European specialist in cyber security, Airbus Cybersecurity's mission is to protect companies, critical national infrastructures, as well as government and defence organizations against cyber threats. Its reliable and high performance security products and services are able to detect, analyze and neutralize the most sophisticated cyberattacks.
We have more than 800 experts based at our main sites in France, Germany and UK, each with a Security Operating Center. This division is particularly active in the markets of surveillance, investigation and security audits for the systems most exposed to threats within the Airbus Group, but also for partners and customers in the transport, defence and aerospace sectors.
Description of the job
You are passionate by Cybersecurity and you are looking to work in a multi-cultural environment, on a worldwide perimeter?
For Airbus CyberSecurity, within the Services Center, based at Issy-les-Moulineaux, a position has become available for a Senior Pentester within our CSIRT team.
Inside Airbus Cybersecurity, the Services include both the Security Operations Center (SOC) and high-skilled security Professional services, such as: management of security incident response plans, APT compromise check, security audits and associated consulting services.
The CSIRT Entity is in charge of supporting our clients during incident response investigation and driving their remediation plan. It covers also activities upstream the incident in order to strengthen your infrastructure by performing Pentesting and RED team exercice.
The CSIRT portfolio covers the following main areas:
• Technical security audits and assessments (Configuration, code analysis), according with PASSI and main Best practices
• Pentesting and RED team activities
• Incident Response investigations
Task & accountabilities
We are seeking an innovative and motivated senior pentester with a high level of autonomy, strong technical curiosity, extensive knowledge and skills obtained through previous experiences in order to increase security posture of our customers.
This role requires an analytical capability and excellent communication skills to provide technical advisory to our customers in multiple areas.
Your main tasks and responsibilities will include:
Leading delivery activities such as:
IT Pentesting (On premises / Cloud infrastructure)
Application Pentesting (Thick/Thin client)
Network Pentesting (Wireless / VoIP)
Mobile environment Pentest (Android / IOS)
OT Pentesting (On-boarded system, physical access, IoT and ICS systems)
RED team exercise (from OSINT initial step to CTF without being detected)
=> Write the report of found vulnerabilities and recommendations in a non-technical format to our customers / sponsors (when possible)
Developing the different CSIRT capacities
Hacking tool development
Proof of Concept research
Supporting our BID activities
Last but not the least, you will be recognized as a SME on Pentesting activities. You will lead the delivery on Paris Area and will coordinate junior colleagues during your mission. You will be a key actor from proposal to delivery on major security projects by collaborating closely with sales, presales and internal stakeholders (Consulting / engineering /expert / CTI). Moreover, as a practice pentester leader, you will be expected to participate & develop the CSIRT portfolio.
This role will involve some travel for business regularly in France and Europe and as such you must be able to travel accordingly.
This position will require a security clearance or will require being eligible for clearance by the recognized authorities.
At least a master's degree in the field of Computer Science, IT, Engineering, OR equivalent work experience in IT with certifications related with Pentesting activities (e.g. GPEN, GXPN, OSCP, OSCE, or LPT EC-Council master)
10+ years of professional experience
A minimum of 5 years of experience within a Pentester security expert.
Experience as leading security expert (Pentesting, Code Analysis, Vulnerability exploits) in multiple domains (Web, Databases, communication protocol,..)
Ability to be multi-skilled and willing to address new technologies
Ability to coach junior profiles, and develop their technical and interpersonal skills
Understanding compliance requirements (GDPR / NIS / LPM?)
Willingness to travel up to approximatively 50% of the time.
Previous PASSI accreditation (expert on Audit methodologies ISO 19011, ?)
Ability to communicate with internal and external senior management confidently
Ability to identify up-sell opportunities
Ability to demonstrate a broad understanding of Information Security
Effective communicator with great interpersonal skills and the ability to be credible with clients
High engagement and distinct flexibility
Well-marked capacity for coaching
At least a first successful experience in Information Security field
Knowledge of the security market and its major actors,
Insatiable curiosity and willing to learn
Team spirit and share expertise within a team,
Ability to take initiative
Full professional proficiency in French and English
Holder of security certifications (CISSP) and other certifications related with Pentesting activities (e.g. GPEN, GXPN, OSCP, OSCE, or LPT EC-Council master) would be strongly appreciated