Airborne Cyber Security Evaluator - Junior (M/F)
Hybrid
Toulouse, France
Full Time
19-03-2025
Job Specifications
Job Description
Airbus is a global industrial player and aircraft manufacturer with the highest standards of safety and security. The increasing connectivity of our aircraft and the digitalization of our products have opened the door to new threats and hence to a growing need for security evaluation activities.
To face these challenges, our team, embedded in the Flight and Integration Test Center, acts as the first attacker to anticipate the threats our airborne products could face. Composed of specialists combining multiple competencies in avionics, networks, radio transmissions, operating systems, cryptography and more. This transnational team is recognized company-wide for its unique expertise combining avionics and security skills.
We are currently looking for a Cyber Security Evaluator (m/f/d) for airborne products, based in Toulouse (31), France. Your main role is to perform security evaluations on airborne products and systems and to identify security weaknesses before their entry into service or affecting the in-service aircraft. As our environment is constantly evolving, you also contribute actively to the continuous improvement of our activities by exploring new attack techniques, tracking new technologies, developing scripts and tools supporting the security evaluation of airborne products.
Are you ready for this challenge?
What you will do with us as Airborne Products Cyber Security Evaluator (m/f):
Using your curiosity, creativity and experience, to develop and perform adversarial security evaluations against Airbus airborne products and related services in our laboratory test environments.
To evaluate the security of our products and systems, gathering system or multi-system configuration items and performing configuration reviews.
To contribute to the design, development, implementation and integration of Airbus airborne products applying an attacker mindset and sharing technical expertise with our international community of system designers and developers.
To identify weaknesses and/or vulnerabilities on hardware & software by using diverse techniques and tools.
To compile technical reports and presentations to describe findings, to recommend fixes and to support the security risk analysis process.
To disseminate your developed attack scenarios and obtain technical knowledge within our team
To contribute to research and development to explore innovative ways to evaluate Airbus products security.
To develop tools and test means to test airborne systems.
Travel for business in Europe and intercontinental is also part of the activity.
Skills
We are looking for candidates with the following skills and qualities, please do not hesitate to apply for the position if you partially fulfill the list below:
Cyber Security Diploma or equivalent knowledge
Knowledge on vulnerability research
Software development skills to support security evaluations (tooling, etc).
Interest in CTF challenges is highly appreciated.
Softskills:
Team spirit, curiosity, creativity.
Aim to develop the ability to communicate effectively and comprehensively to present complex technical approaches and findings.
Strong analytical and organizational skills with good communication skills in English.
Why join us?
Work on adversarial security evaluation for the Airbus airborne product portfolio, incl. aircraft and helicopter equipment and be an active contributor to the safety and security of aviation.
Work in a multicultural environment, on a growing spectrum of activities, on a worldwide perimeter, within a team of security evaluation specialists.
You will have the opportunity to apply your expertise, to develop your skills, competencies and your personal project. You will attend some specialized Cyber Security conferences.
Work in a balanced environment: beyond the many benefits offered to its employees, joining Airbus is also the guarantee of a respectable work-life balance.
This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.
Company
Airbus Operations SAS
Employment Type
Permanent
Classe Emploi (France): Classe F12
Experience Level
Entry Level
Job Family
Cyber Security
By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.
Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.
At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.
#YESPOST
About the Company
We hope you have a pleasant journey with us, as we share the latest news and views on our family of aircraft, sustainable aviation and much more. Know more
Related Jobs
- Company Name
- Free-Work
- Job Title
- Ingénieurs sécurité nationalité française
- Job Description
- Nous recrutons un ingénieur Devsecops pour une première longue mission chez un de nos clients prestigieux : > Conception et développement d’évolutions d'une solution d'infrastructure de virtualisation réseau sécurisé de type ETSI NFVi en approche "Secure by Design" > Maintien en Condition Opérationnelle et Maintien en Condition de Sécurité: en faisant une veille sur les OSS utilisés, ainsi que sur leurs vulnérabilités, en participation aux co-ingénieries avec l'Architecte sur l'architecture cible pour un objectif multi-niveau de sécurité, en participant à l’élaboration des documentations permettant une évaluation CC EAL4+ de la solution, ainsi qu'aux échanges avec l'ANSSI, en faisant évoluer la solution basée sur des OSSs en DevSecOps afin de répondre aux objectifs de sécurité et à l'ajout de Demande d'Evolution, en participant activement au support correctif pour les affaires utilisant la solution L'objectif de l'équipe passionnée est de faire évoluer en permanence le niveau de sécurité d'une solution référente à fort potentiel.. Cette première mission basée à Gennevilliers ne permet pas (ou très peu) de télétravail. > Support correctif Profil candidat: Vous êtes ingénieur sécurité avec au moins un poste/mission de plusieurs années basé sur de la sécurité opérationnelle, qui vous ont permis de bien comprendre les meilleures pratiques en sécurité défensive (Blue Team) et les solutions technologiques de référence afférentes (SIEM, SOAR, XDR...), et si possible des processus d'homologation / certification (suivi des plans de rémédiation) Vous savez travailler en équipe dans un environnement rigoureux, et qui nécessite la nationalité française du fait de la nature de l'activité du client. Vous avez l'ambition de contribuer à un grand projet chez un grand nom de l'industrie, qui sera structurant pour la suite de votre parcours. L'expérience attendue est de 3 à 10 ans, rémunération selon profil. Plusieurs recrutements sur ce type de poste avec des arrivées entre mai et octobre 2025.
- Company Name
- Voyage Privé
- Job Title
- Chief Information Security Officer (CISO) H/F
- Job Description
- Born in France in 2006, Voyage Privé has grown from an ambitious startup into becoming the Europe's leading travel tech platform. Operating across 9 markets with tens of millions of users, we're not just another e-commerce success story - we're a tech powerhouse revolutionizing online travel. As a mission-driven company, we're unique in combining cutting-edge technology with social impact. Our innovative campus brings together tech talent, professional athletes, students, and artists, creating an ecosystem where digital innovation drives both business growth and positive change. We're now at an inflection point, upgrading our entire technical foundation with cloud architecture, AI, and real-time systems to become a reference and top-of-mind platform for luxury travel, known by travelers for its for excellent offer and customer experience, and by our providers as a high-performance business development partner. Why Join Us? Work at the intersection of cutting-edge technology and a mission-driven company, transforming how millions experience travel. Be part of an entrepreneurial team of innovators that isn't just building technology: we value innovation, ownership, and collaboration, with an emphasis on empowering engineers to make a difference. Shape a fast-growing tech company as we embark on an ambitious plan to scale tenfold in the next decade. Fast-paced, innovative environment with a real impact on high-end travel experiences. A chance to lead security efforts at a strategic and operational level. Direct visibility with the CDO and ExCom, shaping the future of security in a dynamic industry. A collaborative, tech-driven culture that values security as a business enabler. Enjoy a workplace that invests in personal and professional development, offering learning programs, mentorship opportunities, and career growth pathways. Job Description We are a large, renowned, fast-growing e-commerce company specializing in high-end online travel experiences. Security is a strategic priority to maintain the trust our customers have placed in us. Our goal is to protect our assets, manage risk, ensure compliance with regulatory requirements (e.g., PCI-DSS v4, GDPR), and build customer trust, all while supporting innovation in our technology and operations, and a profound transformation of our systems to enable and power our ambitious growth objectives. We are looking for a Chief Information Security Officer (CISO) who will define and execute a global security strategy, lead risk management efforts, and foster a strong security culture across the company. This role will be pivotal in securing our evolving infrastructure, enhancing governance, and demonstrating business impact through security initiatives. Key Responsibilities 1. Define, Drive, and Execute the Security Strategy & Roadmap Develop and maintain a comprehensive security strategy that covers technical, organizational, and physical security aspects. Build and execute a structured security roadmap aligned with the company’s business and technical transformation. Identify, assess, and prioritize information security risks (technical, organizational, human) and define appropriate mitigation plans. Ensure compliance with industry regulations and standards (PCI-DSS v4, GDPR, and other relevant frameworks) in collaboration with legal and business teams. Regularly report security progress, risks, and achievements to the Chief Digital Officer (CDO) and the Executive Committee (ExCom) through Quarterly Business Reviews (QBRs). 2. Proactive Risk Management, Automation & Business Impact Implement risk-based security measures and establish a continuous improvement approach for security operations. Develop automated security dashboards to provide real-time visibility on security posture, including risks, incidents, and security initiatives. Demonstrate tangible business impact of security actions (e.g., revenue protection, reduced fraud, SLA adherence, strengthened partner trust). Establish Key Performance Indicators (KPIs) to measure security effectiveness and ensure alignment with business objectives. 3. Technical, Physical, and Network Security Oversee physical security measures (e.g., access controls, video surveillance, alarms) in coordination with infrastructure and facilities teams. Ensure the security of networks, cloud infrastructure, and hybrid environments (on-premises + cloud). Secure our API-driven, microservices-based architecture, working closely with DevOps and cloud teams. Drive Security by Design and Zero Trust principles in all technology initiatives. 4. Leadership, Team Management & Cross-Team Collaboration Collaborate with product, data, engineering, infrastructure and legal teams to integrate security across all business functions. Work alongside the Office IT Manager for security-related actions within Microsoft environments (Active Directory, Office 365, MFA, etc.). Foster executive buy-in and ensure that security is seen as a business enabler, not a blocker. 5. Security Awareness & Culture Development Promote a strong security culture throughout the company, ensuring all employees understand their role in cybersecurity. Implement company-wide security awareness programs, including phishing simulations and best practices training. Act as a trusted advisor on security matters, maintaining a pragmatic and educational approach. 6. Data Protection, GDPR & Third-Party Risk Management Ensure compliance with GDPR and data privacy regulations, working closely with legal teams. Oversee data protection, anonymization, and secure storage practices. Manage third-party risk by ensuring vendors and partners meet security standards before integration. 7. Incident Management & Continuous Improvement Establish a structured incident management process, covering detection, response, mitigation, and post-incident reviews. Lead internal and external security audits, including penetration tests, organizational security reviews, and compliance assessments. Stay ahead of emerging cybersecurity threats and adapt security strategies accordingly. 8. Budget & Security Investments Define and manage the security budget, ensuring cost-effective investments in security tools and technologies. Justify security spending by demonstrating ROI and risk reduction benefits. Qualifications Technical Skills: Proficiency in IT security tools and concepts: Access management (IAM, SSO, MFA). Infrastructure security (firewalls, VPNs, network monitoring, Wi-Fi security). Application security (OWASP Top 10, API Gateway). Strong knowledge of standards and certifications: PCI-DSS, ISO 27001, GDPR (in collaboration with the legal team). Experience in hybrid environments (on-premise + cloud) and transformation projects. Advanced skills in dashboard creation and automated reporting, with a focus on demonstrating business impact (tools like Power BI, Tableau, or security-specific solutions). Soft Skills: Leadership...
- Company Name
- INTERPOL
- Job Title
- Information Systems Security Analyst - Reserve list exercise
- Job Description
- Vacancy Notice 1067 INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime. INTERPOL strives to achieve a diverse and inclusive workforce and welcomes applications from individuals with diverse backgrounds, experiences, and perspectives. To achieve our Diversity goals, we encourage applications from women and nationals of under/unrepresented member countries who are passionate about our mission. INTERPOL’s recruitment process is merit-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization. Job Title: Information Systems Security Analyst - Reserve list exercise Reporting To: Security Operations Centre Manager Location: Lyon, France Type of contract: Fixed-term contract Duration (in months): 36.00 Grade: 5 Number of post: Reserve list exercise Level of Security screening: Enhanced Deadline for application: 9 April 2025 Conditions applying for all candidates Only professional experience for which candidates can provide official proof of employment will be considered. Candidates could be requested to provide copies of such official documents prior to interviews/test. This selection exercise will be used to generate a reserve list of suitable candidates that may be used to address Organization's similar staffing needs in the future. Tests/interviews in connection to this selection procedure will take place approximately 3 to 4 weeks after the deadline for applications. Applicants are kindly requested to plan their availability during this period accordingly, in case they are short-listed. Selected candidates will be expected to report for duty approximately two to three months after receiving an offer of employment at the latest. INTRODUCTION OF POST The post-holder reports to the Security Operations Center Manager. The Information Systems Security Analyst must know how to source, install and maintain various security systems, including but not limited to unified threat management (UTM), messaging gateway, security information and event management (SIEM), encryption system and endpoint security. As part of the Security Operations Center (SOC) team, the Information Systems Security Analyst is required to observe server logs, firewall logs, intrusion detection logs, web filtering and antiviral systems for any unusual or suspicious activity, in order to prevent compromise. Conducting Incident Management, Business Impact Analysis (BIA) and Disaster Recovery Planning (DRP) is crucial, as well as ensuring that recovery configurations are updated frequently. Information Systems Security Analyst is obligated to monitor external sources to find available security patches and are to prioritize and make recommendations for implementation. Finally, it is expected that Information Systems Security Analyst demonstrates knowledge in the planning and creation of organization security documents and architecture. It is important to remain up to date with detailed knowledge of the IT security industry. This includes the awareness of new or updated security solutions, improved security processes and the development of new attacks and threat vectors. Primary Duties Duty 1: Security and Collaboration in Operations Participate in Security Operations Center (SOC) activities, SOC process improvement and support on-call duties / shift working time. Monitor computer security risks, network events and signals from security tools to identify probable security incidents and communicate information to the relevant stakeholders as necessary. Respond to IT security incidents, review daily alerts, perform triage, carry out in-depth investigations on security events and comply with Interpol’s Incident Management Process. Evaluate events, incidents and attacks, identify the root cause of the attack, implement required security actions to counter the attack, and restore system operations. Proactively explore the weaknesses and vulnerabilities in IT infrastructure. Analyze threats and catch indicators of compromise, indicators of attack and advanced persistent threats. Provide Strategy to Containment and Eradication and recovery procedures based on Disaster Recovery Plan. Ensure a technology watch in order to remain up to date with new developments, trends and techniques in the domain of IT security. Duty 2: Security Engineering Maintain, configure and fine-tune IT security tools and related products, for example (not exhaustive): SIEM, SIM, UEBA, SOAR, Reverse Proxies, Directories, Identity Management, Identity Access, Antivirus, Vulnerability scanners, PKI, Authentication, Application Firewalls, etc. Perform SIEM implementation and management: rules, logic, actions and alert creation to detect potential security incidents across the organization. Gather requirements, perform troubleshooting, aid with the creation of SIEM search queries, improve the effectiveness and quality of the current detections, and reduce numbers of false positives. Ensure that proper use cases, operational controls, procedures, tests and documentations are in place to quickly move from test to production. Proactively seek to improve and develop new strategy based upon observed security events. Perform deep data analysis to gain valuable understanding of the data. Request to onboard new data sources into the SIEM. Perform automated health checks, and ensure effectiveness of events and incident detection. Duty 3: Security and Risk Management Assist the SOC Manager by ensuring feasibility and coherence between organizational security polices and those of the IS&T Operations Sub-Directorate. Propose mitigation steps based on presented Risk Assessments. Participate in initiatives to inform and train colleagues about security awareness and best practices. Assist the SOC Manager in drafting and maintaining various internal Standard Operating Procedures. Assist the SOC Manager to the contribution to the IS Directorate yearly business plan and roadmaps. Liaise with the SOC Manager in order to escalate any strategic IT security risks linked to technology or within the scope of work of the IS&T directorate. Execute the relevant security audits, assessments, penetration tests etc. and advise the SOC Manager on corrective actions or enhancements to IT products or projects. Perform any other duties as required by the SOC Manager. Requirements Training/Education required Three-to-four years’ education at a University or other specialized higher education establishment, in the field of software engineering, computer science, information technology, information security, mathematics, engineering or a related field preferred. One or more internationally recognized IT Security Certifications (CISM, CISSP, CEH, etc.) Experienc...
- Company Name
- CS GROUP
- Job Title
- Développeur/euse fullstack Java / React - Cybersécurité - Le Plessis-Robinson
- Job Description
- Description De L'entreprise Référencé par le Capital Magazine figurant parmi les « Meilleurs employeurs 2023 », CS est une société filiale autonome de Sopra Steria GROUP avec un rayonnement en France et à l’international (plus de 2500 collaborateurs). Experts des systèmes critiques pour les secteurs de la Défense, l'Industrie, le Spatial, la Cybersécurité et l'IA. Partenaire ANSSI, certifié PASSI RGS et LPM, la Business Unit Cybersécurité sécurise les infrastructures des industries les plus critiques (nucléaires, militaires), nous protégeons les informations les plus sensibles (Lettre recommandée électronique, Signature Notariale, etc.). Nous proposons un accompagnement global : de la conception jusqu’aux services managés, en passant par l’intégration systèmes & sécurité, le conseil ainsi que la délégation d’expertise (AT). Description Du Poste Nous recrutons un/e Développeur/euse fullstack Java / React pour rejoindre notre business unit Cybersécurité. Vous rejoindrez les équipes Trusty. Trusty est une gamme complète de services de confiance. Les services souverains de confiance Trusty agissent en complémentarité et garantissent une protection des échanges, des données et des accès en conformité avec les réglementations. Vos missions : Réaliser les spécifications techniques, Développer et créer des tests unitaires, Développer et tester les corrections et évolutions, Participer aux réunions techniques avec le client. L’environnement technique : Java JEE: Spring, Hibernate. Javascript: React. PostgreSQL. Git, Jenkins, Maven, SonarQube, Selenium, Linux, VMWare, Docke rCybersécurité : Certificats x509, PKI, Chiffrement, PaDES/XaDES, BouncyCastle .Qualification sDe formation Bac+5, vous avez une première expérience en développement Java/React. Vous souhaitez vous former et évoluer dans un secteur d’avenir tel que la cybersécurité. Vous êtes intéressé/e par les nouvelles technologies web, les méthodologies DevSecOps, et maîtrisez un maximum des technologies citées précédemment .Vous avez une capacité à travailler en équipe et vous savez résoudre des problèmes complexes ? Vous êtes un/e bon/ne communicant/e et faites preuve de qualités rédactionnelles ? Alors vous êtes la pépite que nous recherchons !À compétences égales, ce poste est ouvert aux personnes en situation de handicap .Informations supplémentaire sIntégrer l’Agence Conseil & Audit, c’est aussi :Des formations dès votre arrivée et tout au long de votre carrière : la CS Academy et la Sopra Steria Academy vous proposent des parcours de formations spécifiques aux métiers et à votre environnement (4400 jours de formation en 2023, 5700 jours de formation prévus pour 2024) ;Des espaces de travail collaboratifs modernes, lumineux et flexibles ;Des facilités d’accès : lignes de bus depuis le centre-ville (transports en commun avec prise en charge à 50%), parking privé pour les automobilistes, les cyclistes et les motocyclistes ;Du télétravail, si le projet le permet ;Une mutuelle prenant en charge votre famille ;Un comité d’entreprise offrant des avantages culturels, sportifs et des réductions sur vos hébergements et transports lors de vos vacances ;Une prime vacances et de cooptation ;Mais aussi… la promesse de se détendre entre midi et deux (babyfoot, jeux, tables extérieures…) .LA SUITE DES ÉVÉNEMENT SSi votre profil correspond, vous aurez un entretien technique avec l’un de nos responsables opérationnels. Puis, vous rencontrerez un/e recruteur/se lors d’un entretien RH. Et nous nous engageons à vous faire un retour par téléphone : )Employeur inclusif et engagé, notre société œuvre chaque jour pour lutter contre toute forme de discrimination et favoriser un environnement de travail respectueux. C’est pourquoi, attachés à la mixité et à la diversité, nous encourageons toutes les candidatures et tous les profils .https://www.soprasteria.fr/nous-connaitre/nos-engagements