Are you interested in working with leading experts to protect Airbus against an ever evolving cyber threat and be part of the corporate digital security office combining; IT, industrial manufacturing, product, and people security?. Are you willing to work in a multicultural environment, with a significant scale, and on a worldwide perimeter? Are you ready to take on a new and exciting challenge?
Airbus gives you the opportunity to apply your expertise and develop your skills and competencies!
Airbus is a leader in the aerospace & defence sector, offering many challenging opportunities and providing numerous benefits to its employees, such as: development and training, unique challenges, world wide scope, access to key markets, mobility opportunities, and last but not least, a respectable work-life balance.
Seize the opportunity to integrate the central Corporate Digital Security Team led by Group CISO and be a part of the transnational peer group of 4 core countries (France, UK, Germany, Spain) with a direct link to our global infrastructure and sites (e.g. North America, India, China, Asia ?).
At Airbus corporate level, digital security topics are managed by the Digital Security organisation and structured around 5 capability departments:
In order to provide continuous improvements of the security programme and in efforts to discover weaknesses in the cyber security programme and implementations before external hackers, the Corporate Evaluation and advanced Test team play an important role.
The mission is to provide advanced capabilities in the discovery, reporting, and remediation recommendations of security vulnerabilities found in both the security technologies consumed/purchased and operated or developed by the organisation. It is done by performing independent evaluation and penetration-testing of systems in order to evaluate the security effectiveness and mitigate system vulnerabilities and weaknesses (e.g. product vulnerability, miss-configurations, unpatched systems, etc.) before they are discovered by external or internal adversaries.
You lead the strategy, coordination, and delivery of Airbus' digital security deep-dive evaluation, pen-test, and red-team activities within Corporate Digital Security. You are also responsible for directly managing the digital security department evaluation and test team; including full time staff, contractors, and external support.
The following accountabilities are described giving the scope of their applicability:
- Airbus-wide coordination of digital security pen-tests
- Execution of digital security deep-dive evaluations, pen-tests, red-team, and purple team exercises; either directly or via procurement of external service
- Ensure appropriate reporting of evaluations, pen-tests, and red-team exercises
- Strategic development of evaluation and test initiatives
- Coordinate and set standards for DevSecOps implementation and tooling
- Define and manage the cyber security test program, considering inputs and requests from governance, risks, security architecture, and through independent review, company-wide, on the Airbus Commercial perimeter, excluding Airbus Products
- Undertake deep dive technical security evaluations for both COTS and bespoke developed equipements (Airbus Products/IT/OT)
- Undertake continuous security red team & purple team initiatives and activities as directed and within authorized rules of engagement
- Manage the third-party evaluation test-program (aka pen-testing by external companies)
- Provide feedback and recommendations from security testing to relevant departments
- Identify and report company-wide cyber-attack paths
- Define and develop processes and tools to allow the Business, company-wide, to be empowered for autonomous security testing in project mode
- Define and manage DevSecOps strategy and standards for implementation, tooling, and operation
- Provide expertise on technical matters
- Enhance the Airbus security brand by the means of publications, presentations, external engagements, etc.
- Participate in strategy definition and development of the digital security department
- Ensure coordination and cooperation across the digital security department and across Airbus
- Engage with internal customers and maintain customer request tracking, delivering to
- Define and manage departmental strategy and vision in conjunction with the Corporate Digital
Security Officer (CDSO/CISO)
- Deliver all project & department reporting
- Manage team personnel across multiple sites including performance and development,
recruitment and retention according to digital security department planning
- Manage appropriately team finances within approved budget
- Manage capability and projects against cost, quality, and timeliness
- Represent the team internally and externally
- Manage internal customer and stakeholder relationships
- List of prioritized evaluation to be perform on a yearly basis
- Evaluation report
- Exercise report
- Technology watch report
- Expert recommendations and feedbacks
- Comprehensive description of company wide attack paths
- Counter measure recommendations
- COTS tools evaluation or recommendation
- Publications, White paper, documentation
- Master's Degree in Information Technology or equivalent experience
- English: Negotiation Level
- At least 15 years of work experience in the security area
- Good ability to understand Airbus policies and standards
- Strong negotiation and communication skills in an international context
- Ability to coordinate teams located in different organizations and locations