Aircraft Security Architect - SAINT MARTIN (h/f)
CDI Toulouse (Haute-Garonne) Architecture / Town planning
Job description
Airbus SAS
Airbus is a global leader in aeronautics, space and related services. In 2018 it generated revenues of € 64 billion and employed a workforce of around 134,000. Airbus offers the most comprehensive range of passenger airliners. Airbus is also a European leader providing tanker, combat, transport and mission aircraft, as well as one of the world's leading space companies. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions worldwide.
Our people work with passion and determination to make the world a more connected, safer and smarter place. Taking pride in our work, we draw on each other's expertise and experience to achieve excellence. Our diversity and teamwork culture propel us to accomplish the extraordinary - on the ground, in the sky and in space.
Description of the job
A vacancy for an Aircraft Security Architect has arisen within Airbus Defence & Space. The position will be located in SAINT-MARTIN.
The jobholder will contribute to ensure the Security of Airbus products and supporting services and systems across Airbus Defence and Space. The jobholder will be in charge of the analysis, definition and specification of the security aspects of Airbus DS products and their development, test, integration, production and support systems for Military Aircraft, Space Systems and CIS Business Lines, Primarily supporting the MRTT France InfoSec (both Aircraft Systems and Ground Support Systems), throughout their lifecycle.
The jobholder will have a supporting role in the ongoing definition, development and support of product security policies and business documentation required to ensure that Airbus DS products are developed securely to a defined standard.
This position will require a security clearance or will require being eligible for clearance by the recognized authorities.
Tasks & accountabilities
The main tasks and responsibilities will be focused on; Maintien en Condition de Sécurité, (MCS) to support the MRTT FR:
Definition and design of the MCS service for the MRRT FR to meet the Customer requirements. This will include:
• The Analysis of alert bulletins emitted by French Air Force. These bulletins contain a set of vulnerabilities with regards to a given threat
• Collect and analyze information (system design, specification, risk analysis…) required to analyze these vulnerabilities
• Assess the vulnerabilities in their operational context (CVSSv3)
• Risk analysis update with regards to the previous assessment.
• Propose new security measures to mitigate the increased risks.
In addition the Product Security Role will include:
• Performance of security risk analysis (threat and vulnerability assessment) on products and supporting information systems.
• Definition of security requirements for products and information systems.
• Design of security architectures for products and information systems.
• To specify and assist in the development of security measures to protect and defend Airbus products and systems by ensuring their confidentiality, integrity and availability.
• Guarantee of the compliance on the security requirements against the national and international security regulations.
• Provision of innovative technology solutions in term of information security.
• Support of assessments and audits of the information security aspects projects and product lines across Airbus Defence and Space to ensure compliance with Airbus business, customer and national security requirements.
• Supporting programs and projects in the definition and production of product security documents and records in line with customer national security requirements and Airbus business requirements.
• To develop, review and improve the Airbus product security policies, methods and tools
• To assist projects and programmes in the development of secure configuration guidelines for products and systems.
• To specify and support penetration testing and health checks on products and systems.
• Support a culture of engagement across the engineering organization, which emphasizes shared responsibility in achieving secure designs.
• Conduct formal compliance process (security evaluation, certification and accreditation processes) in accordance to the appropriate national and NATO criteria and methodologies. (CC/CEM, ITSEC/ITSEM, CCN-STICs...).
• Perform information systems security evaluation for verification and validation processes.
• Perform security technical audits.
• Production of the security operating procedures to guarantee the security of information systems throughout their lifecycle.
This role will involve occasional travel for business and as such the jobholder must be able to travel according to the business needs.
This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.
Required skills
You will have the following skills and experience:
• A minimum 10 years of experience in engineering (information systems, information security).
Experience should be in the following fields;
• Information security standards and their implementation supporting the DGA/ANSSI policies and guidance (Principally aligned with ISO27001 but knowledge of other frameworks such as NIST, desirable).
• Systems and applications security architecture design.
• Performed assessment of products and systems security maturity utilising (Airbus Security Auditor Certification desirable).
• Knowledge in Aircraft Information Security architecture
• Knowledge on French regulation concerning security product (evaluation, ANSSI agreement, ..)
• Threats and risk analysis methods and tools utilised within the DGA and Nato (EBIOS/PILAR/MAGERIT)
• Typical risk management decisions and necessary mitigations.
• Creation and management of Product Security documentation in accordance with the BMS (PSLMP, PSCP).
• Impacts of legislation on Product Security.
• Understanding of Security Management concepts within customer organisations across the Airbus Defence and Space client base.
• Strong knowledge of information systems.
• Understanding of EUROCAE Aviation Cyber Security Processes, Tools and Documentation.
• Knowledge of NATO/National security regulations.
• Strong knowledge of Security Evaluation, Certification and Accreditation Processes.
• Solid understanding of networking and communications protocols.
• Strong team spirit
• Excellent interpersonal and strong leadership skills.
• Strong oral and written communication skills.
• Enthusiastic and proactive approach.
• Advance level in English.
• Ability to learn and grow in an evolving environment.
• Ability to work in a Transversal Engineering Function.
• Spanish language skills would be an advantage.