Product Security (SDL) Analyst M/F

In a collaborative working environment, you'll want to join a motivated, dynamic, and forward-looking team, and share your expertise to help develop the company and its subsidiaries.

Join the EcoAct's Climate Data Analytics (CDA) team and help us scaling our impact on climate change by developing digital products and data analytics that support our clients in definig low-carbon, climate risks oriented, nature based and transformation strategies.

Our mission is to globally contribute to the Net Zero transformation by delivering impactful and innovative solutions.

Our scope of activity concerns all climate-related services that companies and territories need to successfully change (climate risk assessment, carbon footprint, reduction strategy, biodiversity, etc.)

CDA's role is to design innovative methodologies and solutions to answer to clients' needs related to climate change.

KEY RESPONSABILITIES:

Involved in all phases of the Software Development Lifecycle, you will be in charge of assisting products developments to ensure compliance with Secured Development Lifecycle process.

• Synchronize our process to the IEC 62443-4-1 and ISASecure SDLA standards for SDL. These standards are internationally certified.
• Increase rigor and consistency. We need a common approach to building security into our products for all of Schneider Electric.
• Your role will be to support the End-to-End (E2E) initiative across all software and system development lifecycles.
• Contribute to the specifications of EcoAct's bespoke digital products with the cyber and data security prism.
• Promote and ensure best code practices.
• Process QA Reports.
• Threat Model and Architecture/Design Documentation.
• Ensure Code Reviews.
• Produce Static Code Analysis coding standards and report.
• Realize Unit Tests to check secure implementation (input validation, error handling...).
• Ensure Traceability between Security Requirements and Test Report.
• Provide Defect dashboard.
• Review Test Reports for Vulnerability testing, Ensure Non-Regression.

PREFERRED EXPERIENCE:

Must have:

• 2 years' experience as a security analyst working within Product Development/Infrastructure security teams.
• DevOps culture, experience working in CI/CD (Git CI, etc.)
• Experience in cloud infra (Microsoft Azure) and databases (SQL, NoSQL).
• Good Understanding of OWASP standards (ASVS, TOP 10) for secure coding practices.
• Hands-on experience using and working knowledge of SAST tools such as Coverity, Fortify, SonarQube and SCA tools such as Blackduck, Veracode SCA.
• Fluent in French and English

Nice to have:

• Master in Cybersecurity.
• Knowledge about IEC 62443-4-1 and ISASecure SDLA standards.
• Experience with at least one Python framework (Typer, NumPy, pandas, Flask, FastAPI, Click).
• Interest in environmental issues (energy, climate, biodiversity).
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• Certified Ethical Hacker (CEH).
• CompTIA Security+.
• Fluent in any language (Spanish, German, Italian, etc.).

Looking to make an IMPACT with your career?

When you are thinking about joining a new team, culture matters. At Schneider Electric, our values and behaviors are the foundation for creating a great culture to support business success. We believe that our IMPACT values - Inclusion, Mastery, Purpose, Action, Curiosity, Teamwork - starts with us.

IMPACT is also your invitation to join Schneider Electric where you can contribute to turning sustainability ambition into actions, no matter what role you play. It is a call to connect your career with the ambition of achieving a more resilient, efficient, and sustainable world.

We are looking for IMPACT Makers; exceptional people who turn sustainability ambitions into actions at the intersection of automation, electrification, and digitization. We celebrate IMPACT Makers and believe everyone has the potential to be one.

Become an IMPACT Maker with Schneider Electric - apply today!

36 billion global revenue
+13% organic growth
150 000+ employees in 100+ countries
#1 on the Global 100 World's most sustainable corporations

You must submit an online application to be considered for any position with us. This position will be posted until filled.

Schneider Electric aspires to be the most inclusive and caring company in the world, by providing equitable opportunities to everyone, everywhere, and ensuring all employees feel uniquely valued and safe to contribute their best. We mirror the diversity of the communities in which we operate, and 'inclusion' is one of our core values. We believe our differences make us stronger as a company and as individuals and we are committed to championing inclusivity in everything we do.

At Schneider Electric, we uphold the highest standards of ethics and compliance, and we believe that trust is a foundational value. Our Trust Charter is our Code of Conduct and demonstrates our commitment to ethics, safety, sustainability, quality and cybersecurity, underpinning every aspect of our business and our willingness to behave and respond respectfully and in good faith to all our stakeholders. You can find out more about our Trust Charter here

Schneider Electric is an Equal Opportunity Employer. It is our policy to provide equal employment and advancement opportunities in the areas of recruiting, hiring, training, transferring, and promoting all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status, or any other legally protected characteristic or conduct.