SERMA SAFETY & SECURITY

7 Jobs

199 Employees

About the Company

SERMA Safety & Security is your single point of contact for the security and dependability of your products and systems.

Because Cybersecurity and Dependability are intricately linked, and the Security of connected objects has to be managed at system level, SERMA Safety & Security has developed a one-stop comprehensive offer incorporating Expertise, Evaluation,Consultancy and Training , covering hardware, software and information systems.

Created in 2015, SERMA Safety & Security, known as S3, is renowned for its expertise in the field of safety and security - the result of over 20 years' experience:

> The security lab, created in 1998 , which carries out several hundred security evaluations each year in France and abroad (ranging from electronic chips to the full electronic system)
> A specialised business line devoted to Consultancy, Training and Expertise, carried over from Surlog and OPALE Security, two firms that have since been integrated into the company

The company provides support to every sector and application cases for which data confidentiality, assets protection, service security, service availability & integrity, operations safety, etc. are of prime importance. Typical applications as embedded and connected systems, product and industrial security, internet of things, information systems are the kind of subjects that SERMA experts are accustomed to manage.

SERMA's offer is organized with the following activities:

> Security formal evaluation, provided by a security laboratory licensed by the French ANSSI security agency
> Security expertize and consulting
> Safety expertize and consulting

WE ARE HIRING !
Do you want to find out more about our business lines? Our projects? The benefits of being part of SERMA?
Get in touch with our employees on LinkedIn or contact us!

Listed Jobs

Company Name: SERMA SAFETY & SECURITY
Job Title: Ingénieur Conformité Logiciel - KQN
Job Description: Job Title: Software Compliance Engineer Role Summary: Evaluate the security of software and embedded products against the Common Criteria international standard, supporting the technical team on diverse security assessment projects. Expectations: Demonstrated analytical mindset, proactive problem‑solving, and strong attention to detail; ability to work independently and collaboratively; commitment to continuous learning in security domains. Key Responsibilities: · Conduct Common Criteria assessments for software and embedded systems (ICs, smart cards, secure storage, mobile, automotive, aeronautical areas). · Review application and system architecture to identify security and compliance gaps. · Participate in test planning, evidence collection, and documentation for certification submissions. · Contribute to threat modeling, vulnerability assessment, and security design reviews. · Support technical team with guidance on security best practices and emerging standards. Required Skills: • In‑depth knowledge of Common Criteria evaluation procedures and documentation. • Experience in security assessment, consulting, or development. • Familiarity with code review or software development processes. • Understanding of embedded product security (ICs, smart cards, secure peripherals). • Strong analytical and problem‑solving skills. • Excellent written and verbal English (technical). Required Education & Certifications: • Bachelor’s or Master’s degree (Engineer or equivalent) in Computer Science, Electronics, or Mathematics. • Relevant certifications in security (e.g., CISA, CISSP, CTF, or Common Criteria evaluation experience) considered an asset.

Pessac, France

On site

05-12-2025

Company Name: SERMA SAFETY & SECURITY
Job Title: Stage Développeur/Ingénieur Cyber embarquée H/F - (KSC/IEC/122025)
Job Description: **Job Title**: Embedded Cybersecurity Developer Internship **Role Summary**: Join a research‑and‑development team to design, develop, and validate exploitation techniques for hardware and radio‑frequency vulnerabilities using the next‑generation HARDSPLOIT tool. Work on embedded Linux and bare‑metal RISC‑V FPGA platforms targeting communication protocols such as UART, I²C, and CAN. **Expectations**: - Complete a 6‑month internship starting April 2026, fully dedicated to tool development and testing. - Collaborate closely with software and hardware engineers to advance penetration‑testing capabilities. **Key Responsibilities**: - Study the architecture and capabilities of HARDSPLOIT NG. - Develop new attack modules that exploit UART, I²C, CAN, and other GPIO‑connected protocols. - Port existing attack code to the HARDSPLOIT NG platform. - Design hands‑on exercises, lab scenarios, and demonstration demos for training purposes. - Test and validate attacks on provided training hardware boards. **Required Skills**: - Proficient in Python programming. - Experience designing, implementing, and testing exploitation code. - Strong understanding of wired communication protocols (UART, SPI, I²C, CAN). - Basic knowledge of hardware security concepts and hardware penetration testing. - Team‑player mindset with excellent collaboration abilities. **Required Education & Certifications**: - Bachelor’s or Master’s degree (Bac+5) in Embedded Systems, Cybersecurity, Electrical Engineering, or related fields. - No specific certifications required, but familiarity with security standards (e.g., ISO/IEC 27001) is a plus.

Company Name: SERMA SAFETY & SECURITY
Job Title: Coordinateur résilience et sécurité du SI H/F - (KSC/PSC/012026)
Job Description: **Job Title** SI Resilience and Security Coordinator (H/F) – (KSC/PSC/012026) **Role Summary** Coordinate and execute resilience and continuity plans for information systems, ensuring compliance with regulatory requirements in a banking environment. Lead preparedness exercises, maintain operational readiness, and support crisis management for physical or logical disruptions. **Expectations** - Deliver end‑to‑end coordination of resilience exercises and post‑exercise actions. - Maintain continuous operational condition of the SI resilience program. - Collaborate with production teams, stakeholders, and internal communications to drive improvements. - Provide expertise in risk analysis, impact assessment, and continuity planning within the financial sector. **Key Responsibilities** 1. **Exercise Preparation & Coordination** - Validate technical roadmaps for resilience exercises. - Define eligible scope based on known constraints. - Create macro‑planning and restoration plans. - Mobilize and coordinate production participants during weekend drills. - Draft and present technical post‑exercise reports. 2. **Operational Readiness of SI Resilience (PSI)** - Track post‑exercise action plans and report progress. - Continuously improve procedures and documentation in collaboration with production teams. - Lead production stakeholders and serve as internal communication bridge for enhancement requests. - Capture lessons learned to increase real‑event response capability. 3. **Crisis Management Support** - Assist in managing incidents that trigger a global PSI response (physical or logical unavailability). - Contribute to incident containment, recovery, and post‑mortem activities. **Required Skills** - Planning and execution of Business Continuity (BC) / Disaster Recovery (DR) (PCA/PRA). - Risk analysis and impact assessment (EBIOS, MEHARI, BIA). - Stakeholder coordination and training. - Strong written and verbal communication. - Analytical mindset, rigor, and autonomy. - Ability to thrive in fast‑paced, demanding environments. **Required Education & Certifications** - Master’s degree or engineering school diploma (Bac+5) in Cybersecurity, Information Security, or related field. - Equivalent professional experience (2‑5 years) in cybersecurity, preferably within banking or finance. - Relevant certifications (e.g., CISSP, CISA, ISO 27001 Lead Implementer, ITIL, or equivalent) are advantageous.

Company Name: SERMA SAFETY & SECURITY
Job Title: Ingénieur sécurité applicative - Paris (H/F) - (KSC/PSC/012026)
Job Description: Application Security Engineer **Role Summary**: Apply technical security expertise to integrate and audit application security solutions (SAST/SCA/DAST/IAST tools) for enterprise clients in banking, with a focus on vulnerability management, audit documentation, and automation. **Expectations**: Junior-to-mid-career professional with 3-5 years in application security, strong technical communication, and hands-on experience in DevSecOps practices. **Key Responsibilities**: - Execute and document semi-automated and manual application security audits. - Train developers/DevOps teams on security tools and best practices. - Triage security vulnerabilities, recommend remediation strategies, and track progress. - Collaborate with providers and internal teams on penetration testing. - Develop automation scripts (Python/Shell/PowerShell) for security workflows and access management. **Required Skills**: - Expertise in Checkmarx (SAST), Qualys WAS (DAST), Contrast Assess (IAST), and SCA tools. - Proficient in Java, .NET, Python, and CI/CD pipelines (GitLab, Jenkins, Azure DevOps). - Deep knowledge of OWASP Top 10, CWE, CVSS, and remediation methodologies. - Ability to create clear audit reports, remediation plans, and security documentation. - Scripting automation for security tasks. **Required Education & Certifications**: - Minimum of a 5-year bachelor’s degree (Engineering) or Master’s in Cybersecurity/Computer Science. - 3-5 years in application security roles, auditing, or DevSecOps environments.

View 7 more jobs at SERMA SAFETY & SECURITY