Date de début : 01-10-2018
Temps de travail : Full Time
Lieu : Hamburg -Germany
Type de contrat : Permanent contract
Expérience : Early Career
Any product which contains software will show design & programming weaknesses during its lifetime. Often these weaknesses evolve into exploitable vulnerabilities. Best practice in security engineering is to ensure continued product security by using Common Vulnerability Scoring System (CVSS) in conjunction with Security Content Automation Protocol (SCAP), Common Platform Enumeration (CPE) and Common Vulnerabilities and Exposures (CVE). APSYS Risk Engineering GmbH offers this as a service to its customers.
As a Junior Security Engineer you will work on such a vulnerability management project. Your tasks will focus on:
- Understanding the product’s detailed function and architecture,
- Mastering the Vulnerability Management Process and the toolchain used,
- Compilation of the relevant CPE inventories,
- Analysis and evaluation of the CVEs,
- Creating a comprehensive report of the results.
Your tasks will further be developed in the areas of Product Security as well as Production IT Security and Industrial Control Systems Security.
A diversified mix of projects and tasks is available for you to get involved:
- Security risk analyses at architecture or system level,
- Support to system development with regard to information security,
- Supplier monitoring to ensure proper implementation of security requirements,
- Security risk analyses of production tools and machinery as well as production environments,
- Process consultancy and development in these areas.
In addition you will regularly report to project management and you will contribute to the evolution of APSYS methods and procedures.
All tasks have a direct link to the products of Airbus Group, thus securing the European aerospace from attacks from cyberspace.
- University degree in computer science or engineering with a focus on information security, aeronautics, systems engineering or comparable subject,
- first experience in the field of information security
- fluent in German and English, possibly French and Spanish,
- knowledge of system development and/or aeronautics is welcome,
- knowledge of relevant standards (ISO 27005, BSI Std. 100-3, NIST SP 800-30) is welcome.
- excellent interpersonal and communication skills,
- rigorous in the quality of the work done,
- team player with the ability to work autonomously with a strong customer-oriented work attitude,
- profound analytical skills