Product and Industrial Security Specialist H/F

  • Entreprise : Airbus Helicopters
  • Localisation : Marseille - France - Provence-Alpes-Côte d’Azur
  • Fonction : Product and Industrial Security Specialist
  • Type de contrat : Contrat à durée indéterminée (CDI)
  • Date de publication : 17-07-2021
  • Postuler

Description du poste


PURPOSE



Manage Product Security risks linked to Operational Technologies (OT) including Industrial Automation and Control Systems (IACS), e-tools and Building Automation Systems (BAS)



Scope (main activities, IM products, IM services)



The Product Security Specialist in Operational Technologies (OT) is responsible for the Security of the Operational Technology                    


In the Product Security PSL (product & service line), he/she contributes to ensure and continuously improve the Airbus Helicopters Industrial Automation Control Systems Security and specific digital tooling. This job interfaces in between the Information Management technologies and the aircraft manufacturing.  It also includes e-tools for aircraft operation and / or maintenance.


                                                                                                                                              


The Product Security Specialist in Building Automation Systems contributes to ensure and continuously improve the Airbus Helicopters Building Automation System Security. This job interfaces in between the Information Management technologies and the Building Management Systems (Physical access control, CCTV, elevators?).


                                                                                                           


Responsibilities



  • For the IACS & e-tools area:



    • Take the responsibility for OT System security policy implementation.


    • Contribute to OT Architecture definition


    • Perform Security Risk Assessment and define treatment plans


    • Develop & implement Product Security standards and monitor technical compliance.


    • Define security architecture and manage security deployment.


    • Perform security test for technicompliance


    • Propose and follow-up necessary security updates and or countermeasures.


    • Monitor vulnerabilities and weaknesses.


    • Advise & support on technical training and provides technical security awareness.


    • Provide and maintain the Product Security Accomplishment Summary






  • For the BAS area:



    • Map the system and discover the assets


    • Identify the dataflow and the sensitive functions


    • Perform Security Risk Assessment and define treatment plans


    • Identify weaknesses in the systems.


    • Propose remediation plan and security improvements


    • Manage the communication of the findings and risks to a range of stakeholders with the high level of confidentiality required.


    • Define with the Security Operation Centre (SOC) team efficient detection mechanisms.


    • Follow-up the implementation of the remediation plans.


    • Keep up to date with latest testing and ethical hacking methods.






  • General IM Security:



    • Propose technical solutions aiming at protecting the Information Systems and Data against Confidentiality, Integrity and Availability threats, without impairing the expected Business services.


    • Perform constant technology watch & related risks and threats survey.


    • Stay abreast of technical evolutions and changing regulations in the cyber security domain.


    • Provide support to the Security Operating Center in case of serious security incident.





Competences, Methods & Tools



  • Strategy Development, Security Risk Management methodologies, cybersecurity mechanisms and testing techniques


  • Technical skills including a deep knowledge and how to on network topics


  • Software and devices using common industrial protocols such as Modbus/TCP, S7, TSAP, Ethernet/IP and Common Industrial Protocol


  • Knowledge of industrial constraints and specificities


  • Knowledge of Security Tools for IT and OT market


  • Change and security obsolescence support


  • Regulatory aspect for Defence and Aviation, International Security Standards


  • Security audit, Security Investigation & Research, Security Specific Risks Context, Security Technical Solutions



  • Communication





Certifications that are not mandatory but which would be a plus (or equivalent knowledge): Certified SCADA Security Architect (CSSA), GICSP, GRID, ISA/IEC 62443 Cybersecurity Certificate(s); Lead SCADA Security Manager





This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.


Profil recherché


  • Date de début : nc.
  • Durée : nc.
  • Expérience requise : 5 à 10 ans d'expérience
  • Salaire : nc.
  • Référence : JR10054480
  • Secteur d'activité : Industrialisation, Production
CDI CDD Intérim
Airbus Helicopters
Retrouvez l'ensemble des offres
Airbus Helicopters