Cybersecurity Engineer 478603

Req ID:478603

At Alstom we understand transport networks and what moves people. From highspeed trains metros monorails and trams to turnkey systems services infrastructure signalling and digital mobility we offer our diverse customers the broadest portfolio in the industry. Every day more than 80 000 colleagues lead the way to greener and smarter mobility worldwide connecting cities as we reduce carbon and replace cars.

NETWORK & LINKS:

The Selected candidate report to Program Cybersecurity Manager and will work with a highly motivated Cybersecurity team involved in vulnerability monitoring vulnerability assessment scanning and penetration testing of Alstoms solutions and products. The candidate will be positioned at Bangalore Technology Center of Alstom Digital & Integrated System division.

INTERNAL

The candidate will have strong links internally with

• Cybersecurity Services Center Director

EXTERNAL

• Program Managers
• Program / Project Cybersecurity Managers
• Project and Program Teams
• Product / Software Development Teams
• Regional Cybersecurity Managers
• Platform Cybersecurity Managers
• Alstom IT Organisation

OVERALL PURPOSE OF THE ROLE :

We are currently seeking individuals interested to maintain and improve security posture of Alstom Products and Solutions. Cybersecurity expected to lead vulnerability assessments for Alstom products and solution Perform vulnerability scan policy scan penetration test and other security assessments. He also performs vulnerability monitoring and alert the Products and Platforms for existing or new vulnerabilities that could potentially impact them. Maintain the vulnerability management system and ensure SLAs of the vulnerability management process. He will also be part of the incident response team (PSIRT) perform first level of analysis and participate in vulnerability remediation workflow.

RESPONSIBILITIES :

The Cybersecurity Engineer perform the following activities:

• Work with a team of Cybersecurity Engineers and responsible for the vulnerability assessment and penetration test vulnerability scan policy compliance scan and web Application scan with the help of tools like Qualys or any other industry standard tools and provide the analysis to the programs/projects.
• Responsible to evaluate the system or product security by safely trying to exploit vulnerabilities that may exist in OS services application flaws improper configurations or risky enduser behaviour.
• Perform vulnerability monitoring on Alstoms solution and projects and alert the responsible teams for existing or new vulnerabilities that could potentially impact them.
• Monitor published vulnerabilities and security advisories globally and provide communications on discovered vulnerabilities or security threats to internal groups
• Identify required Cybersecurity tools and practices. Provide documentation and training/guidance to the users of the tool and secure the deployment
• Part of the incident response team (PSIRT) perform first level of analysis and participate in vulnerability remediation workflow.
• Provide internal training on Cybersecurity vulnerability management process and tools.

Qualifications & Skills:

Prior experience in vulnerability assessment vulnerability management and application security or demonstrated security experience in either a forensic or an offensive security focused role. Minimum 5 years of experience in performing vulnerability scan pen tests/vulnerability assessments and vulnerability management desirable from product development or industrial control system background. Preferable to have from Railway Cybersecurity domain.

EDUCATION (Engineer)

• Bachelors or Masters in Computer Science Information Technology or equivalent
• CEH or approved Pen Test equivalent certification is mandatory for this position
• ISA 62443 certification and/or OSCP certifications preferred.
• Desirable to have Cybersecurity certification in any one or few of GICSP CISSP GSEC ECSA CISM and Comptia Pen test.

TECHNICAL COMPETENCIES & EXPERIENCE

• Having good experience and able to work independently on atleast few of security tools (Qualys Kali Linux Nessus Netsparker OpenVAS Nexpose Wireshark Metasploit IBM AppScan HP Webinspect Burp Suite SQLmap nmap fuzzers password recovery tools and other penetration testing tools).
• Strong experience in performing penetration tests and/or vulnerability assessments on products web applications and networks.
• Prior knowledge of security assessment on SCADA and IOT devices prfrable
• Under standing of networking (TCP/IP OSI model) operating system fundamentals (Windows UNIX mainframe) security technologies (firewalls IDS/IPS etc. and application programming / Scripting languages (C Java Python Shell).
• Excellent knowledge on configuration review of Linux Windows and Network devices with respect to CIS Benchmark.
• Experience with static analysis tools and software composition analysis tools.
• Knowledge of Common Vulnerabilities and Exposures (CVE) Common Platform Enumeration (CPE) and Common Weakness Enumeration (CWE).
• A strong understanding of technologies and associated protocols such as HTTPS TLS DNS SSL etc.
• Considerable knowledge on programming languages (e.g. Java C C C#.NET Scripting languages) prfrable.
• Main standards and regulations such as : ISO 2700X ISA 62443 and NIST are prfrable.
• Experience presenting to or training technical audiences a plus.
• A technical writing experience is a plus.

• BEHAVIORAL COMPETENCIES:

• Strong individual and a team Player.
• Strong autonomy
• Sense of Service
• Delivery oriented
• Capacity to work in complex environment
• Negotiation skills
• Problem solving
• Demonstrate excellent communication skills and able to guide influence and convince others in a matrix organization.
• Prior experience in working with European customer is desirable.

You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family youll be proud. If youre up for the challenge wed love to hear from you!

Important to note

As a global business were an equalopportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.