Within the Engineering department of the Train and Passenger entity of the Villeurbanne site, the mission is to organize and manage Cybersecurity study, validation and verification activities for all onboard electronic equipment on our trains (Trams, metro, regional, high speed):
As a technical referent for the department:
- To be the privileged interface for the department with the various interlocutors of the central organization Cybersecurity of Alstom and products.
- Participate in the definition of secure technical architectures for responses to calls for tender: Understanding the need expressed by the customer, specifying the technical aspects.
- Provide support during technical design meetings for cybersecurity activities.
- Carry out, if necessary, support for events brought up by internal and external clients.
- For needs on existing projects: perform security assessments of an infrastructure or application
- Train and / or sensitize the various Alstom teams and suppliers to Cybersecurity issues;
- Evaluate project and business impacts of technical vulnerabilities identified as part of technological monitoring activities.
- Organize the capture of experience feedback and the implementation of continuous improvement plans for Cybersecurity aspects.
Within the framework of specific projects, for the activities of descent and return of the cycle in V:
- Responsible for Cost / Quality / Delay Deliverables Cybersecurity.
- To be the technical interface with the customer for the Cybersecurity domain.
- Realize the documents and specifications required for the project (safety studies, documents of required, Security file ...)
- Build and deliver the solution (installation, configuration, and parameterization) at the subsystem and train level.
- Organize and lead the activities of Verification, Integration and Test projects to ensure compliance with contractual requirements: documents, hardware, and software secured.
EDUCTIONAL REQUIREMENTS: University/ Engineer in degree level
- Experience in projects related to security or hacking in general.
- Knowledge of architecture concepts and techniques of systems and networks, operating systems and associated programming languages.
- Knowledge of the main techniques for evaluating systems security (e.g. Fuzzing, flooding ...)
- Proficiency in intrusion testing techniques.
- Knowledge of some security solutions and areas, such as BRP / DRP, GRC, IAM, DLP, PKI, SOC, IDS / IPS, SAP security, etc.
- Master of tools such as Wireshark, Nmap, OpenVAS, Nexpose, Metasploit, Nessus, BURP
- Knowledge of encryption issues and tools (e.g. Truecrypt, OpenSSL)
- Knowledge of low-level filtering (Firewall owners, Iptables, OpenVPN)
- Knowledge of the security market and its key players;
- Main standards and regulations, such as ISO 2700X, French LPM and RGS, etc.
- Methods of risk analysis (ISO 27005, Ebios, etc.);
- Knowledge in embedded systems (railway / aeronautics ...) would be a plus.
- Dynamic, autonomous. Creativity and ability to work in a complex environment.