Security Evaluation Specialist m/f (H/F)

  • Entreprise : Airbus
  • Localisation : Paris - France - Ile-de-France
  • Fonction : Security Evaluation Specialist m/f
  • Type de contrat : Contrat à durée indéterminée (CDI)
  • Date de publication : 07-09-2020
  • Postuler

Description du poste

Defining and supervising the implementation of the Airbus Information and Cyber Security Strategy aligned with the Airbus business objectives. Defining the Airbus Information Security Policies. Ensuring the compliance with company policies, laws and regulatory provisions within Airbus, the Extented Enterprise and Supply Chain through audit, tests and controls.

Addressing Information Security risks and mitigation in coordination with ICT and business functions risk management organizations. Liaising and lobbying with national and international security agencies as well as regulators and standardization bodies in the aeronautic industry. Ensuring that Airbus' programs & business functions assume their responsibilities with regards to all information classification and protection. Designing and conducting an efficient security communications and awareness program. Anticipating emerging trends and innovative technologies and their impact on information security.

You will join the Security Evaluation team inside the Digital Security Office. The team's mission is to provide detailed and trustworthy information on the security of the products which are bought, developed, deployed (or considered for deployment) by the company, in order to allow interested stakeholders to take informed decisions.

To fulfill this mission, the team:

  • Evaluates the security of products and services by simulating the behaviour of motivated and highly technical attackers

  • Contributes to the domain's state of the art by developing tools or methodologies

  • Provides technical expertise on security topics

The team works equally on standard IT products (infrastructure, phones, cloud services, etc.) and on the company's own products (planes, helicopters, satellites, etc.) or operational technologies (access control, ICS, video surveillance, etc.).

The team's publications are available here:

Tasks, missions and responsibilities

  • Conducting deep-dive security evaluations of products and services, in the lab

  • Writing evaluation reports for the products, services and technologies you evaluated

  • Participating to Red Team activities

  • Developing tools, both for short and long term, which enable the team to be more efficient in its missions or allow the company to automate security tests

  • Publishing open source tools

  • Attending technical security conferences and publishing articles in your expertise areas

Some business trips may be required.

You have the following education, experience and skills:

  • At least 5 years of professional experience in deep-dive security evaluation or Red Team

  • You are an expert in one of those areas and have some experience in one or several others:

    •  Reverse engineering

    •  Vulnerability exploitation

    •  Web vulnerability research

    •  Native applications vulnerability research

    •  Network security evaluation

    •  Radio/Wireless protocols security evaluation

    •  Program verification/fuzzing

    •  Automatization of security testing

  • Significant experience in exploit development or tools/scripts development

  • Curious and open to new subjects

  • Team spirit

  • Good communication skills and an ability to explain technical subjects in layman's terms

  • Ability to write reports, articles and notes in English

  • Good command of English

Your conference publications, open source tools and CTF results are a plus.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Profil recherché

Required skills

  • Date de début : nc.
  • Durée : nc.
  • Expérience requise : 5 à 10 ans d'expérience
  • Salaire : nc.
  • Référence : JR10033664
  • Secteur d'activité : Industrialisation, Production
CDI CDD Intérim
Retrouvez l'ensemble des offres