security and cybersecurity
January 27, 2021

Security Risk Analyst (F/M)

ESSP, a private company with 7 major European Air Navigation Service Providers as shareholders, manages the operation and supports the adoption of the European Satellite Based Augmentation System to GPS: EGNOS.

ESSP Corporate Video:

The adoption of this service is rapidly growing given it allows correcting the GPS signal and offers enhanced features with accurate positioning and integrity within safety-of-life services context such as public transportation.

ESSP Website:

ESSP recruits a:

Security Risk Analyst – (F/M)

Under the responsibility of the CSO, the Security Risk Analyst assesses the security risks and defines the architectures, technical solutions and/or procedures required for risk mitigation and integrating with the ESSP Information Security Management System (ISMS), notably for the management of vulnerabilities and the prevention of security threats.

She/he contributes to the information security governance and the maintenance of systems in good security conditions.

Her/his main activities are (the list is not exhaustive):

Security risk analyses (identification, assessment and follow-up):

· Collect security requirements and feared events stemming from business and applicable external requirements (e.g. certification, accreditation, legal requirements);

· Model supporting information systems and information management processes,

· Achieve risk assessments using the methodology and/or tool required on the target perimeter (e.g. ISO 27005, EBIOS, HLSS/Attack Tree),

· Define, propose for validation and follow risk treatment plans (RTP).

Security risk treatment (design and implementation of security solutions or procedures):

· Define, propose and follow risk treatment/action plans

· Organize, define and/or contribute to the design, the implementation and the qualification of technical or procedural solutions (e.g. Security Operating Procedures SECOPS)

· Contribute to the resulting documentation updates

Security studies:

· Make security impact assessments, and  security assessments of information systems or products notably in the frame of security assurance processes or the accreditation of systems or tools;

· Assess specific security solutions.

Threat intelligence and vulnerability management:

· Get and maintain the knowledge of threats and vulnerabilities Monitor the evolution of security technologies and tools

· Contribute to the implementation of methodologies and tools in the area of security monitoring (e.g.Threat Intelligence, vulnerabilities databases).


Generic Skills:

· Have good communication skills and pedagogical capabilities

· Rigorous, pragmatic and discrete

· Curiosity and ability to self-learning

· Autonomous with good capability for team work

· Good English Level (B1-B2) – CEFR

· Good knowledge of MS Office (Word, Excel, PowerPoint, Project and Visio)

· Project management

Specific Skills:

· Good knowledge of security risk assessment methodologies (ISO 27005, EBIOS, etc.)

· Good knowledge of information systems and IT technologies

· Good knowledge of cybersecurity, threat intelligence and vulnerability management

· Knowledge of:

o   System security (OS Linux & Windows operating systems, VM, IAM, system hardening, …)

o   Network security (firewalls, IPS/IDS, VPN, proxy/reverse proxy, WAF, antimalware, …)

o   Authentication technologies (AD, LDAP, Kerberos, Radius, smartcards, PKI,   ...)

o   Security monitoring (scanners, vulnerability management, SIEM, …)

o   Communication and data security (encryption, IPSEC, etc.)

o   Information security management frameworks (ISO 2700x, NIST, etc.)

· Knowledge of critical systems and associated constraints (safety)

Other preferable skills:

· Knowledge of the HLSS / Attack Tree methodology and/or Isograph Attack Tree tool

· Knowledge and/or experience of security assurance methodologies and practices (e.g. SSDLC, OWASP)

· Knowledge of GNSS and CNS/ATM domain (Communication, Navigation & Surveillance / Air Traffic Management)

· Knowledge of European regulations applicable to information systems and cybersecurity

· Knowledge of safety and dependability methodologies

Job Requirements:

· Available for occasional travels in Europe.

· Access to this position requires a Personal Security Clearance (PSC) at “EU Confidential” level.

· Engineering degree or equivalent

· 3 to 4 years of professional experience in IT security and cybersecurity, ideally in safety-critical environments (e.g. civil aviation, transport, energy) or on complex information systems.  

· First experience in international projects (European).

Please send your application file only by e-mail to the following address:

Job Location: Toulouse, (France)

Type of Contract: Full time/ Permanent contract

PDF: Download

ESSP is committed to cultural diversity, gender equality and the employment of disabled workers