Created in 2009, ESSP is a young and dynamic company, a pan European service provider, certified by EASA (the European Union Aviation Safety Agency) to deliver safety-critical services. Our mission is to operate and provide Communication, Navigation and Surveillance(CNS) services, among which, the main one is, the EGNOS service (the European Geostationary Navigation Overlay Service), on behalf of the EUSPA (the European Agency for Space).

ESSP Corporate Video: https://www.youtube.com/watch?v=u_FKtcaN8YE

ESSP Website career: https://www.essp-sas.eu/human-resources/careers/

The Operational Security Expert will oversee security activities in support of ESSP activities and services delivered to its customers. If you have at least 10 years of experience in IT security or in information systems and networks, preferably in a critical or complex systems (space, aviation, industry sectors), then this position is for you!

Main responsibilities/activities:

Under the authority of the Chief Security Officer, you will perform the following activities:

- Lead or contribute to the security risk management by performing the risk assessments and proposing the remediation plan and following it up until implementation,
- Monitoring of security incidents and the treatment (identification, qualification, and treatment),
- Perform threat evolution continuous monitoring, including advance persistent threats (APT),
- Perform vulnerability continuous monitoring based on CERT vulnerability notifications,
- For selected feared events, identify threats and vulnerabilities and ensure that proper contingency plans are defined and implement security requirements,
- Define/challenge architectures in terms of operational security,
- Ensure that operational security requirements are taken into account by subcontractors,
- Propose and implement security functions and solutions, contribute to security projects,
- Define and maintain Business Continuity Plan and Crisis Management on security aspects,
- Ensure, in crisis plans, clear precedence rules between safety and security requirements (with Safety team)
- Define and maintain, in collaboration with the Safety team and EASA, a method for conciliating/ordering safety and security constraints,
- Provide expertise to the benefit of ESSP, for example by participating to call for tenders and your technical expertise in support of company’s operational units,
- Ensure reviews and validate within the company's processes (changes, anomalies, deviations, etc.),
- Participate in the analysis of security events, lead implementation of mitigation and remediation actions,
- Contribute to the company's and clients' security dashboards,
- Lead potential subcontractors for the accomplishment of the activities.

As every other member of the security team, you will contribute to the continuous improvement of ESSP security policies and practices, specifically in the context of the ESSP ISO 27001 certified ISMS (Information Security Management System) and Security Management System (Sec-MS) supporting the ESSP ANSP certificate (Air Navigation Service Provider).

Consequently, you will contribute to:

- promoting good security practices to the personnel,
- ensuring a security watch, both technological and regulatory,
- improving ESSP processes and tools for security management,
- developing new security services, notably in terms of operational security and cybersecurity,
- designing, building, assessing, and managing innovating technical projects for internal or external clients.

Profile:

- Very good working knowledge of security risk assessment methodologies (ISO27005, EBIOS RM, Attack tree…), a certification would be a plus.
- Very good knowledge of technical security (information systems, networks, physical security, crypto, etc.) and of cybersecurity (threats, exploits, vulnerabilities, etc.),
- Good knowledge of information security standards (ISO270xx, NIST, OWASP, ANSSI, ENISA, etc.),
- Good knowledge on business continuity (ISO22301)
- Good practical knowledge of enterprise IT and security organization aspects (ISMS, etc.),
- Good working knowledge with project management,
- Knowledge of French and European laws and regulations applicable to the protection of Classified Information (IGI 1300, IGI 2102, etc.)
- Knowledge of critical systems and their specific constraints (Safety, Continuity)
- Familiar with critical systems and associated constraints (space, aviation, industry, etc.).

The knowledge of the following domains would be considered an advantage:

- Knowledge of EGNOS, GNSS and CNS technologies,
- European regulation applicable to Information System Security and to GNSS,
- Knowledge of space communication technologies and LAN/WAN technologies.

Be able to:

o Understand, analyse, and reformulate users/customers/projects’ needs and requirements,
o Define and write technical documentation; have editorial capabilities,
o Act as consultant and facilitate the decision-making process,
o Evaluate the impacts of technologies and solutions on information systems and operations.

- Autonomous, with good capability for teamwork
- Teaching capabilities and good communication skills
- Ability to lead technical and managerial meetings on behalf of the Security Department
- Rigorous, pragmatic, and discreet
- Curiosity and ability to self-learning

Job Requirements:

Language: English (B2/C1) – CEFR
Engineering degree or equivalent
Available for travels in Europe.

Please send your application file only by e-mail to the following address: recrut@essp-sas.eu

Job Location: Toulouse (France)

Type of Contract: Full time - Permanent Contract

PDF: Download

ESSP is committed to cultural diversity, gender equality and the employment of disabled workers.