Airbus is a global leader in aeronautics, space and related services. In 2019 it generated revenues of € 70.5 billion and employed a workforce of around 134,000. Airbus offers the most comprehensive range of passenger airliners. Airbus is also a European leader providing tanker, combat, transport and mission aircraft, as well as one of the world’s leading space companies. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions worldwide.
Our people work with passion and determination to make the world a more connected, safer and smarter place. Taking pride in our work, we draw on each other's expertise and experience to achieve excellence. Our diversity and teamwork culture propel us to accomplish the extraordinary - on the ground, in the sky and in space.
In line with the Airbus leadership model, manage direct and/or transversal team(s). Engage, develop and motivate the direct/transversal team(s), promoting collaboration and out of silos mindset. Deliver on time, cost and quality expected customers products. Adopt lean means to detect and eliminate wastes and not added value tasks/activities. Secure the business at short/mid/long term, contributing to increase Airbus profitability.
This jobholder leads the strategy, coordination, and delivery of Airbus’ digital security deep-dive evaluation, pen-test, and red-team activities within Corporate Digital Security. The jobholder is also responsible for directly managing the digital security department evaluation and test team; including full time staff, contractors, and external support.
The following accountabilities are described giving the scope of their applicability:
- Airbus-wide coordination of digital security pen-tests
- Execution of digital security deep-dive evaluations, pen-tests, red-team, and purple team exercises; either directly or via procurement of external service
- Ensure appropriate reporting of evaluations, pen-tests, and red-team exercises
- Strategic development of evaluation and test initiatives
- Coordinate and set standards for DevSecOps implementation and tooling
B. Main activities
- Define and manage the cyber security test program, considering inputs and requests from governance, risks, security architecture, and through independent review, company-wide, on the Airbus Commercial perimeter, excluding Airbus Products
- Undertake deep dive technical security evaluations for both COTS and bespoke developed equipements (Airbus Products/IT/OT)
- Undertake continuous security red team & purple team initiatives and activities as directed and within authorized rules of engagement
- Manage the third-party evaluation test-program (aka pen-testing by external companies)
- Provide feedback and recommendations from security testing to relevant departments
- Identify and report company-wide cyber-attack paths
- Define and develop processes and tools to allow the Business, company-wide, to be empowered for autonomous security testing in project mode
- Define and manage DevSecOps strategy and standards for implementation, tooling, and operation
- Provide expertise on technical matters
- Enhance the Airbus security brand by the means of publications, presentations, external engagements, etc.
- Participate in strategy definition and development of the digital security department
- Ensure coordination and cooperation across the digital security department and across Airbus
- Engage with internal customers and maintain customer request tracking, delivering to
- Define and manage departmental strategy and vision in conjunction with the Corporate Digital
Security Officer (CDSO/CISO)
- Deliver all project & department reporting
- Manage team personnel across multiple sites including performance and development,
recruitment and retention according to digital security department planning
- Manage appropriately team finances within approved budget
- Manage capability and projects against cost, quality, and timeliness
- Represent the team internally and externally
- Manage internal customer and stakeholder relationships
- List of prioritized evaluation to be perform on a yearly basis
- Evaluation report
- Exercise report
- Technology watch report
- Expert recommendations and feedbacks
- Comprehensive description of company wide attack paths
- Counter measure recommendations
- COTS tools evaluation or recommendation
- Publications, White paper, documentation
· Master's Degree in Information Technology or equivalent experience
· English: Negotiation Level
· At least 15 years of work experience in the security area
· Good ability to understand Airbus policies and standards
· Strong negotiation and communication skills in an international context
· Ability to coordinate teams located in different organizations and locations
This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.
By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.