Security Risk Analyst (F/M)
ESSP, a private company with 7 major European Air Navigation Service Providers as shareholders, manages the operation and supports the adoption of the European Satellite Based Augmentation System to GPS: EGNOS.
ESSP Corporate Video: https://www.youtube.com/watch?v=ojO8TAitQoc
The adoption of this service is rapidly growing given it allows correcting the GPS signal and offers enhanced features with accurate positioning and integrity within safety-of-life services context such as public transportation.
ESSP Website: https://www.essp-sas.eu/human-resources/careers/
ESSP recruits a:
Security Risk Analyst – (F/M)
Under the responsibility of the CSO, the Security Risk Analyst assesses the security risks and defines the architectures, technical solutions and/or procedures required for risk mitigation and integrating with the ESSP Information Security Management System (ISMS), notably for the management of vulnerabilities and the prevention of security threats.
She/he contributes to the information security governance and the maintenance of systems in good security conditions.
Her/his main activities are (the list is not exhaustive):
Security risk analyses (identification, assessment and follow-up):
· Collect security requirements and feared events stemming from business and applicable external requirements (e.g. certification, accreditation, legal requirements);
· Model supporting information systems and information management processes,
· Achieve risk assessments using the methodology and/or tool required on the target perimeter (e.g. ISO 27005, EBIOS, HLSS/Attack Tree),
· Define, propose for validation and follow risk treatment plans (RTP).
Security risk treatment (design and implementation of security solutions or procedures):
· Define, propose and follow risk treatment/action plans
· Organize, define and/or contribute to the design, the implementation and the qualification of technical or procedural solutions (e.g. Security Operating Procedures SECOPS)
· Contribute to the resulting documentation updates
· Make security impact assessments, and security assessments of information systems or products notably in the frame of security assurance processes or the accreditation of systems or tools;
· Assess specific security solutions.
Threat intelligence and vulnerability management:
· Get and maintain the knowledge of threats and vulnerabilities Monitor the evolution of security technologies and tools
· Contribute to the implementation of methodologies and tools in the area of security monitoring (e.g.Threat Intelligence, vulnerabilities databases).
· Have good communication skills and pedagogical capabilities
· Rigorous, pragmatic and discrete
· Curiosity and ability to self-learning
· Autonomous with good capability for team work
· Good English Level (B1-B2) – CEFR
· Good knowledge of MS Office (Word, Excel, PowerPoint, Project and Visio)
· Project management
· Good knowledge of security risk assessment methodologies (ISO 27005, EBIOS, etc.)
· Good knowledge of information systems and IT technologies
· Good knowledge of cybersecurity, threat intelligence and vulnerability management
· Knowledge of:
o System security (OS Linux & Windows operating systems, VM, IAM, system hardening, …)
o Network security (firewalls, IPS/IDS, VPN, proxy/reverse proxy, WAF, antimalware, …)
o Authentication technologies (AD, LDAP, Kerberos, Radius, smartcards, PKI, ...)
o Security monitoring (scanners, vulnerability management, SIEM, …)
o Communication and data security (encryption, IPSEC, etc.)
o Information security management frameworks (ISO 2700x, NIST, etc.)
· Knowledge of critical systems and associated constraints (safety)
Other preferable skills:
· Knowledge of the HLSS / Attack Tree methodology and/or Isograph Attack Tree tool
· Knowledge and/or experience of security assurance methodologies and practices (e.g. SSDLC, OWASP)
· Knowledge of GNSS and CNS/ATM domain (Communication, Navigation & Surveillance / Air Traffic Management)
· Knowledge of European regulations applicable to information systems and cybersecurity
· Knowledge of safety and dependability methodologies
· Available for occasional travels in Europe.
· Access to this position requires a Personal Security Clearance (PSC) at “EU Confidential” level.
· Engineering degree or equivalent
· 3 to 4 years of professional experience in IT security and cybersecurity, ideally in safety-critical environments (e.g. civil aviation, transport, energy) or on complex information systems.
· First experience in international projects (European).
Please send your application file only by e-mail to the following address: email@example.com
Job Location: Toulouse, (France)
Type of Contract: Full time/ Permanent contract
ESSP is committed to cultural diversity, gender equality and the employment of disabled workers