Tech Lead Vulnerability Management

Travailler pour AXA, c’est faire partie d’une grande famille et aussi l’opportunité de rejoindre un des leaders de l’assurance et de la gestion d’actifs dans le monde.

Nous aidons nos 94 millions de clients à traverser les petites et grandes difficultés de la vie. Chaque jour, nous agissons ensemble pour inventer la meilleure manière de les protéger et voulons donner à chacun les moyens de vivre une vie meilleure.

Un challenge qui donne le sourire et envie de se lever le matin !

Chez AXA, nous sommes persuadés que pour bien prendre soin de nos clients, nous devons commencer par bien prendre soin de nos collaborateurs. C’est pour cette raison que nous menons une politique RH engagée qui favorise la diversité, qui préserve l’équilibre vie privée‑vie professionnelle et accélère le développement des compétences et des carrières.

With over 102 million customers in 56 countries, AXA’s strong global franchises and three lines of expertise – Property & Casualty, Life & Savings and Asset Management – provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders.

As an integral part of AXA Group Operations (AXA GO) we create innovative technology and data solutions to help AXA fulfil its ambition of being a customer‑focused, tech‑led company. AXA GO is a young and dynamic division launched in 2019 and comprises 8,000 employees across 17 countries all around the globe from Paris, France to Pune, India. We are the ones providing advice, steering technological choices and giving AXA access to innovations that will support its transformation into a customer‑centric tech‑led company. For this, we work in close partnership with all AXA entities.

Throughout AXA, the security community represents 1,000 security professionals, working daily to protect our employees, customers, operations and brand. Our operating model gathers the three security disciplines Information Security, Operational Resilience and Physical Security & Safety. Our security mission is to ensure that AXA is safe, secure and resilient.

• Develop and adapt product vision and roadmap in collaboration with the product manager and by discussing with customer / end‑users.
• Contribute to the product backlog delivery, such as new feature and improvement, its delivery and its quality.
• Manage and optimize on a day‑to‑day basis AXA global vulnerability management platform.
• Lead major product and platform evolutions to support Security Operation Center (SOC) and Vulnerability Operation Center (VOC).
• Lead “proof‑of‑concept” and represent AXA as a leading business partner with our third parties / vendor.
• Help evaluate business value and benefits of technical features.
• Determine whether a technical backlog item was satisfactorily delivered.
• Contribute to the day‑to‑day LOA (run) activities, leading by example.
• Ensure a high level of Quality‑of‑service (QoS) for AXA internal customers.
• Be a leader for the team and for AXA in term of expertise on the product technology and IS security process, aka Vulnerability management.
• Ensure transparency into the upcoming work of the team.
• Involve all relevant stakeholders (architecture, entities, security, data privacy etc.) to ensure technical feasibility.
• Coordinate internal resources and third parties / vendors for the flawless execution of projects.
• Raise alert and identify solution to ensure on time delivery.
• Evangelize within and outside AXA about the solutions you develop and market them accordingly.
• Regular reporting of progress, risks, and issues towards the product manager and other stakeholders.
• Participate to Product governance and meetup.

• Hands‑on experience with vulnerability management tools (e.g. Kenna, Tenable, Qualys, Vulcan, Hackuity etc.).
• Experience in implementing Hardening controls based on Security Industry Standards, such as CIS Benchmarks.
• Experience in Private and Public Cloud Security.
• Understanding of Workload Protection, including Servers, Workstation, Containers.
• Experience using an ITSM tool such as ServiceNow.
• Strong fundamentals in networking protocols and troubleshooting.
• Knowledge of hacking techniques, cyber threats and security trends.

Post‑graduate degree in IT or a closely‑related subject to IS Security.

A certification in relation with Vulnerability Management is highly desired.

ISC² CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional).

Overall work experience in the fields.

• Experience in Security > 3 years (required).
• Experience in Security product day‑to‑day management (required).

• Work on maturing vulnerability management & Compliance program services and processes.
• Develop and improve KPIs, metrics, and trend analysis for vulnerability management features.
• Take part of the implementation and operational best practices while taking ownership of tasks and / or project workstreams.
• PowerShell and Python scripting skills.
• Analytical thinking, time management and coordination skills.

Fluent in English is a necessity (including technical Information security English).