Defining and supervising the implementation of the Airbus Information and Cyber Security Strategy aligned with the Airbus business objectives. Defining the Airbus Information Security Policies. Ensuring the compliance with company policies, laws and regulatory provisions within Airbus, the Extented Enterprise and Supply Chain through audit, tests and controls.
Addressing Information Security risks and mitigation in coordination with ICT and business functions risk management organizations. Liaising and lobbying with national and international security agencies as well as regulators and standardization bodies in the aeronautic industry. Ensuring that Airbus' programs & business functions assume their responsibilities with regards to all information classification and protection. Designing and conducting an efficient security communications and awareness program. Anticipating emerging trends and innovative technologies and their impact on information security.
You will join the Security Evaluation team inside the Digital Security Office. The team's mission is to provide detailed and trustworthy information on the security of the products which are bought, developed, deployed (or considered for deployment) by the company, in order to allow interested stakeholders to take informed decisions.
To fulfill this mission, the team:
Evaluates the security of products and services by simulating the behaviour of motivated and highly technical attackers
Contributes to the domain's state of the art by developing tools or methodologies
Provides technical expertise on security topics
The team works equally on standard IT products (infrastructure, phones, cloud services, etc.) and on the company's own products (planes, helicopters, satellites, etc.) or operational technologies (access control, ICS, video surveillance, etc.).
The team's publications are available here:
Tasks, missions and responsibilities
Conducting deep-dive security evaluations of products and services, in the lab
Writing evaluation reports for the products, services and technologies you evaluated
Participating to Red Team activities
Developing tools, both for short and long term, which enable the team to be more efficient in its missions or allow the company to automate security tests
Publishing open source tools
Attending technical security conferences and publishing articles in your expertise areas
Some business trips may be required.
You have the following education, experience and skills:
At least 5 years of professional experience in deep-dive security evaluation or Red Team
You are an expert in one of those areas and have some experience in one or several others:
Web vulnerability research
Native applications vulnerability research
Network security evaluation
Radio/Wireless protocols security evaluation
Automatization of security testing
Significant experience in exploit development or tools/scripts development
Curious and open to new subjects
Good communication skills and an ability to explain technical subjects in layman's terms
Ability to write reports, articles and notes in English
Good command of English
Your conference publications, open source tools and CTF results are a plus.
This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.