Description of the job :
Several vacancies for a CYBER - CSIRT Specialists (m/f) have arisen within Airbus Commercial Aircraft in Toulouse. You will join the Advanced capabilities team (ZSCC) within the Digital Security department (ZS).
You will participate in the effort of finding known and unknown threats and understanding new adversary TTPs. You participate in the architecture of new tooling and industrialization of the CERT effort. You help improving the existing framework. You are interested in Unstructured Hunt (Exploratory data analysis and Pattern discovery), Structured Hunt (Identify and search for indicators of compromise and Real-time Monitoring (Create or modify detection methods).
You will report to Airbus Head of CERT (Computer Emergency Response Team).
You are permanently working with and involving relevant stakeholders from all Airbus divisions and business units (Divisions Security Officers, CIOs ...) as well as National Authorities when relevant.
Task & accountabilities :
As a CERT expert your general responsibilities will be to:
- Fully support divisions in understanding malwares targeting them.
- Fully analyze incidents in view of operational and national constraints so as to operationally maintain Airbus CERT's knowledge base(s).
- Conduct risk assessment.
- Research and publication as member of Airbus CERT.
- Evaluate tools and design methodologies.
- Represent Airbus CERT within working groups and in conferences throughout the world.
- Conduct trainings.
- Continuous innovation.
o Threat Hunting:
- Industrialize Intrusion Analysis
- Conduct Malware Analysis in the context of threat hunting and TTPs discovery
- Pursue the effort of Threat Intelligence
o Support incident response in crisis mode
- Be part of the on-call crisis team (deployment reactivity constraints)
- Hosts forensics
- Industrialization of tooling
- Malware analysis and clusterization
- Network analysis
- Host analysis
o Threat detection using system or network capabilities
- Yara signature
- Network signature
- Integration of signatures into internal tools
- Support for IOC searching across the enterprise
o Create or enhance CERT projects
- Participation to CERT developments
- Development of data mining capabilities (Hadoop/Pig)
As a CERT member your responsibilities will also be to contribute to:
o Perform technology watch:
- Develop incident handling skills within the team and the Group by specializing in several operating systems
- Perform an ongoing research, analysis and resolution of vulnerabilities
- Inform AIRBUS functional Security responsible and Information Systems managers about the different types of vulnerabilities and their solutions
o Manage CERT related knowledge (e.g. related to security vulnerabilities and incident handling)
- Contribute to the writing of documents produced by the CERT
- Build and maintain CERT tools
This role will involve some travel for business in Europe and as such you must be able to travel accordingly.