Req ID:  639

Paris, France

Date:  03-Nov-2022

Cybersecurity engineer F/M

Job Description


DFS Group is the world’s leading luxury travel retailer. Established in Hong Kong in 1960, DFS Group continues to be a pioneer in global luxury travel retail, offering its customers a carefully curated selection of exceptional products from over 750 of the most desired brands. Its network consists of 54 duty free stores located in 13 major global airports and 23 downtown Galleria locations on four continents, as well as affiliate and resort locations. DFS Group employs more than 5,000 people focused on creating inspiring omnichannel retail experiences for its customers and is headquartered in Hong Kong with offices in Australia, Cambodia, China, France, Indonesia, Italy, Japan, Macau, New Zealand, Singapore, United Arab Emirates, United States of America, and Vietnam.


DFS Global Technology is looking for a Cybersecurity Engineer. The ideal candidate that DFS is looking for, would be energetic and technology savvy with a “can do” spirit and work on a wide range of IT Security projects. Projects could be relevant to office, store or data center, covering all DFS location across the world. The ideal candidate would be a quick learner of various store business functions and operations, shares great interpersonal relationship skills with the business users and management, understands what works and what doesn’t and will be working with global IT team(s) to recommend appropriate alternatives or solutions. 




  • Support the day-to-day operations to ensure the monitoring and incident handling capabilities of the Group Security Operations Centre.
  • Manage security engineering projects and own the security products
  • Participate in projects involving Information systems and provide sound technical advice to ensure DFS Security and Privacy by Design principles are adhered to. 
  • Ensure all identified information security risks are mitigated and requisite information security controls are implemented through project lifecycle.
  • Develop and translate business requirements into functional design specifications to ensure DFS is fully protected and meets regulatory & data privacy requirements and requirements around GDPR, PCI DSS, China Cyber Security Law etc.
  • Develop and maintain security documents, policies, standards, guidelines, and procedures.
  • Coordinate and execute Information Security initiatives in line with the DFS security roadmap.
  • Collaborate with wider DFS Technology team to ensure all systems implemented are engineered in line with and comply to DFS Information Security Policies and adhere to industry best practices.
  • Conduct research to evaluate new emerging technologies and maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations.
  • Perform proof-of-concept and assess security tools/approach to mitigate system risks.
  • Support and manage the application security lifecycle.
  • Review and validate the service requests and change requests to ensure the policy alignment.
  • Develop and/or update the security KPI report
  • Other duties as assigned. 

Key Requirements


  • Degree in Computer Science, Computer Engineering, Network & Telecommunication, Information Technology, or related disciplines
  • 2 - 5 years of relevant experience
  • CISSP, CISM, CISA, CEH, GIAC or other security certifications is a plus
  • Demonstrates thorough abilities and/or a proven record of success in the following areas:
  • Hands on experience with security technologies such as NGFW, WAF, SIEM, Endpoint Security, Secure Web Gateway, Identity and Access Management (IAM), DLP, Cloud Access Security Broker (CASB) etc., 
  • Knowledge of industry best practices on Secure Software Development Life Cycle (SSDLC) such as OWASP etc.,
  • Knowledge of information security and risk management frameworks and standards such as ISO 27001, COBIT, ITIL etc.,
  • Able to demonstrate a good level of understanding across cybersecurity area that could include cloud security, cyber incident response practices, DevSecOps and security testing.
  • Knowledge of Payment Card Industry Data Security Standard (PCI DSS) is a plus.
  • Knowledge of data privacy law such as GDPR is a plus.
  • Expertise in the reporting tool such as PowerBI etc.


This role is based in Paris, but occasional travel may be required. 

DFS is an equal opportunity employer. It is the Company’s policy and practice to employ, promote and treat all employees and applicants on the basis of merit, qualifications and competency and to provide all employees with a workplace that is free of discrimination. Employment decisions are based on qualifications such as education, work experience and talent, and are made without regard to race, color, gender, religion, age, national origin, marital status, sexual orientation, disability or any other basis protected by law.