Security Engineer (F/M)
ESSP, a private company with 7 major European Air Navigation Service Providers as shareholders, manages the operation and supports the adoption of the European Satellite Based Augmentation System to GPS: EGNOS.
ESSP Corporate Video: https://www.youtube.com/watch?v=ojO8TAitQoc
The adoption of this service is rapidly growing given it allows correcting the GPS signal and offers enhanced features with accurate positioning and integrity within safety-of-life services context such as public transportation.
ESSP Website: https://www.essp-sas.eu/careers/
ESSP recruits a:
Security Engineer (F/M)
The Security Engineer is in charge of the activities of the Security Department in support of EGNOS service provision and operations and, more generally, in support of services delivered to ESSP Customers.
Under the authority of the CSO, the Security Engineer achieves the following activities in support of operations and services delivered by the ESSP to its Customers, in priority for the EGNOS V2 system:
Technical expertise in support of operations (System Operation Unit, Service Provision Unit),
Security reviews and validations in application of ESSP processes (Changes, Anomalies, Deviations, etc.),
Participation to operational committees on behalf of the Security Department,
Management of the actions of the Security Department in support of operations (security incident management, security events’ analysis, improvement of security solutions and procedures, etc.),
Third-parties management for the security of operations (subcontractors, suppliers, hosting entities, customers, etc.),
Strategic and operational security dashboards in compliance with the ESSP ISMS and management systems (Sec-MS: Security Management System),
Contributions and propositions for the evolutions of the operated systems (documents reviews, technical assessments, etc.), either external (e.g., new EGNOS System releases) or internal (e.g., changes),
Participation to external and internal steering committees (e.g., EGNOS Security Engineering Board, EGNOS Panels, etc.),
Management of / contribution to security risk analyses,
Definition and management of action plans in response to security risk analyses, security audits, system evolutions, etc.,
Improvement and management of security audits and assessments in his/her area of responsibility, in liaison with the Security Compliance Responsible and the ESSP Audit Department,
Contribution to the updates and the deployment of applicable ESSP security policies and directives,
Improvement of operational security and of security monitoring,
Definition, validation and deployment of security improvements preparing for the deployment of the new EGNOS v3 system and its operation services,
Management of external activities (e.g. subcontractors) in his/her area of responsibility.
The Security Engineer will contribute to the implementation and the continuous improvement of enterprise security policies and practices, specifically in the context of the ESSP ISMS (Information Security Management System) and Security Management System (Sec-MS), supporting the ESSP ANSP (Air Navigation Service Provider) Certificate.
Consequently he/she will contribute to:
promoting good security practices to the personnel;
ensuring a security watch, both technological and regulatory,
improving enterprise processes and tools for security management,
bid proposals in his/her area of competency,
external and internal security audits
developing new security services, notably in terms of operational security and cybersecurity,
designing, building, assessing and managing innovating technical projects, for internal or external clients.
Be able to:
Understand, analyse and reformulate users/customers/projects’ needs and requirements
Define and write technical documentation; have editorial capabilities
Act as consultant and facilitate the decision making process
Evaluate the impacts of technologies and solutions on information systems and operations
Have pedagogical capabilities and good communication skills; able to lead technical meetings
Rigorous, pragmatic and discrete
Curiosity and ability to self-learning
Autonomous with good capability for team work
Good English Level (B1-B2) - CECRL
Good knowledge of MS Office (Word, Excel, PowerPoint, Project and Visio)
Very good knowledge of technical security (information systems, networks, systems, web, physical security, crypto, etc.) and of cybersecurity (threats, exploits, vulnerabilities, cybersecurity detection and surveillance tools, etc.),
Good practical knowledge of enterprise IT and security organization aspects (ISMS, ITIL, COBIT, etc.),
Good knowledge of information security standards (ISO27000, NIST, OWASP, ANSSI, etc.),
Knowledge of security risk assessment methodologies (ISO 27005, EBIOS, …),
Familiar with project management,
Familiar with critical systems and associated constraints (space, aviation, industry, etc.).
The knowledge of the following domains would be considered an advantage:
Knowledge of GNSS and CNS technologies,
European regulation applicable to Information System Security and to GNSS in particular,
Communication technologies for radio and space segments,
Knowledge of safety and dependability methodologies.
Available for travels in Europe.
Access to this position requires a “EU-Confidential” Personal Security Clearance (PSC).
Engineer degree or equivalent.
5 to 10 years of professional experience in IT security or in information systems and networks (with a good knowledge of security solutions).
Experience of critical and/or complex technical systems in the space, aviation or industry sectors,
Experience of international projects (Europe).
Please send your application file only by e-mail to the following address: email@example.com
Job Location: Toulouse, (France)
Type of Contract: Full time/ Permanent
ESSP is committed to cultural diversity, gender equality and the employment of disabled workers.