Overview:
Expleo is a trusted partner for end-to-end, integrated engineering, quality services and management consulting for digital transformation. We help businesses harness unrelenting technological change to successfully deliver innovations that will help them gain a competitive advantage and improve the everyday lives of people around the globe.
Facing growing customers’ requests in securing our European Critical Infrastructures against Cyberattack, Expleo is looking to strengthen its teams to assist its customers in Air, Sea and Land Transportation.
Responsibilities:
- Your role is very diversified and exciting. You will work closely with Industrial Cybersecurity architects, Experts, Engineers and Customer Engineers and Risk Assessment teams to test and validate compliance on Security Level targeted
- In this role you will:
- Probe the security integrity of the System Under Consideration (SUC) and defences by evaluating the attack surface of all in-scope vulnerable web-based services, client-side applications, servers-side processes, Industrial protocols and the zones and conduits of the SUC
- Analyse Architecture design, Security requirements and ensure the SUC complies to the requirements
- The role is therefore twofold, validate the SUC Security Level targeted and mitigate residual threats
Qualifications:
- We are not looking for the candidate that ticks all the boxes, but if you find yourself in the following sentences then we would be glad to meet you!
- You are qualified with an IT degree or equivalent
- You are familiar with Risk assessments and Security Level definition
- You are open to be trained / coached on various Transportation processes and landscapes
- You are familiar with Industrial Cybersecurity standards: IEC 62443, NIST Cybersecurity framework for Critical Infrastructure.
- You have experience with OT / ICS Cybersecurity
- You are familiar with OT Network segmentation zonings & requirements
- You have been exposed to Cybersecurity Operations by assisting Red/blue teams with end point security, network security and application security
- You have strong experience in forensics analysis
- You are a threat hunter
Skills:
- Technical skills:
- Those skills and certifications are a must:
- Vulnerability scanning, passive scanning,
- Certifications on Ethical hacking (CEH, SANS SEC560, OSCP, …)
- Those skills are a plus:
- Perform foot printing and reconnaissance using the latest foot printing techniques and tools as a critical pre-attack phase required in ethical hacking,
- Network scanning techniques and scanning countermeasures,
- Enumeration techniques and enumeration countermeasures,
- Vulnerability analysis to identify security loopholes in the target network, communication infrastructure, and end systems,
- System hacking methodology, steganography, steganalysis attacks, and covering tracks to discover system and network vulnerabilities,
- Mitre Att&CK for IT / ICS,
- Packet sniffing techniques to discover network vulnerabilities and countermeasures to defend sniffing,
- Social engineering techniques and how to identify theft attacks to audit human-level vulnerabilities and suggest social engineering countermeasures,
- DoS/DDoS attack techniques and tools to audit a target and DoS/DDoS countermeasures,
- Session hijacking techniques to discover network-level session management, authentication/authorization, cryptographic weaknesses, and countermeasures,
- Web server attacks and a comprehensive attack methodology to audit vulnerabilities in web server infrastructure, and countermeasures,
- Web application attacks and comprehensive web application hacking methodology to audit vulnerabilities in web applications, and countermeasures,
- SQL injection attack techniques, injection detection tools to detect SQL injection attempts, and countermeasures,
- Wireless encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools,
- Mobile platform attack vector, android vulnerability exploitations, and mobile security guidelines and tools,
- Firewall, IDS and honeypot evasion techniques, evasion tools and techniques to audit a network perimeter for weaknesses, and countermeasures,
- Cloud computing concepts (Container technology, serverless computing), various threats/attacks, and security techniques and tools,
- Penetration testing, security audit, vulnerability assessment, and penetration testing roadmap,
- Threats to I(I)oT and OT platforms and provide guidance on how to defend I(I)oT and OT devices securely,
- Cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools,
- Fluency in English is a must, knowledge of German and /or French is a plus,
- Ability to explain technical vulnerabilities and threats to non-Cybersecurity audience (Engineers, Risk assessment management team, …)
Benefits:
- Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges
- We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects
- Expleo Academy – enables you to acquire and develop the right skills by delivering a suite of accredited training courses
- Competitive company benefits such as medical and dental insurance, pension, life assurance, employee wellbeing programme, sports and social events, birthday hampers and much more!
- Always working as one team, our people are not afraid to think big and challenge the status quo
“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”.
