Cyber Security Authority - Emilia Romagna, Italia - Confidenziale

Confidenziale

Azienda verificata

Emilia Romagna, Italia

2 settimane fa

Inviato da:

Piero Bianchi

Reclutatore di talenti per beBee

Descrizione

Location:

Gorgonzola, ItalyThales people architect solutions that are relied upon to deliver operational advantage at every decisive moment throughout the mission.

Defence and armed forces customers rely on us to deliver the full range of defensive systems for land, sea, and air.

From early warning, to threat neutralisation, our platforms cover all levels from very short-range systems, to extended protection across the entire battle-Importante Azienda including Airspace Mobility Solutions, Vehicles and Tactical Systems and Missile Defence, Optronics, and Radar.

Gorgonzola hosts Navigations Air Systems (NAS) domain.

The activity of NAS domain:

avionics, navigation and radar systems for civil air traffic and technologies supporting the activities of civilian and military pilots, ATC controllers and technicians of several airlines, air traffic control agencies and Air Force around the world.

Italy is the Group's Competence center for the design, production and delivery of Navigation Aids products and Competence Centre for the delivery of non-Radar Surveillance Products.

Purpose of the jobCyber Project Design Authority is the technical leader in the engineering environments orchestrating and arbitrating on key choices according to many criteria, such as cost, delay, performance, reuse, environment constraints and security.

These compromises are not always easy to reach and have to be tracked and reported.
The cyber PDA is integrated into the technical and engineering team in charge of designing the system solution.

He/she works alongside other specialist engineers and architects to provide the right security solutions to meet customer requirements and risk appetite.

He/she provides all recommendations and arguments to address the challenges of modern digital infrastructure and platform solutions both on premise and clouds.

ResponsibilitiesIn charge of leading the technical choices of cyber solutions, the Cyber Project Design Authority:

Defines the solution architecture for the project,Contributes to develop the solution architecture for the project with security architects and security engineers.

Manages the interface with internal stakeholders including other transverse disciplines (safety, human factors, ILS) and external customers explaining the conformity of the solution.provides arbitration on complex technical the main interlocutor for several stakeholders of the project from the architect to the Solution Engineering Manager in order to clarify the security solution elements.

Prepares strategic technical decisions for the project and senior management.

More precisely,In the scoping phase, he/she:

is responsible for the security solution compliance,supports capture, bid and project team to understand the context and customer needs as early as possible,assesses the conformity to the cyber product policy.

In the solution design phase, he/she:

addresses alternative solutions,ensures the feasibility of considered alternative solutions from multiple points of view including technology maturity, product policy, make or buy strategy, contractual requirements, cost, schedule, resources, risk production, maintenance, etc.

Chooses cyber defense tools for integration among a variety (e.g., IDS, firewalls, log management, IAM, PKI, endpoint antimalware solutions, etc.).

Keeps knowledge on products up to date by Collaborating/interacting with cyber suppliers/vendorsIn the solution implementation and IVVQ phase, he/she:

Supports the IVVQ team Importante Azienda the build process providing hardening guidance,Identifies system non-compliances that can raise the security risk profile and in that case work with the security risk analyst to develop appropriate security risks and make them endorsed by the customer,Reviews and approves security artifacts generated Importante Azienda the IVVQ program,Main tasksCyber Product Design Authorities conduct security related tasks including:
Cyber Product Design Authorities must have strong experience or knowledge (and provide associated certifications) in:

Analysis and judgement - Relate and compare data from different sources; identify problems, issues or relations then develop courses of action or make decisions based on factual information and logic.

Natural curiosity about cybersecurity news (major cyberattacks, new attacker modus operandi, etc.)Ability to develop security architecture artefacts with appropriate trades-off to reduce or avoid risk and performance impact and answer cost constraints.

Cost focused - pro-actively negotiate and provide solutions to meet project budget expectations ;Practical learning - Assimilating and applying, in a timely manner, new job-related information that may vary in complexity.

Teamwork/collaboration - Working effectively with team/work groups or those outside formal line of authority (e.g. peers, senior managers) to accomplish organizational goals; taking actions that respect the needs and contributions of others; contributing to and accepting the consensus; subordinating own objectives.
Technical/professional knowledge - keeping abreast of current developments and trends in areas of expertise.
Effectively communicate with all levels of staff via meetings and written communications.

Experience:
A degree in computer science, IT, systems engineering, or related qualification.

At least 6 years of work experience with:
incident detection, incident response, and forensics.

Security systems, including firewalls, intrusion detection systems, security intelligence, threat analysis, anti-virus software, authentication systems, log management, content filtering, Office 365 etc.

Experience with Cybersecurity in Cloud environment like Google, Importante Azienda, or Microsoft Azure.
Proficiency in Python, or C++, Java, Ruby, Node, Go, and/or Power Shell.
Ability to work under pressure in a fast-paced environment.
Strong attention to detail with an analytical mind and outstanding problem-solving skills.
Great awareness of cybersecurity trends and hacking techniques.

Knowledge and experience on security framework:
NIST, ISO 2700x, EU NIS, National Cybersecurity Framework.
Knowledge about critical infrastructures security framework like ISO IEC 62443 desired.
A good knowledge of English language, written and spoken, is required.
Certifications such as CISSP, GSEC, CEH or CISM desired.