About Sonepar
Sonepar is an independent family-owned company standing as the world leader in B-to-B distribution of electrical equipment, solutions, and services. In 2024, Sonepar achieved sales of €32.5 billion. Present in 40 countries with a dense network of brands, the Group is leading an ambitious transformation to make its customers’ lives easier providing them with an omnichannel experience and sustainable solutions in the building, industry, and energy markets.
Sonepar’s 46 000 associates are committed to accelerating the world’s electrification and driven by a shared Purpose: Powering Progress for Future Generations.
www.sonepar.com
How will you shape our tomorrow?
We are looking for an experienced Application CyberSecurity and Compliance Lead (Lead Devsecops) to strengthen our Cloud Platform organization. In this role, you will drive our global DevSecOps strategy, ensure security and compliance across our platform and pipelines, and enable engineering teams with world‑class tooling and automation.
You will play a key leadership role in shaping the future of our secure cloud foundation, working closely with SRE, Cloud Engineering, Security & Compliance, and global Product Teams.
What success looks like
Responsible for implementing technical and logical security controls across all phases of software development lifecycle and through the supporting infrastructure.
1. Platform Security & DevSecOps Strategy
· Define and drive the DevSecOps strategy for the Sonepar Cloud Platform.
· Integrate security best practices into CI/CD pipelines, build systems, and deployment workflows.
· Ensure compliance with enterprise security standards, regulatory requirements, and cloud governance policies.
· Lead threat modeling, security reviews, and design of secure architectures.
· Ensure the platform supports effective security monitoring, detection, and incident response, working closely with Cyberdefense teams to implement appropriate logging, alerting, and response capabilities.
2. Secure CI/CD & Automation
· Architect and maintain secure, scalable CI/CD pipelines enabling product teams to release with high velocity and confidence.
· Implement automation for code scanning, dependency analysis, container security, secrets management, and runtime protection.
· Partner with SRE and Cloud Engineering to integrate security as code across the entire ecosystem.
3. Cloud Security Engineering
· Lead the implementation of cloud-native security controls across Azure resources (identity, networking, compute, data).
· Drive configuration hardening, policy enforcement, and continuous compliance using automation frameworks.
· Collaborate with the Security & Compliance team to operationalize zero-trust principles.
4. Operational Excellence & Incident Preparedness
· Support the Cloud Operations & SRE teams during security incidents or vulnerabilities, ensuring rapid and coordinated remediation.
· Build processes, playbooks, dashboards, and alerting related to platform security and DevSecOps.
· Drive continuous improvement of our security posture and operational resilience.
5. Leadership, Coaching & Collaboration
· Manage and coordinate the security consultants contributing to the Digital Factory Cybersecurity initiatives, ensuring alignment with priorities and standards.
· Act as the DevSecOps reference within the Cloud Platform organization.
· Coach engineering teams on secure development practices, tooling, and cloud security patterns.
· Influence architecture decisions and platform roadmap with a strong security mindset.
· Represent the Cloud Platform in security governance and reviews with stakeholders across regions.
The experience you bring
· 7+ years of experience in DevOps, SRE, Cloud Engineering, or Security Engineering roles.
· Strong expertise in Microsoft Azure, cloud-native security controls, and infrastructure-as-code (Terraform).
· Proven experience building and securing CI/CD pipelines (GitHub Actions, Azure DevOps, GitLab CI, Jenkins, etc.).
· Deep knowledge of container security, Kubernetes, API security, secrets management, and identity (Azure AD).
· Experience with vulnerability management, code analysis tools, and security automation.
· A mindset focused on reliability, scalability, and automation.
· Strong communication, leadership, and cross-team collaboration skills.
Why Join Us?
· A global impact role within one of the world’s largest B2B groups.
· A modern, cloud-first, product-centric organization.
· The opportunity to shape a world-class secure cloud platform used by thousands across the company.
· A collaborative environment with strong engineering culture (SRE, DevOps, Platform Engineering).
· A role at the heart of Sonepar’s digital transformation.
Work Mode & Location
- Hybrid: 3 days in Paris (8ème) after the trial period
Benefits that await you:
The role - Your daily activities will be interesting, stimulating and varied... No two days are alike!
The organisation - You'll be part of the Sonepar family and share the same values!
The culture - You'll be working in an international environment.
The team - Our dynamic, multidisciplinary, open-minded and talented team is eager to welcome additional skills to continue to meet the challenge.
75% reimbursement of your monthly or annual transport pass.
Swile Ticket restaurant card
Gym exclusively reserved for the company and made available to employees free of charge.
Sustainable mobility package
Health insurance & Welfare
Employee Savings Plan & Profit Sharing Bonus.
Recruitment process
- First interview with a Talent Acquisition
- Interview sith Hiring Managers
- Technical Interview
- Final HR interview
We are interested in knowing you more. Start an exciting new career and enjoy many employee benefits by applying online. Sonepar HQ is thankful for your interest in joining the team, only individuals selected for interview will be contacted.
More information on Sonepar:
Website: www.sonepar.com
Twitter: @sonepar
LinkedIn: https://www.linkedin.com/company/sonepar/
Check out Sonepar on Facebook!
To apply, you must use a computer and one of the following browsers: Safari, Chrome, Mozilla Firefox or even EDGE.
