Mohamed Hamzaoui

• Study of the existing system. Planning and management of the migration to ensure service continuity throughout the coexistence of both systems (legacy/new).

• Definition of the microservices architecture, communication protocols, technology stacks, MoM middleware, data formatting, and infrastructure enablers (on-premises and AWS).

• Participation in the implementation of IAM, including SSO based on OIDC/OAuth2 and management of roles and fine-grained permissions.

• Design and development of containerizable and hardened microservices templates in C++, adhering to SOLID principles and cybersecurity requirements.

• Management of the application base's integration with Kubernetes and IAM.

• Participation in the architecture committee and cybersecurity training for all tech leads.

Technologies : Kafka, OIDC/OAuth2, SSO, Archimate/Plantuml, Restful/HTTP, gRPC, Json, Protocol Buffer, C/C++, X509, PKI, SonarQube, Docker, Podman, Postgresql, TLS/mTLS, Redis, OpenAPI, AsyncAPI.

• Study PKI configuration machines deployment context

• Design of exchange and cryptographic operations to remotely prove and create identity with Certification Authority.

• Upgrade PKI to integrate required mechanisms and tree for device identity management.

• Development and integration Technologies & references: TCG TPM2.0, TCG specification, NIST & ANSSI recommendation, PKI, X509, mTLS, CMP, PKI EJBCA, Python, Shell, TPM2-TSS

• Study of Offboard and Onboard context of the Stellantis Connected Vehicle Platform.

• Definition of technical architecture for an Offboard component that manages the tracking and provisioning of secret keys, X509 certificates and CRLs to the various concerned ECUs according to their types.

• Definition of an ECU Trust Store Repository grouping the state of the key stores of the various ECUs and tracking their validity and consistency according to the requested profile (revocation, expiration, chain of trust, classification, enrollment)

• Definition of architecture to certificate management server in a multi-PKI and multi-Region context.

• Study of Cybersecurity risks and definition of appropriate security measures, ACLs and mTLS configurations

• Definition of the architecture of the different microservices, their communication, their data models and their security on the AWS cloud

• Definition of Rest APIs, API Gateways, and their security policy.

• Development of PoCs for the simulation of webservices, ECUs and certificate validation

Technologies: AWS (KMS, ACM, PCA, EC2, S3, ELB, API Gateway, CloudHSM, etc.), MongoDB, RabbitMQ, Kubernetes, OpenAPI, KAFKA, PKI, X509, mTLS