Menu

Thomas MAGNIER

TOULOUSE

En résumé

Compétences techniques
Certification
· Certifié ISO/CEI 27005 Risk Manager (PECB, License PECB-ISMSRM-100287)
· EBIOS avancé (PECB, License PECB-EBIOS-100048)
· En cours de passage ISO/CEI 27001 Lead Auditor (septembre 2014)
· Préparation en autodidacte à la certification CEH 312-50

Sécurité
· Implémentation et maintien du standard ISO/CEI 27001 et de la norme PCI-DSS
· Analyse des risques, implémentation de SMSI, mesure d’efficacité, gestion des vulnérabilités techniques

Réseau
· LAN : RADIUS, TACACS+, NAT, STP, VLAN, VTP, 802.1
· Protocoles de routage : RIP, IGRP, EIGRP, OSPF
· Technologies de firewalling : NetFilter/IPTables
· Sécurité : IDS, IPS, VPN (GRE, MPLS, IPSec)

Système
· Administration système GNU/Linux : CentOS, Debian, ArchLinux
· Implémentation et configuration des démons et serveurs UNIX tels que FTP, SSH, SAMBA, DHCP, DNS, NTP, Postfix, OpenLDAP, Kerberos, OpenVPN
· Administration de technologies Windows AD et WSUS

Mes compétences :
PCI DSS
Linux
ISO 27001
Risk Assessment
EBIOS
ITIL Foundation V3
Penetration test
Sécurité
Système d'information
Security audit

Entreprises

  • ESSP SAS - Ingénieur Sécurité

    TOULOUSE 2015 - maintenant

  • Airbus - Auditeur sécurité (sous-traitant)

    Blagnac 2014 - 2014 - Conduite d’audits de sécurité des applications Airbus

  • Scassi - Security Engineer

    2013 - 2015

  • Teleperformance - Security Analyst

    Asnières sur Seine 2011 - 2012 Study, implementation, maintain and improvment of an Information Security Management System related to the data transmitted to embassies in order to obtain the ISO/IEC 27001 certification
    Maintain compliance with PCI-DSS and the Directive 95/46 EC (Data Protection Directive)
    Lead and coordinate with all department to implement, maintain and improve the security controls
    Analyse security incidents and develop effective remediation plans
    Integrate client security requirements into company security process
    Monitor the security RSS flux to know the new security vulnerability, test them, evaluate the risk and implement the controls if needed
    Define and maintain Business Continuity Plans and Disaster Recovery Plans
    Train staff from all departments to be aware about the security process
    Participate in the bidding proposal written to integrate the security aspects
    Remote leading and on-site audits of the information security in 15 sites, 400 employees
    Frequent business trip in more than 10 countries in Asia, Europe, Middle East and North Africa

  • TLScontact - Web Developer (Intern)

    2010 - 2010 Development of an PHP application which parses the data contained in the MRZ (Machine Readable Zone) of the passports and automatically find the correct applicant in the database.
    Writting ISO 27001 procedures and implementing security checklists for servers and switches.
    Perform network penetration testing to identify vulnerabilities.

  • SUPINFO International University, Institute of Information Technology - Security team leader

    2009 - 2011 Contribute to the writing of network security classes for second year students based on C|EH 312-50 (Certified Ethical Hacker)
    Manage members about the computer security : researcher and article writer

  • Web Developer (Intern) - Lacour Concept

    2009 - 2009 - Development, testing, implementing and user support of an Intranet application
    - The program automatically generates a topology of the company’s clients, based on the information contained in the database

Formations

Réseau

Annuaire des membres :