Are you interested in working with leading experts to protect Airbus against an ever evolving cyber threat and be part of the corporate digital security office combining; IT, industrial manufacturing, product, and people security?
Are you willing to work in a multicultural environment, with a significant scale, and on a worldwide perimeter? Are you ready to take on a new and exciting challenge?
Airbus gives you the opportunity to apply your expertise and develop your skills and competencies!
Airbus is a leader in the aerospace & defence sector, offering many challenging opportunities and providing numerous benefits to its employees, such as: development and training, unique challenges, world wide scope, access to key markets, mobility opportunities, and last but not least, a respectable work-life balance.
Seize the opportunity to integrate the central Corporate Digital Security Team led by Group CISO and be a part of the transnational peer group of 4 core countries (France, UK, Germany, Spain) with a direct link to our global infrastructure and sites (e.g. North America, India, China, Asia …).
At Airbus corporate level, digital security topics are managed by the Digital Security organisation and structured around 5 capability departments::
In order to provide continuous improvements of the security programme and in efforts to discover weaknesses in the cyber security programme and implementations before external hackers, the Corporate Evaluation and advanced Test team play an important role.
The mission is to provide advanced capabilities in the discovery, reporting, and remediation recommendations of security vulnerabilities found in both the security technologies consumed/purchased and operated or developed by the organisation. It is done by performing independent evaluation and penetration-testing of systems in order to evaluate the security effectiveness and mitigate system vulnerabilities and weaknesses (e.g. product vulnerability, miss-configurations, unpatched systems, etc.) before they are discovered by external or internal adversaries.
You will join the Security Evaluation team inside the Digital Security Office. The team’s mission is to provide detailed and trustworthy information on the security of the products which are bought, developed, deployed (or considered for deployment) by the company, in order to allow interested stakeholders to take informed decisions.
To fulfill this mission, the team:
Evaluates the security of products and services by simulating the behaviour of motivated and highly technical attackers
Contributes to the domain's state of the art by developing tools or methodologies
Provides technical expertise on security topics
The team works equally on standard IT products (infrastructure, phones, cloud services, etc.) and on the company's own products (planes, helicopters, satellites, etc.) or operational technologies (access control, ICS, video surveillance, etc.).
Conducting deep-dive security evaluations of products and services, in the lab
Writing evaluation reports for the products, services and technologies you evaluated
Participating to Red Team activities
Developing tools, both for short and long term, which enable the team to be more efficient in its missions or allow the company to automate security tests
Publishing open source tools
Attending technical security conferences and publishing articles in your expertise areas
At least 5 years of professional experience in deep-dive security evaluation or Red Team
Significant experience in exploit development or tools/scripts development
Ability to write reports, articles and notes in English
Good command of English
Good command of French is a plus
Good communication skills and an ability to explain technical subjects in layman's terms
Autonomous and willing to bring up new ideas
You are a specialist in one of those areas and have some experience in one or several others:
Web vulnerability research
Native applications vulnerability research
Network security evaluation
Radio/Wireless protocols security evaluation
Automatization of security testing
This role will involve travel for business in Europe and worldwide and as such you must be able to travel accordingly.