Engineering Security Officer - Getafe, España - European Satellite Services Provider

European Satellite Services Provider

Empresa verificada

Getafe, España

hace 3 semanas

Publicado por:

Isabel García

beBee Recruiter

Descripción

Created in 2009,
ESSP is a young and dynamic company, a
pan European service provider, certified by EASA (the European Union Aviation Safety Agency) to deliver safety-critical services.

Our mission is to operate and provide
Communication, Navigation and Surveillance(CNS) services, among which, the main one is, the
EGNOS service (the European Geostationary Navigation Overlay Service), on behalf of the EUSPA (the European Agency for Space).

We are recruiting a:

ENGINEERING SECURITY OFFICER

By joining us, you will be in charge of security activities in support of ESSP activities and services delivered to ESSP Customers.

If you have at least
5 years' of experience in IT security or in information systems and networks, preferably in a
critical or complex systems (space, aviation, industry sectors) with a good level of English, then this position is for you

Your main responsibilities/activities will be:

Under the authority of the CSO, you will perform the following activities:

Lead the security risk management by performing the
risk assessment and
remediation plan:
Lead required accreditations of assets (products, facilities, etc);
Perform threat evolution continuous monitoring, including advance persistent threats (APT),
Perform vulnerability continuous monitoring based on CERT vulnerability notifications,
Identify threats and vulnerabilities, ensure proper contingency plans
Define or challenge architectures in terms of security;
Propose and implement security functions and solutions, contribute to security projects;
Define and maintain Business Continuity Plan and Crisis Management on security aspects
Contribute to the Crisis Management process definition and implementation for Security
Ensure, in crisis plans, clear precedence rules between safety and security requirements,
Define, with the Safety team and EASA, methods for conciliating/ordering safety & security constraints
Provide expertise to the benefit of ESSP, for example by participating to call for tenders.
Provide technical expertise in support of company's operational units;
Ensure reviews and validate within the framework of ESSP's process (changes, anomalies, deviations, etc.);
Participate in analysis of security events and lead the implementation of mitigation/remediation actions;
Contribute to the company's and clients' security dashboards;
Manage potential subcontractors for the accomplishment of the activities.

You will also contribute to the continuous improvement of ESSP security policies and practices, specifically for ESSP ISO 27001 certified ISMS and Security Management System supporting ESSP ANSP certificate.

Consequently you will contribute to:

Promoting good security practices to the personnel,
Ensuring a security watch, both technological and regulatory,
Improving enterprise processes and tools for security management,
Developing new security services, notably in terms of operational security and cybersecurity,
Designing, building, assessing and managing innovating technical projects for internal or external clients.

PROFILE:

Security risk assessment methodologies (ISO27005, EBIOS RM, Attack tree )
Technical security (information systems, networks, physical security, crypto, etc.) and cybersecurity (threats, exploits, vulnerabilities, etc.),
Information security standards (ISO270xx, NIST, OWASP, ANSSI, ENISA, etc.),
Business continuity (ISO22301)
Enterprise IT and security organization aspects (ISMS, etc.),
Project management,
French/European applicable regulations to protection of Classified Information (IGI 1300, IGI 2012 )
Critical systems and their specific constraints (Safety, Continuity)
Critical systems and associated constraints (space, aviation, industry, etc.).
Understand, analyse and reformulate users/customers/projects' needs and requirements;
Define and write technical documentation; have editorial capabilities;
Act as consultant and facilitate the decision making process;
Evaluate the impacts of technologies and solutions on information systems and operations.
Team work and teaching capabilities
Rigorous, pragmatic and discreet,
Knowledge of EGNOS, GNSS and CNS technologies,
European regulation applicable to Information System Security and to GNSS in particular.

JOB REQUIREMENTS:

-
Language: English (B2)

CEFR and Spanish (desirable)

-
Engineering degree or equivalent:

Available for travels in Europe.

Human Resources information:

- is held by
the direct manager of the position you applied for (technical interview)
- is held by
HR department

Element of package of remuneration:
-
Variable: bonuses based on objectives
-
Teleworking: up to 3 days/week

-
Health insurance, Life Insurance:

-
Saving plan:

-
Tickets Restaurant:

-
Sustainable Mobility Package: Home/Office travels reimbursement if car sharing or bicycling
- **29 holida