NEVERHACK

3 Jobs

622 Employees

About the Company

NEVERHACK is a French group specialized in cybersecurity for over 40 years.

Founded in 2021 and operating in 10 countries, the group now has over 1200 collaborators worldwide.
Our ambition is to expand internationally to build a secure digital world for all.

🌎 What do we believe in?

Creating a safer digital world by offering innovative and ethical cybersecurity solutions, empowering businesses with the keys to project success.

🧐 How do we do this?

We support companies and individuals in protecting their data through a unique offering of consulting, training, cyber risk assessment, and AI-driven innovations.

⭐ What are our strengths?

Expertise, proximity, and trust!
Our expertise is demonstrated through our collaborators' certifications and rigorous recruitment process. We select top talent and offer ambitious career paths, with over 1000 certifications earned annually.
We maintain close relationships with our partners, both in terms of client relations and geographically, both in France and abroad.
We designate single points of contact (both commercial and technical) for increased responsiveness and availability to meet our clients' needs.

Co-founder of Cyber On Board

Listed Jobs

Company Name: NEVERHACK
Job Title: Assistant RSSI H/F
Job Description: **Job Title:** Assistant Chief Information Security Officer (CISO) **Role Summary:** Assist the CISO in managing information security, compliance, risk, and incident response across the organization, ensuring alignment with internal and external audit requirements. **Expectations:** - Support the CISO in leading cybersecurity initiatives and ensuring regulatory compliance. - Demonstrate senior-level security expertise, capable of interfacing with business units and auditors. - Maintain autonomy, rigor, and a strong service orientation while collaborating cross-functionally. **Key Responsibilities:** - Respond to internal and external audit inquiries (IGL, ACPR, BCE, etc.). - Contribute to security awareness programs and incident monitoring. - Support the CISO in steering cybersecurity and compliance projects. - Participate in security committees, prepare agendas, minutes, and reports. - Track and update the security action plan, incidents, access controls, and policy exceptions. - Execute phishing simulation campaigns using Blusecure. - Conduct risk analyses (EBIOS, ISO 27005) and Data Protection Impact Assessments (DPIA). - Produce security dashboards, key performance indicators, and risk summaries. - Monitor third‑party vendor security and critical outsourcing contracts. - Assist in data mapping and review of sensitive applications. **Required Skills:** - 7–8 years of experience in cybersecurity, CISO, or compliance roles. - Strong knowledge of M365 and Blusecure environments. - Proficient in risk assessment and incident management methodologies. - Excellent written communication, synthesis, and presentation skills. - Proven ability to interact with business stakeholders and auditors. - Autonomy, meticulousness, and a customer‑service mindset. - Preferably experience in the banking sector. **Required Education & Certifications:** - Bachelor’s degree in Computer Science, Information Security, or related field. - Certifications preferred: ISO 27001 Lead Implementer, ISO 27005, CISSP, CISA, EBIOS RM.

Company Name: NEVERHACK
Job Title: Ingénieur DevSecOps
Job Description: **Job Title** DevSecOps Engineer **Role Summary** Implement, automate, and secure Identity & Access Management (IAM) solutions for a defense‑grade project. Drive secure infrastructure as code, CI/CD pipelines, and continuous monitoring while ensuring compliance with national security standards. **Expectations** - Minimum 3 years of DevSecOps experience within a cyber‑security context. - Bachelor’s or Master’s degree in Engineering, Computer Science, or equivalent (Bac+5). - French Defence Secret clearance (or ability to obtain one). - Proven track record of delivering secure, scalable infrastructure solutions. **Key Responsibilities** 1. Design, develop, and maintain secure IAM architecture for defense stakeholders. 2. Build and maintain CI/CD pipelines (Jenkins, Ansible, Terraform). 3. Provision and manage Linux servers, containers (Docker, Kubernetes), and infrastructure as code. 4. Develop secure web services (PHP/Symfony, Java, Python) and database components (MariaDB, Galera). 5. Configure and administer web and reverse‑proxy servers (NGINX, HAProxy). 6. Implement logging, monitoring, and alerting (Kibana, ELK stack) to detect anomalies. 7. Collaborate with security, architecture, and operations teams to enforce best practices. 8. Participate in security reviews, threat modeling, and risk assessments. 9. Contribute to internal tooling, automation scripts, and documentation. 10. Stay current with emerging security tools, cloud services, and IAM standards. **Required Skills** - Linux system administration - DevOps tools: Jenkins, Ansible, Docker, Kubernetes, Terraform - Programming: PHP (Symfony), Java, Python, Bash/Shell scripting - Databases: SQL, MariaDB, Galera Cluster - Web & network: NGINX, HAProxy, RPo, IAM protocols (OAuth, OpenID Connect) - Monitoring & observability: ELK stack, Kibana, log analytics - Security fundamentals: vulnerability scanning, secure code review, threat modeling **Required Education & Certifications** - Master’s level (Bac+5) in Engineering, Computer Science, Cyber‑Security or related field. - Valid French Defence Secret clearance (or ability to obtain). - Relevant certifications (e.g., AWS Certified DevOps Engineer, Kubernetes Administrator, OSCP, or equivalent) are a plus but not mandatory.

Rennes, France

On site

13-01-2026

Company Name: NEVERHACK
Job Title: Consultant GRC F/H
Job Description: **Job title** Consultant – GRC (F/H) **Role Summary** Act as a Security‑by‑Design & Risk Management specialist, integrating cybersecurity requirements at the design phase and throughout the lifecycle of client projects. Provide expertise in risk analysis, compliance, tool governance, and process automation to safeguard critical initiatives. **Expectations** - Minimum 4 years of experience in risk analysis or Security‑by‑Design. - Proven track record on high‑visibility, critical‑business projects. - Capacity to simplify complex concepts for diverse audiences. - Strong client‑service orientation and consultative mindset. **Key Responsibilities** 1. Apply the Security‑by‑Design process: scoping, high‑level risk assessment (HLRA), compliance alignment. 2. Conduct detailed risk analyses using EBIOS RM, ISO 27005, and streamlined “light” versions. 3. Track and manage risk treatment plans, de‑risking requests, and risk acceptance decisions. 4. Present findings and recommendations in architecture and security committees. 5. Maintain and update the Security‑by‑Design repository, incorporating agility, GDPR, NIS2, and other regulatory drivers. 6. Perform group‑level and on‑demand risk assessments for internal entities. 7. Generate risk indicators, dashboards, and reporting artifacts for executive oversight. 8. Drive industrialization and automation of risk analysis procedures. 9. Cap‑talise lessons learned and contribute to a shared knowledge base. 10. Configure, govern, and manage risk‑management tools; deploy analysis models and questionnaires. 11. Disseminate best practices and methods across teams. **Required Skills** - Expertise in EBIOS RM, ISO 27005 frameworks. - Advanced understanding of GDPR, NIS2, and related regulatory environments. - Proficient in risk‑management workflows and documentation. - Experience with cloud environments or DevSecOps practices (preferred). - Strong analytical, presentation, and stakeholder‑management skills. - Ability to automate and industrialise risk processes (automation tools, scripting). **Required Education & Certifications** - Bachelor’s degree in Information Security, Risk Management, Computer Science or equivalent. - Certifications: ISO 27005, EBIOS Practitioner, or other recognised cybersecurity risk certifications (e.g., Risk Manager). ---