Security Expert (Toulouse) – F/M
ESSP, a private company with 7 major European Air Navigation Service Providers as shareholders, manages the operation and supports the adoption of the European Satellite Based Augmentation System to GPS: EGNOS.
ESSP Corporate Video: https://www.youtube.com/watch?v=ojO8TAitQoc
The adoption of this service is rapidly growing given it allows correcting the GPS signal and offers enhanced features with accurate positioning and integrity within safety-of-life services context such as public transportation.
ESSP Website: https://www.essp-sas.eu/human-resources/careers/
If you are proficient in safety and system engineering, and at least 6 years of experience in space or aeronautical transport then this position is for you! By joining us, you’ll be in charge of the elaboration up to the acceptance by competent authorities of the Safety cases relevant to various services delivered by ESSP.
Under the authority of the Chief Security Officer, you will perform the following activities:
- Lead the security risk management by performing the risk assessment and remediation plan
- Lead required accreditations of assets (products, facilities, etc);
- Perform threat evolution continuous monitoring, including advance persistent threats (APT),
- Perform vulnerability continuous monitoring based on CERT vulnerability notifications,
- Identify threats and vulnerabilities, ensure proper contingency plans,
- Define or challenge architectures in terms of security,
- Propose and implement security functions and solutions, contribute to security projects,
- Define and maintain Business Continuity Plan and Crisis Management on security aspects,
- Contribute to the Crisis Management process definition and implementation for Security,
- Ensure, in crisis plans, clear precedence rules between safety and security requirements,
- Define, with the Safety team and EASA, methods for conciliating/ordering safety & security constraints,
- Provide expertise to the benefit of ESSP, for example by participating to call for tenders,
- Provide technical expertise in support of company’s operational units,
- Ensure reviews and validate within the framework of ESSP's process (changes, anomalies, deviations, etc.),
- Participate in analysis of security events and lead the implementation of mitigation/remediation actions,
- Contribute to the company's and clients' security dashboards,
- Manage potential subcontractors for the accomplishment of the activities.
You will also contribute to the continuous improvement of ESSP security policies and practices, specifically in the context of the ESSP ISO 27001 certified ISMS (Information Security Management System) and Security Management System (Sec-MS) supporting the ESSP ANSP (Air Navigation Service Provider) Certificate.
Consequently you will contribute to:
- Promoting good security practices to the personnel,
- Ensuring a security watch, both technological and regulatory,
- Improving enterprise processes and tools for security management,
- Developing new security services, notably in terms of operational security and cybersecurity,
- Designing, building, assessing and managing innovating technical projects for internal or external clients.
Very good working knowledge of:
- Security risk assessment methodologies (ISO27005, EBIOS RM, Attack tree…)
- Technical security (information systems, networks, physical security, crypto, etc.) and cybersecurity (threats, exploits, vulnerabilities, etc.),
Good knowledge of:
- Information security standards (ISO270xx, NIST, OWASP, ANSSI, ENISA, etc.),
- Business continuity (ISO22301)
- Enterprise IT and security organization aspects (ISMS, etc.),
- Project management,
- French/European applicable regulations to protection of Classified Information (IGI 1300, IGI 2012…)
- Critical systems and their specific constraints (Safety, Continuity)
- Critical systems and associated constraints (space, aviation, industry, etc.).
- Understand, analyse and reformulate users/customers/projects’ needs and requirements;
- Define and write technical documentation; have editorial capabilities;
- Act as consultant and facilitate the decision making process;
- Evaluate the impacts of technologies and solutions on information systems and operations.
- Team work and teaching capabilities
- Rigorous, pragmatic and discreet,
The knowledge of the following domains would be considered an advantage:
- Knowledge of EGNOS, GNSS and CNS technologies,
- European regulation applicable to Information System Security and to GNSS in particular.
Language: English (B2) – CEFR.
Engineering degree or equivalent.
Available for travels in Europe.
Human Resources information:
Element of package of remuneration:
Please send your application file only by e-mail to the following address: firstname.lastname@example.org
Job Location: Toulouse (France)
Type of Contract: Full time / Permanent
ESSP is committed to cultural diversity, gender equality and the employment of disabled workers.