Internship/Apprenticeship - Technical Audits and Penetration Testing: Developing New Attack Techniques

Join Wavestone as a Cybersecurity Manager specializing in Audit and Incident Response. In this pivotal role, you will lead a team responsible for assessing cybersecurity risks and responding to incidents effectively. Your expertise will be essential in shaping our security strategies and ensuring compliance with best practices. You will collaborate with cros…

Join Wavestone as a Red Team Leader in the dynamic field of cybersecurity! In this pivotal role, you will lead a team dedicated to auditing and incident response. Your expertise will guide our clients in fortifying their defenses against cyber threats. As a leader, you will not only manage projects but also mentor and develop your team, ensuring they are equipped with the latest skills and knowledge.

Join Wavestone as a Manager in our Product & Industrial Cybersecurity division. In this pivotal role, you will lead cybersecurity initiatives, ensuring robust protection of our industrial assets and products. Your expertise will guide teams in implementing cutting-edge security measures and strategies that align with industry standards. Collaborate with cross-functional teams to foster a culture of security awareness and drive continuous improvement in our cybersecurity posture.

Wavestone is looking for a skilled Manager in Cybersecurity, specifically focused on Digital Identity. In this strategic role, you will leverage your expertise to develop and implement advanced cybersecurity strategies that protect our clients’ digital identities. You will lead projects, collaborate with cross-functional teams, and engage with clients to ensure the highest standards of security are maintained.

Join Wavestone as a Senior Consultant specializing in Product & Industrial Cybersecurity. In this pivotal role, you will be instrumental in helping clients navigate the complex landscape of cybersecurity threats and develop robust strategies to protect their critical assets. You will leverage your expertise to assess vulnerabilities, formulate security protocols, and implement cutting-edge solutions that align with industry standards.

Join Wavestone as a SOC Offer Manager (H/F) in the dynamic field of Cybersecurity, specializing in CyberDefense and Recovery. In this pivotal role, you will lead the development and delivery of innovative cybersecurity solutions that enhance our clients' resilience against cyber threats. You will collaborate with a talented team of experts, driving strategies that protect organizations from evolving cybersecurity challenges.

In the rapidly evolving digital landscape, organizations are compelled to adopt new technologies and integrate their information systems with partners and clients. As cybercrime escalates, regulatory bodies and governments are intensifying their vigilance. How can we respond effectively? By collaborating with executive management to define a risk-based strategy and ensuring its implementation across all operations, we can achieve a suitable level of protection and appropriate responses to major incidents.As part of the Cybersecurity practice, comprising over 400 professionals, our consultants engage with large corporations on pivotal issues such as incident response, personal data management regulations (GDPR), fraud prevention, connected device security, and cloud data management.• Cybersecurity Strategy: Risk assessment and crisis management• Securing Digital Transformation: Big data, cloud, IoT & Industry 4.0• Digital Compliance: Fraud prevention, privacy protection, critical infrastructure, and sector regulationsAs an intern under the guidance of a project manager, you will undertake:• A study on a forward-looking and innovative topic (from our wide range of practice offerings) that will enhance your academic knowledge and that of the firm, providing in-depth insights into current issues facing our clients and familiarizing you with Wavestone's recognized consulting methodologies.• Client operational missions within project teams to develop essential skills expected of a junior consultant (analysis and synthesis, interpersonal skills, market understanding, client/mission accountability)Additionally, you will have the opportunity to actively participate in the internal dynamics of the firm by:• Contributing to the development of our assets: Shake 'up, The Factory, CréaDesk, Machine Learning & Data Lab, Research & Knowledge Center• Publishing articles on our blogs• Participating in recruitment, school relations, commercial proposal responses, internal training, and internal events.

Join Wavestone as a Senior Consultant specializing in Cybersecurity with a focus on Digital Identity. In this pivotal role, you will leverage your expertise to enhance our clients' cybersecurity frameworks, ensuring robust protection of digital identities. Collaborate with cross-functional teams to develop innovative solutions that address complex security challenges.Your insights will shape strategies that not only respond to current threats but also anticipate future vulnerabilities, making a significant impact on our clients' security postures.

BACKGROUNDEmployee awareness is a crucial element of cybersecurity. However, good security practices have yet to become second nature, and threats continue to evolve. As new regulations require companies to educate their users about cybersecurity (such as LPM...), Wavestone's cyber-awareness offering must also adapt to meet the changing needs of our clients:How do we respond to new attack techniques (from social engineering to targeted attacks)?How do we raise awareness about the challenges posed by new regulations, particularly concerning personal data protection?How can we assess the effectiveness of our initiatives to ensure they are tailored to our audience?What tools/actions can we implement to engage various stakeholders (employees, IT specialists, executive committees, etc.), especially when security is not their primary focus (e.g., creating videos, escape games, etc.)?INTERNSHIP OBJECTIVEThe goal of this internship is to enhance Wavestone's cybersecurity awareness offerings. By consolidating existing materials to make them more accessible and reusable, the intern's work will improve the firm's effectiveness in cyber-awareness missions.The main focus of the internship will be to establish a sustainable organization that ensures the capitalization and dissemination of knowledge. A secondary aspect will involve developing future awareness strategies to ensure the firm can effectively address upcoming challenges.PROJECTS TO BE COMPLETEDUnder the guidance of a consultant and the management of a manager, the intern may be involved in some or all of the following tasks:Leading Wavestone's cyber-awareness offering:Summarizing existing materials to propose templates that address current business challenges in information security,Revising pre-sales presentations showcasing our expertise,Establishing and implementing a sustainable knowledge capitalization process.Conducting monitoring around cyber-awareness topics: identifying key stakeholders, determining necessary resources, and tracking trends in awareness initiatives, etc.;Renewing the methods of engaging various populations within our client organizations: IT functions, managers, executive committees, employees, etc.;Consolidating and designing measures to evaluate the effectiveness of awareness initiatives, enabling reporting to management and executive committees.

CONTEXTMergers and acquisitions (M&A), along with disposals and partnerships, reflect significant strategic choices and are often subject to sensitive negotiations. Nowadays, the information systems (IS) of each company are taken into consideration during these processes. A notable example is the acquisition of Yahoo!'s internet activities by Verizon, where repeated security breaches at Yahoo! led to a $350 million reduction in the initial purchase price, representing a 7% decrease.Once M&As are finalized, the challenge arises of integrating two different IS, often burdened with technical debt on both sides. How can we ensure that two systems operate seamlessly while maintaining optimal security levels? How do we address regulatory constraints that may differ between the two entities?Conversely, disposals present the opposite issue: how to effectively separate an IS into two distinct entities while satisfying both technical requirements (e.g., maintaining operations) and regulatory demands (e.g., ensuring that the divested entity does not access the parent company’s data, and vice versa).Thus, cybersecurity must be prioritized during M&A transactions, whether before, during, or after the transformation.OBJECTIVE OF THE INTERNSHIPThe goal of this internship is to understand the various security challenges associated with information systems in M&A and divestiture projects, specifically to develop Wavestone's insights on the following points:How to assess the security maturity level of companies prior to mergers, acquisitions, divestitures, or partnerships?How to evaluate and ensure security levels during integration or divestiture?How to establish a target security governance structure among the different stakeholders?ASSIGNED TASKSUnder the guidance of a consultant and managed by a team leader, the intern will be involved in one or more of the following tasks:Conduct market research and leverage the firm's experiences concerning audit and security governance issues during M&A projects;Define a methodology for assessing security maturity before mergers, acquisitions, divestitures, or partnerships;Define a methodology to ensure security levels during the transformation phase;Design governance models for the target security function based on the type of M&A.

Join Wavestone as a Senior Cybersecurity Consultant, where you will play a key role in enhancing the security posture of our clients. You will leverage your expertise in cybersecurity to provide strategic guidance and implement effective security solutions. Your contributions will be essential in safeguarding sensitive information and ensuring compliance with industry standards.

CONTEXTFinancial organizations face a surge in sophisticated cyberattacks, revealing a deep understanding that hackers possess about the finance sector. Cybercriminal groups have combined their technical prowess with an extensive grasp of business processes and applications within finance. To bolster their defenses against increasingly skilled adversaries and comply with stringent regulations, financial institutions recognize the need to ensure comprehensive security across their most critical processes by developing new technological and functional measures.INTERNSHIP OBJECTIVESWavestone aims to refine its understanding of the most critical business chains (processes and underlying IT systems) in the finance sector and develop relevant security measures tailored to the unique security challenges they face. The processes to be observed include those from retail banks, private banks, investment banks, asset managers, systemic financial infrastructures, central banks, etc.The internship/apprenticeship will involve selecting and analyzing these critical chains for some or all of these actors. This analysis should address the following questions:For each type of actor, what are the top three most vital business chains?Identify and study their dynamicsUnderstand the specific security stakesEvaluate the level of exposure in light of current threatsTarget their structural weaknessesWhat IT components and specialized software support these chains?Model the IT systems incorporating the view of business software solutionsIdentify their potential vulnerabilitiesWhat interdependencies exist among these chains?Understand how the compromise of one can impact anotherWhat relevant measures can be recommended for these business chains?TASKS TO BE PERFORMEDUnder the guidance of a consultant and the direction of a senior manager, the intern will be tasked with performing part or all of the following activities:Study and model critical business processesAssess the security level of specialized IT products and infrastructuresConduct risk analysis of various chains and identify weaknesses

Join Wavestone as a Senior Consultant in Cybersecurity and Digital Trust, where you'll play a pivotal role in enhancing our clients' digital security posture. In this dynamic position, you will lead projects that assess and improve security measures across various industries. You will collaborate with cross-functional teams to design and implement strategies that foster trust in digital environments, ensuring compliance with regulations and industry standards.

CONTEXTCyberattacks are a pressing reality today, with the potential to significantly impact businesses, including the shutdown of factories and prolonged operational disruptions. While implementing protective barriers is crucial, companies must also develop capabilities for timely detection and effective incident response.In response to this challenge, an increasing number of organizations are establishing Security Operation Centers (SOCs) to oversee security and provide incident response services.INTERNSHIP OBJECTIVEThe aim of this internship/apprenticeship is to identify key factors for assessing the effectiveness of a SOC and to propose methodologies and tools to enhance its maturity regarding cyberattack detection. This may involve identifying promising new solutions or adapting existing mechanisms to new types of infrastructures.Key questions to address include:What evaluation methodologies exist for SOC maturity?What supervision strategies are applicable for the Cloud?What contributions do next-gen tools make in the detection of cyberattacks?What are the obligations and rights regarding cyberattack detection?How can a high level of SOC supervision be maintained over time?What type of SOC is most effective in preventing fraud?What impacts do new regulations have on SOC operations?ASSIGNED TASKSUnder the guidance of a consultant and the supervision of a manager, the intern will undertake various tasks, including:Defining a methodology for evaluating SOC maturityStudying security monitoring methods in the CloudBenchmarking next-gen tools for cyberattack detectionAnalyzing regulations regarding cyberattack detectionIdentifying best practices for expanding and adapting SOC supervisionMapping needs and solutions to make SOC a fraud prevention tool

CONTEXTIn the past decade, there has been a significant rise in attacks targeting industrial systems, driven by two main factors:Increased exposure of these systems on corporate networks and even the Internet;The emergence of various attacker groups developing dedicated attack arsenals.The advent of Industry 4.0 technologies has introduced new vulnerabilities, such as the exposure of equipment via IoT (Internet of Things) and the decentralization of computing in the cloud.As this threat grows, the security of industrial systems remains inadequate. It is imperative to initiate profound changes within industrial environments while enhancing public knowledge and skills regarding the security of industrial information systems.Simply implementing protective measures on industrial information systems is not sufficient. Experience with traditional information systems has highlighted the limitations of this approach and underscored the need for detection mechanisms. However, the unique characteristics of industrial information systems render conventional detection systems ineffective. Therefore, developing new solutions capable of adapting to industrial attacks is essential.INTERNSHIP OBJECTIVEThe goal of this internship is to enhance Wavestone's expertise in industrial information system attacks while allowing the intern to discover their unique characteristics and security measures.ASSIGNED TASKSUnder the guidance of a consultant and the supervision of a manager, the intern may undertake some or all of the following tasks:Develop technical expertise by studying real industrial attacks;Design industrial mock-ups to serve as demonstrators;Develop exploit codes against equipment (PLCs, SCADA, etc.) or industrial protocols;Define new detection strategies and validate them through the creation of Proof of Concept;Update industrial audit methodologies to consider the latest threats and attack vectors.

CONTEXTBoth companies and states are increasingly facing cybercriminal attacks that are growing in scale and complexity. Our clients are not only seeking protection against these attacks but also aiming to learn how to respond quickly and effectively.To meet this demand, crisis management exercises of varying scales are organized to test existing crisis management systems and associated processes through increasingly complex simulations:Initially simulating what are known as “classic” attacks such as data breaches and DDoS attacks on web services.Subsequently confronting crisis management teams with large-scale attacks reminiscent of NotPetya (ransomware) or the Bank of Bangladesh incident (an illicit transfer attempt of $981 million attributed to North Korea): massive data theft, destruction of company tools, fraud, and events causing international media impact.INTERNSHIP OBJECTIVEThe goal of this internship is to assist Wavestone in strengthening and enhancing the effectiveness of its methodologies and tools in crisis management and exercise design.This includes defining innovations that can be applied to existing methodologies for more effective practice in response to large-scale cyberattacks: innovative attack scenarios, tools for more realistic exercise facilitation, and interventions closely aligned with the real actions of cyber attackers.TASKS TO BE PERFORMEDUnder the guidance of a consultant and managed by a manager, the intern may be involved in carrying out part or all of the following tasks:Analysis of major attacks reported in the media or managed by CERT Wavestone and/or creating a sector overview;Identification of improvements to be made to Wavestone's crisis management offering, particularly in conducting exercises;Implementation of identified improvements, such as designing exercises based on real events observed and tools for project teams organizing large-scale exercises, developing pre-packaged exercises in a new format, and creating a crisis management maturity audit grid.

Wavestone is seeking a dynamic and skilled Manager to lead our Cyber Transformation and Compliance initiatives. In this pivotal role, you will oversee the development and implementation of robust cybersecurity strategies and compliance frameworks tailored to meet the evolving challenges of the digital landscape.Your responsibilities will include collaborating with cross-functional teams to assess current security measures, identify vulnerabilities, and design effective solutions that align with industry standards and regulatory requirements. You will play a critical role in enhancing our clients' security posture while ensuring compliance with relevant regulations.

Join our dynamic team at Wavestone as an Internal Auditor Intern! This is an excellent opportunity for those looking to gain hands-on experience in auditing processes and internal controls within a leading consulting firm.As an intern, you will assist in evaluating financial and operational processes, identifying risks, and recommending improvements. You will work closely with experienced auditors and have the chance to develop your analytical and problem-solving skills.

Join Loxam, a leading player in the equipment rental industry, as an Experienced Internal Auditor. In this role, you will be responsible for conducting comprehensive audits across various operations to ensure compliance with standards and regulations.