Cyber Security - Junior Architect (m/f)
CDI Élancourt (Yvelines) Architecture / Urbanisme
Description de l'offre
Cyber Security - Junior Architect (m/f)
Cassidian CyberSecurity Toulouse
Cassidian CyberSecurity Elancourt
As the European specialist in cyber security, the mission of Airbus' CyberSecurity business is to protect governments, companies and critical infrastructures from cyber threats. Its trusted, high performance security products and services are able to detect, analyse and counter the most advanced cyber attacks.
Airbus is a global leader in aeronautics, space and related services. In 2016, it generated revenues of € 67 billion and employed a workforce of around 134,000. Airbus offers the most comprehensive range of passenger airliners from 100 to more than 600 seats. Airbus is also a European leader providing tanker, combat, transport and mission aircraft, as well as Europe's number one space enterprise and the world's second largest space business. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions worldwide.
Our people work with passion and determination to make the world a more connected, safer and smarter place. Taking pride in our work, we draw on each other's expertise and experience to achieve excellence. Our diversity and teamwork culture propel us to accomplish the extraordinary - on the ground, in the sky and in space.
Description of the job
In this role you will design cybersecurity for embedded systems taking into account:
· Risks,
· Regulation and applicable best practices,
· Trade-off between cost / efficiency / operational needs / system lifecycle.
You will lead studies (with or without prototype). You will lead answers to requests for proposal (RFP) related to enforcing cybersecurity in embedded systems. You will also provide support to the audit team to perform architecture audit, optionally based on the (French) PASSI schema. According to projects or answers to RFP, you will ensure the role of technical responsible.
Profil recherché
Tasks & accountabilities
· Writing specification and design documentation (System/Subsystem Specification (SSS), System/Subsystem Design Description (SSDD), Statement of Work (SoW), Design Justification Report, etc.)
· Writing strategies for security tests
· Writing documentation to support system certification: System-specific Security Requirement (SSRS), Security plan, System Interconnection Security Requirement Statement (SISRS), System-specific Electronic Information Security Requirement Statement (SEISRS), Security OPerating ProcedureS (SecOPs), System Interconnection Security Requirement Statement (SISRS), etc.
· Writing common criteria security target
· Updating security risk analysis (EBIOS, ISO/CEI 27005)
· Writing studies (state of the art, benchmark, etc.)
· Within the framework of an architecture audit, you will handle interviews, analyse documentation and write the audit report
Required skills
· Engineering school or equivalent in the field of CyberSecurity
· Ability to challenge during technical meetings
· System engineering management, including requirement management, V-cycle, Waterfall, functional analysis, etc.
· Knowledge of the following norms and models would be appreciated: NAF, TOGAF, and knowledge about system engineering applications: Doors, Enterprise architect, Mega
· Risk analysis management (Failure Modes and Effects Analysis, SIL/SAL, EBIOS, ISO/IEC 27005)
· Knowledge of security norms, standards and regulations (ISO 27k, Common Criteria, CSPN, Defence regulation, PASSI, PDIS, PRIS, LPM, IGI 1300, IGI 6600, RGSv2, OIV, SIIV, etc.)
· Following certification would be a plus:
o ISO 27k, or an expertise in the common criteria or CSPN certification
· Cybersecurity for ICS certification would be a plus :
o Certified SCADA Security Architect (CSSA)
o GIAC Global Industrial Cyber Security Professional (GICSP)
o ISA 99 / IEC 62443 Cyber Security Certificate Program
· Technical knowledge in the event of cybersecurity for ICS in the following areas:
o Industrial process control systems: RTU, PLC, DCS, SCADA, measure, Ethernet I/O
o Cybersecurity guides or standards for industrial systems: ISO/IEC 62443 (ISA99), NIST 800-xx, ANSSI guides
o Industrial protocols: PROFIBUS, MODBUS, DNP3, OPC, Ethernet/IP, etc.
This position will require a security clearance or will require being eligible for clearance by the recognised authorities