Description

Over 16 years of experience delivering software products and services across transport & logistics,

retail, and banking, with expertise in solution architecture, security, team leadership, quality

assurance, and software engineering. Strong knowledge of cloud and modern architecture, cloud

security, and enterprise-grade software solutions. Proven experience in Azure cloud services,

Microsoft security frameworks, and driving secure, scalable digital transformation initiatives

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
Arabic
Fluent

Workplace preferences

Can work on-site

Paris (up to 30km)

IDEMIA
Senior Coud/security & Software Architect
SOFTWARE PUBLISHING
March 2026 - Today (3 months)
Osny, France
Conducted an Azure security posture audit using Defender for Cloud and Secure Score — reviewed existing controls, identified misconfigurations and coverage gaps across the biometric platform environments.
Audited the Azure architecture across Landing Zone design, network topology, and IAM configuration — produced findings and a prioritised remediation plan aligned with the division’s security standards.
Led remediation efforts on the identified gaps — hardening network segmentation, tightening IAM roles and access policies, and fixing misconfigured security controls across the Azure environments.
Worked with engineering and DevOps teams to translate audit findings into concrete security improvements — updated Azure Policies, reviewed CI/CD pipeline controls, and documented security baselines for ongoing compliance tracking.
Cloud Architecture (Azure) Sécurité Cloud Zero Trust DevSecOps Microsoft Defender for Cloud
Ceva Logistics
Lead Cloud Security Architect & Azure Lead Architect
LOGISTICS AND SUPPLY CHAIN
December 2023 - January 2026 (2 years and 1 month)
• • Designed and led the end-to-end Cloud Security Architecture for an Azure Tenant-to-Tenant migration across 40+ applications, defining security reference architecture (identity, network, data, workload layers) as the foundation ensuring zero critical downtime and full business continuity.
• • Designed and deployed enterprise-grade hybrid connectivity (ExpressRoute, Site-to-Site VPN, Hybrid DNS) and secured PaaS workloads across AKS, Azure Container Apps, Azure Functions, Web Apps, and managed databases ensuring network isolation, private endpoint exposure, and consistent security controls across all services.
• • Designed and deployed Azure Landing Zones based on Microsoft CAF, embedding security governance (RBAC, Azure Policy, Defender for Cloud) from day one. Reducing provisioning time and achieving full compliance alignment with corporate security baselines.
• • Implemented IAM/PAM, PIM & RBAC frameworks, cuting privileged access risks and enabling a scalable Zero Trust model.
Cloud Architecture (Azure) Sécurité Cloud Cloud Migration Gouvernance Cybersécurité Containerization
FUJITSU
AZURE SOLUTION & SECURITY ARCHITECT
February 2022 - December 2023 (1 year and 10 months)
Design & deployment of cloud-based projects:
o Saft: Move2cloud integration with TotalEnergies Inox@Scale Landing Zone,including
Refactoring, Rebuild, Cloud Security Posture Management (CSPM) setup, compliance
monitoring, and optimize Azure infrastructure cost.
o Hutchinson: Security-first Landing Zone design with network segmentation, Defender
for Cloud integration, identity governance (Azure AD/RBAC), Firewall, WAF,
ExpressRoute, AKS, and full IaC (GitHub) aligned with Zero Trust principles.
o HubOne: Data cloud application based on Dataiku PaaS service, Azure Synapse, Azure
Data Lake, API Management, and Azure Purview.
• Redesign & modernization of TotalEnergies applications towards microservices architecture
with AKS, Serverless, Azure Service Bus & SignalR.
• Designed cloud security architectures for multi-client environments: data classification,
encryption at rest and in transit, CSPM integration via Microsoft Defender for Cloud and
Sentinel, and ISO 27001 / CIS-aligned security baselines.
• Led Azure security architecture advisory in pre-sales phases — producing security reference
architectures, threat models, and technical proposals covering cryptography, secure access
mechanisms, and compliance frameworks (NIST, ISO 27001).
Cloud Architecture (Azure) Cloud computing Avant-vente Cloud Security Modernisation du SI