IDEMIA, the global leader in Augmented Identity, provides a trusted environment enabling citizens and consumers alike to perform their daily critical activities (such as pay, connect and travel), in the physical as well as digital space.Requirements
Within a technical governance department of the software excellence engineering center of 120 people, attached to the CTO of center, you carry out your mission in an agile organization (SCRUM or similar methodology). As a cybersecurity expert, you will ensure the security of all Idemia and non Idemia components used in Idemia end-to-end large security systems: security of software application, of networks, of data and of IT infrastructure, as well as the security of the security systems themselves in the area of biometric digital identity provided to government customers.
You will work with all the Agile project teams of the center (scrum master, developers, testers, QA / integrators, PO) in the operational field but also with dedicated DevOps engineers, technical managers, system architects, project managers and team leaders on strengthening the cybersecurity of our systems during pre-sales projects, development, test & qualification and end user deployment.
Technical skills required
-Keep up to date with the latest security and technology developments
-Research/evaluate emerging cyber security threats and ways to manage them
-Plan for disaster recovery and create contingency plans in the event of any security breaches
-Monitor for attacks, intrusions and unusual, unauthorized or illegal activity
-Test and evaluate security products
-Design new security systems or upgrade existing ones
-Use advanced analytic tools to determine emerging threat patterns and vulnerabilities
-Engage in 'ethical hacking', for example, simulating security breaches
-Identify potential weaknesses and implement measures, such as firewalls and encryption
-Investigate security alerts and provide incident response
-Monitor identity and access management, including monitoring for abuse of permissions by authorized system users
-Liaise with stakeholders in relation to cyber security issues and provide future recommendations
-Generate reports for both technical and non-technical staff and stakeholders
-Maintain an information security risk register and assist with internal and external audits relating to information security
-Monitor and respond to 'phishing' emails and 'pharming' activity
-Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
-Give advice and guidance to staff on issues such as spam and unwanted or malicious emails.
-Technical degree in Computer Science or relevant discipline.
-Working experience in at least 2 of the following domains:
o System security
o Network security
o Data security
o Application security
o Cloud security
-Proven 5 years’ experience as a Cybersecurity engineer
-A real curiosity in the field of computer technologies applied to the information system
-Leadership, with strong organizational, interpersonal and Strong communication skills
-Spirit of analysis and synthesis
-Liking working in an international context
-Strong verbal and written skills in English, French would be a plus.
-Motivated by obtaining a result by providing a quality service (risk analysis / quality monitoring process - process of release of deliverables).
-Autonomous and have the sense of clear and synthetic reporting.
You have a real expert role supporting different development-integration-test-deployement teams with following responsibilities:
In pre-sales phase:
-Define security rules for our integrated solutions (HW + SW + network + infrastructure) in pre-sales projects in accordance with customer specifications and optimizing their costs and performance.
In early development phase:
-Define, implement and apply security rules to code generation, SW architecture and interface definition, upstream of the software development process, improving the robustness of applications and their resistance to attacks
Test, Qualification & Delivery phase:
-Provide technical guidance and answer technical questions for project integration team on security purpose.
-Define and implement standardized CI / CD pipelines, ensuring that the appropriate security tools, to detect and remedy vulnerabilities, analyze the code deployed in our environments.
-Define and set up the security controls identified for a solution.
-Perform vulnerability analyzes in accordance with the defined method and participate in the evolution of this method as part of continuous improvement
-Monitor the vulnerabilities of systems on its perimeter. Ensure compliance with the BU's policy in terms of the vulnerability level
-Qualify the “cybersecurity” of our biometric solutions and products developed by Romania engineering center
-Capitalize with other DevOps engineers of different products on CI and CD pipelines including cybersecurity test and qualification
-Prepare/complete security documentation during the design/development/integration/tests stages; establish security guidelines/procedures for operational systems.
-Provide remedial recommendations adapted to the problems encountered and support the project teams in correcting the vulnerabilities identified
-Carry out code / implementation reviews if necessary