Yann F.

Senior Security Engineer

Paris, Île-de-France, France

About

Experience

  • Senior Security Engineer at Qonto
    Jul 2026 - Present · 1 mo

    Security Engineer protecting the different assets of the group.

  • Societe Generale ()
    • Red Team Operator Cyber Controls
      Sep 2025 - Jun 2026 · 10 mos

      Same activity as before but for the "Cyber ​​Controls" authority team (a team closer to the executive committee) we working with the NIST (National Institute of Standards and Technology) barometer's team and the new team "Tower Controls".

    • Red Team Operator CERT-SG
      May 2021 - Sep 2025 · 4 yrs 5 mos

      As a red team operator for the Société Générale Group (Gcoo/Isr/Tcf), I am responsible, along with my teammates, for simulating attacks similar to those used by cybercriminal groups. This involves phishing and social engineering, using offensive tools such as Cobalt Strike, Brute Ratel, and other command and control (C2) tools, as well as conducting research to evade the protections in place, such as EDR solutions, network probes, firewalls, mail gateways, and many others. Within my team, I develop offensive tools, notably payloads that must be compatible with the targets and undetected by antivirus and EDR solutions. This entails studying the inner workings of Windows and keeping a regular watch on new tactics and procedures. I am also the primary contact for assessing risks related to physical threats, both from an internal and external point of view to the group's buildings, through realistic scenarios that we have practiced (physical implantation via an hardware implant in the premises as an insider, TPM sniffing to backdoor workstations protected by Bitlocker, Rogue access points, Malicious QR codes, USB rubber ducky alternatives etc.)

  • Ministère de la Défense (5 yrs 5 mos)
    • Head of cyber expertise for "Les Jeunes IHEDN"
      Dec 2019 - May 2021 · 1 yr 6 mos

      Member and head of the cyber expertise pole of "Les Jeunes IHEDN" (Institute of Higher National Defense Studies) The association of "Les Jeunes IHEDN" (formerly ANAJ-IHEDN) is the first French association of young people on defense, security and commitment issues. Created in 1996, the ANAJ-IHEDN changes its name on March 11, 2019 to become "Les Jeunes IHEDN". It brings together young auditors, students or young professionals, trained by the Institute of Higher National Defense Studies (IHEDN). With an objective of openness and a desire to spread the spirit of Defense, the association wishes to share its interests with a wider public, through many events organized, each year, throughout France. We organize : - Conferences every week on topics such as: intelligence, energy challenges, economic diplomacy, cyber security, etc. - Visits to meet the actors of Defense and Security: RAID, GIGN, ministries, nuclear power plants, air bases, naval bases, regiments, etc. - Workshops to debate more freely on more specific themes and to bring a specific expertise - Dinner-debates to discuss with personalities working in their field (e.g.: "Figures of the Republic" cycle)

    • Reservist
      2016 - May 2021 · 5 yrs 5 mos

      Reservist in the Cyber Defense Command (COMCYBER -> CRPOC)

  • Offensive & Defensive Security at Leboncoin.fr
    Sep 2019 - Apr 2021 · 1 yr 8 mos

    Offensive & Defensive security for the Adevinta group, I was in charge of developing different activities including: - Offensive penetration tests on web and mobile applications, as well as the internal infrastructures of the group. - Defensive activities, mainly the implementation of a SIEM and the processing of alerts generated (SOC). - Carrying out forensic analysis, incident response and technology watch. - Support the development teams in correcting identified vulnerabilities. - To participate in the security awareness of the Leboncoin group's employees, both IT and human.

  • Security Consultant / Penetration Testing at XMCO
    Feb 2019 - Sep 2019 · 8 mos

    Black box, grey box and white box penetration tests, writing of watch bulletins for the CERT-FR approved by the French National Agency for Information Systems Security (ANSSI). Writing of detailed security audit reports for various clients. Participation in research and development activities as well as in external and internal conferences.