You will join the Security Evaluation team inside the Digital Security Office. The team's mission is to provide detailed and trustworthy information on the security of the products which are bought, developed, deployed (or considered for deployment) by the company, in order to allow interested stakeholders to take informed decisions.
To fulfill this mission, the team:
Evaluates the security of products and services by simulating the behaviour of motivated and highly technical attackers
Contributes to the domain's state of the art by developing tools or methodologies
Provides technical expertise on security topics
The team works equally on standard IT products (infrastructure, phones, cloud services, etc.) and on the company's own products (planes, helicopters, satellites, etc.) or operational technologies (access control, ICS, video surveillance, etc.).
Conducting deep-dive security evaluations of products and services, in the lab
Writing evaluation reports for the products, services and technologies you evaluated
Participating to Red Team activities
Developing tools, both for short and long term, which enable the team to be more efficient in its missions or allow the company to automate security tests
Publishing open source tools
Attending technical security conferences and publishing articles in your expertise areas
An awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.
Ability to write reports, articles and notes in English
Good command of English
Good command of French is a plus
At least 5 years of professional experience in deep-dive security evaluation or Red Team
Significant experience in exploit development or tools/scripts development
Curious and open to new subjects
Strong learning skills
Good communication skills and an ability to explain technical subjects in layman's terms
Autonomous and willing to bring up new ideas
You are a specialist in one of those areas and have some experience in one or several others: -
Web vulnerability research
Native applications vulnerability research
Network security evaluation
Radio/Wireless protocols security evaluation
Automatization of security testing
This role will involve travel for business in Europe and worldwide and as such you must be able to travel accordingly.
Location : Toulouse