The post in a nutshell:
The technical security auditor carries out technical assessments of the security of IT environments. It identifies vulnerabilities and proposes remedial actions. He can carry out different types of audits depending on his scope of activity (intrusion tests, code audit, configuration review, etc.).
Equivalent title: Technical expert in security audit, IT auditor, expert in intrusion tests
Carrying out audits:
- Adopt a global vision of the information system to be audited
- Define audit plans within the organization’s IS
- Perform and document security audits on different IT environments, ensuring compliance with the regulatory framework governing these practices
- Collect the configuration elements of the equipment to be audited and carry out a review of the configurations (configuration audits)
- Collect the architectural elements of the systems to be audited and carry out an architecture review (architecture audit)
- Define attack scenarios and carry out attacks on the target environment (intrusion tests)
Carry out or manage the implementation of vulnerability scans and technical controls, continuously and in an automated manner:
- Conduct team interviews to assess the impacts for the organization of the detected vulnerabilities
- Write reports including an analysis of the vulnerabilities encountered and an identification of the causes; highlight and assess security risks and business impacts
- Define recommendations to address risks arising from discovered vulnerabilities
- Collaborate with IT teams to implement technical recommendations
- Produce security and compliance level dashboards
- Ensure a permanent watch vis-à-vis attack scenarios, new threats and associated vulnerabilities and vis-à-vis the development of new test contexts
Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.
- Operating system security
- Network security and protocols
- Knowledge of application layers
- Knowledge of governance, norms and standards: mastery of audit methodologies Penetration testing: mastery of security technical audit techniques
- Cyberdefense: knowledge of attack and intrusion techniques
- Cyberdefense: knowledge of environment vulnerabilities
- Knowledge of systems reverse engineering
- Scripting Legal knowledge of IT law related to IS security and data protection
- Technology watch in cybersecurity and study of trends
- Ability to summarize and popularize for non-technical audiences
- Drafting of reports adapted to different levels of interlocutors
- Ethical sense
- Ability to work in a team
Description of the profession in the ANSSI directory
The technical security auditor may be called upon to carry out red team type audits which aim to simulate full-scale attacks in order to test the organisation's defences. He may also be required to carry out audits in a purple team approach in order to train the cybersecurity incident detection teams.
How to access into the job?
Education: Bac +3 to Bac +5 including specialization in cybersecurity Type of certification: PASSI (Information Systems Security Audit Service Provider)
The perfect program for technical expert professions in cybersecurity. Select your specialisation (IT - IT or Industrial - OT) and off you go! Gateways exist for those who already validated training courses connected to the cyber field, such as IT or wrongly considered as being "remote" from the cyber field - law degree, business administration…
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.