Description de l'offre
JUNIOR SECURITY ENGINEER (H/F)
APSYS Risk Engineering GmbH - Hamburg
Created in 1985, APSYS is a wholly-owned subsidiary of AIRBUS.
Apsys delivers essential services across AIRBUS and provides Expertise in Technical, Human & Organizational Risks Management dedicated to Aerospace, Automotive, and Railway, Nuclear, Environment and Petrochemical industries.
Airbus is a global leader in aeronautics, space and related services. In 2017, it generated revenues of € 67 billion and employed a workforce of around 130,000. Airbus offers the most comprehensive range of passenger airliners from 100 to more than 600 seats. Airbus is also a European leader providing tanker, combat, transport and mission aircraft, as well as Europe's number one space enterprise and the world's second largest space business. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions worldwide.
Our people work with passion and determination to make the world a more connected, safer and smarter place. Taking pride in our work, we draw on each other's expertise and experience to achieve excellence. Our diversity and teamwork culture propel us to accomplish the extraordinary - on the ground, in the sky and in space.
Tasks & accountabilities
Any product which contains software will show design & programming weaknesses during its lifetime. Often these weaknesses evolve into exploitable vulnerabilities. Best practice in security engineering is to ensure continued product security by using Common Vulnerability Scoring System (CVSS) in conjunction with Security Content Automation Protocol (SCAP), Common Platform Enumeration (CPE) and Common Vulnerabilities and Exposures (CVE). APSYS Risk Engineering GmbH offers this as a service to its customers.
As a Junior Security Engineer you will work on such a vulnerability management project.
Your tasks will focus on:
· Understanding the product's detailed function and architecture,
· Mastering the Vulnerability Management Process and the toolchain used,
· Compilation of the relevant CPE inventories,
· Analysis and evaluation of the CVEs,
· Creating a comprehensive report of the results.
Your tasks will further be developed in the areas of Product Security as well as Production IT Security and Industrial Control Systems Security.
A diversified mix of projects and tasks is available for you to get involved:
· Security risk analyses at architecture or system level,
· Support to system development with regard to information security,
· Supplier monitoring to ensure proper implementation of security requirements,
· Security risk analyses of production tools and machinery as well as production environments,
· Process consultancy and development in these areas.
In addition you will regularly report to project management and you will contribute to the evolution of APSYS methods and procedures.
All tasks have a direct link to the products of Airbus Group, thus securing the European aerospace from attacks from cyberspace.
This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.
· An university degree in computer science or engineering with a focus on information security, aeronautics, systems engineering or comparable subject,
· A first experience in the field of information security
· Fluent in German and English, possibly French and Spanish,
· Knowledge of system development and/or aeronautics is welcome,
· Knowledge of relevant standards (ISO 27005, BSI Std. 100-3, NIST SP 800-30) is welcome.
· Excellent interpersonal and communication skills,
· Rigorous in the quality of the work done,
· Team player with the ability to work autonomously with a strong customer-oriented work attitude,
· Profound analytical skills,