stairs
Technical Security Engineer_ESSP website
May 22, 2018

Technical Security Engineer (M/F)


Being part of the Security Team and report directly to the Chief Security Officer, the Technical Security Engineer will be in charge of security engineering activities related the Security Department missions to the benefit of ESSP or its clients. 

Those activities range from design, qualification and implementation phases to technical expertise to the benefit of projects or operational teams.

The Technical Security Engineer will do security risk analyses and proposes security measures for mitigating risks; he/she will also able to deliver security studies requiring its unique technological or methodological expertise.     

The Technical Security Engineer’s main responsibilities:

Under the authority of ESSP CSO, the main missions of the Technical Security Engineer are (non exhaustive list):

Definition of security requirements, policies and procedures

• Security requirements identification or analysis

• Definition of security policies, processes and operational procedures 

• Security compliance dossiers and traceability matrices

• Definition of technical security directives and guidance documentation

Technical design of security architectures 

• Definition of security architectures and solutions• Test and qualification of security solutions and systems

• Security assessments of solutions and systems 

• Definition and analysis of business and operational impacts

• Production of design documents (functional and technical architectures, design justification documents, test and qualification reports, etc.)

Security risk management

• Security risk analyses using standard methodologies (ISO27005, EBIOS, etc.)

• Definition of security mitigation strategies and measures

• Production of security risk management supporting documentation

Technical expertise

• Security audits (security configurations, security procedures, etc.)

• System security assessments (equipment, operating software, application, source code, etc.)

• Vulnerability assessments (scans, pentests, etc.)

• Best practises (operational security, system development, security monitoring, etc.)

• Support to change management (security reviews)

• Incident management (investigations)

Profile:

Generic Skills:

• Be able to :

 Understand, analyse and reformulate users/customers/projects’ needs and requirements

 Define and write technical documentation; have editorial capabilities

 Act as consultant and facilitate the decision making process

 Evaluate the impacts of technologies and solutions on information systems and operations

• Have pedagogical capabilities

• Have good communication skills; able to lead technical meetings 

• Rigorous, pragmatic and discrete• Curiosity and ability to self-learning

• Autonomous with good capability for team work 

• Good English Level (B1-B2) - CECRL

• Good knowledge of MS Office (Word, Excel, PowerPoint, Project and Visio)

Specific Skills:

• Good knowledge of information systems and IT technologies

• Good knowledge of cybersecurity, threat and vulnerability management 

• Good knowledge of:

 System security (Linux & Win operating systems, VM, IAM, system hardening, …)

 Network security (firewalls, IPS/IDS, VPN, proxy/reverse proxy, WAF, antimalware, …)

 Authentication technologies (AD, LDAP, Kerberos, Radius, smartcards, PKI,   ...)

 Security monitoring (scanners, vulnerability management, SIEM, …) 

 Communication and data security (encryption, IPSEC, etc.) 

• Knowledge of security risk assessment methodologies (ISO 27005, EBIOS, …) 

• Familiar with project management

• Familiar with critical systems and associated constraints 

The knowledge of the following domains would be considered an advantage:

• Knowledge of GNSS and CNS technologies

• Practical knowledge of ISO2700x series

• European regulation applicable to Information System Security and to GNSS in particular

• Communication technologies for radio and space segments 

• Knowledge of safety and dependability methodologies

Job features:

Available for travels in Europe

Access to this position may require a Personal Security Clearance (PSC)  level “EU-Confidential”

Engineer, Master or equivalent degree

Professional experience in IT security, ideally in critical environments 

Experience of international projects (Europe)



Please send your application file only by e-mail to the following address: recrut@essp-sas.eu

Job Location: Toulouse (France)

Type of contract: Full time/ Permanent

PDF: Download