stairs
keyboard
September 20, 2017

Security Risk Analysis Engineer (M/F)


Being part of the Security Team report directly to the Chief Security Officer, the Security Risk Analysis Engineer will be in charge of establishing security diagnosis through security risk analysis, i.e.:

- Identification, assessment, risks and threats mapping and prevention 

- Definition of security policies, organisations and security processes based on methodologies and standards such as ISO 27001, EBIOS, Attack trees…

The Security Risk Analysis Engineer’s main responsibilities:

Information gathering, analysis and security diagnosis:

• Domain interviews, documentation/reviews

• Analysis and assessment of weaknesses of systems

• Identification and assessment of security measures put in place versus security requirements

Risk analysis (Identification, assessment, risks and threats mapping and prevention)

• Risk analysis  and risk mapping in the various technical & operational domains 

• Establish a strategic plan outlining the planning and various options to improve the security management

• Establish Risk Treatment Plans (RTP) for the most critical risks 

• Define the architecture and the scope of deployment of technological solutions with the aim to identify, detect, prevent and respond to information security failures 

• Define the security policies in line with the results of the security risk analysis

Ensure technological watch, consultancy and anticipation

• Ensure the monitoring of regulatory and technological evolutions of ISS (Information Security Systems)

• Monitoring of the  necessary changes to guarantee the logical and physical security of the information systems

• Provide guidance and recommendations to the project teams on best practices related to security in their respective domains: design, development, production, support,

Profile

Generic Skills:

Be able to:

- Take into consideration and evaluate the impacts on the information system of the introduction of new technology

- Formalise and analyse users’/customers’ needs

- Define and write procedures, have editorial capabilities

- Act as consultant and facilitate the decision making process

- Have pedagogical capabilities

- Have good communication skill and technics, be able to lead/chair meetings (technical and managerial)

- Be autonomous, practical , rigorous and precise

- Good capability for team work

- Good level of English (B1-B2) - CECRL

- Good knowledge of MS Office (Word, Excel, PowerPoint, Project and Visio)

Specific Skills:

- Practical knowledge of ISO 27k standards and ISO 27005 in particular

- Knowledge of conventional security evaluation methods and risk analysis (EBIOS, MEHARI, Attack Tree as examples)

- Knowledge of system and network concepts and systems

- Knowledge of Communication and telecommunication technologies, protocols, tools and systems

- Knowledge of Critical systems and associated constraints 

The knowledge of the following domains would be considered as a plus:

- European regulation applicable to the ISS and to GNSS in particular

- Communication in the space domain and LAN/WAN technologies 

- Knowledge of safety and dependability

Job features:

- Available for travels in Europe

- Access to this position may require a Personal Security Clearance (PSC) level “EU-Confidential” or higher

- Engineer certificate or equivalent

- 5 to 10 years of professional experience in Security ideally in the world of space and/or aeronautical and/or air traffic management «critical systems»

- Project experience in an international context (European)


Please send your application fileonly by e-mail to the following address: recrut@essp-sas.eu

Job Location: Toulouse (France)

Type of contract: Full time/ Permanent

PDF: Download