Python frameworks (e.g., Flask, FastAPI).
• Interest in environmental issues.
• Certifications like CISSP, CISM, CEH, Security+.
• Fluency in additional languages (Spanish, German, Italian).

At Schneider Electric, our values—Inclusion, Mastery, Purpose, Action, Curiosity, Teamwork—guide us. We are committed to diversity and inclusion, providing equitable opportunities and fostering a respectful, safe environment. Our Trust Charter reflects our dedication to ethics, safety, sustainability, and cybersecurity.

Join us to make an impact and contribute to a more resilient, efficient, and sustainable world. Apply today to become an IMPACT Maker with Schneider Electric.