Vulnerability Intelligence Analyst · Cybersecurity Engineer

Vulnerability
Intelligence Analyst

Full-stack developer background in cybersecurity - IAM, authorization systems, vulnerability management. Moved to Montréal to go deeper into security. Now focused on vulnerability intelligence at Orange Cyberdefense CERT.

mathis.allen.pro@gmail.com
Mathis Allen
About

Developer by training, security engineer by choice. Left France, landed in Montréal. Working at Orange Cyberdefense CERT on vulnerability intelligence - research, analysis, advisories, tooling.

LocationMontréal, QC
CompanyOrange Cyberdefense
RoleVuln. Intelligence Analyst
01

Expertise

Vuln. Intelligence
Vulnerability Analysis
  • CVE research & triage
  • Advisory writing
  • CVSS scoring
  • CNA operations
AppSec
Application Security
  • OWASP Top 10
  • Burp Suite
  • SAST / DAST
  • Bug Bounty
Engineering
DevSecOps & Dev
  • Java / Spring Boot
  • Python / Django
  • Vue / Angular
  • Kubernetes / Docker
  • CI/CD pipelines
Identity
IAM & Access Control
  • Permission models
  • Privilege management
  • Access rights analysis
02

Experience

Mar 2025 – now
Current
Orange Cyberdefense CERT - Paris, then Montréal
Vulnerability Intelligence Analyst
Vulnerability research and in-depth analysis, writing of security advisories, development of the internal CNA platform, and tooling to improve analysis velocity and automation. Started as CDD in Paris (Mar–May 2025), transitioned to VIE in Montréal (Jun 2025–present).
Vuln. intelligence Advisory writing CNA platform Tooling / automation VIE - Montréal
2021 – 2024
Alternance
Crédit Agricole Technologies & Services - Montpellier
Full-Stack Developer - Security Squad
Lead developer on three internal security tools: an IAM solution with custom API, BFF and front-end layers; a vulnerability remediation tracker built with Spring Boot, Node and Angular; and an AD habilitation manager handling directory communication and rights mapping across the organisation. Set up CI/CD pipelines for all three.
Lead Dev Spring Boot Angular Node.js IAM Active Directory CI/CD
2021 – now
Competitions
HackInProvence · Root-Me · DGSE · DGSI · YesWeHack
CTF Competitor & Security Challenges
Competed in multiple events while in France: DevOps Heroes (Google/CA-GIP hackathon), CYCOM, Devoxx, 404CTF (DGSE), Shutlock (DGSI), COMCYBER, HackademintCTF, SecSea2k24, Root-Me challenges, CA internal CTF (3rd place), two internal coding contests (1st and 11th place). Member of HackInProvence association. Now in Montréal, participating in YesWeHack monthly dojos.
CTF YesWeHack dojos 3rd - CA CTF HackInProvence
Jan – Feb 2021
Internship
PriceComparator - Montpellier
DevOps Intern
Web scraping with Puppeteer, REST API in Scala/Play, CI/CD setup with Docker and Jenkins.
Scala Docker Jenkins
03

Certifications & Education

2026
Certified AppSec Pentester (CAPen)
The SecOps Group
In progress
2026
Certified Network Security Practitioner (CNSP)
The SecOps Group
In progress
2024
Certified AppSec Practitioner (CAP)
The SecOps Group
Certified
2024
Expert en Informatique et SI - Cyber & Kubernetes
EPSI Montpellier - Master's equivalent
Obtained
2022
Bachelor - Application Developer Designer
EPSI Montpellier
Obtained

Find me here.

A question, a project idea, or just a chat - always happy to connect.

Email
mathis.allen.pro@gmail.com
GitHub
github.com/Man344
LinkedIn
Mathis Allen