Cybersecurity Engineer Job in Alstom

Req ID:73505

We create smart innovations to meet the mobility challenges oftoday and tomorrow. We design and manufacture a complete range of transportation systems, from high-speed trains to electric busesand driverless trains, as well asinfrastructure, signalling and digital mobility solutions. Joining us meansjoininga truly global community ofmore than36 300 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact.

NETWORK & LINKS:

The Selected candidate report to Manager - Cybersecurity Excellence Center and will work with a highly motivated Cybersecurity team involved in vulnerability watch and management, vulnerability assessment, scanning and ethical hacking for Alstoms solutions and products. The candidate will be positioned at Bangalore Technology Center of Alstom Digital Mobility division.

INTERNAL

The candidate will have strong links internally with

• Program Managers
• Product / Software Development Teams
• Alstom IT Organisation

EXTERNAL

• Regional Cybersecurity Managers
• Platform Cybersecurity Managers
• Program / Project Cybersecurity Managers
• Product & Systems Team

OVERALL PURPOSE OF THE ROLE:

We are currently seeking individuals interested in helping us to build and maintain a variety of tooling that Alstom uses to maintain and improve our security posture. Cybersecurity Engineer role is to perform vulnerability watch and management, alert the Products and Platforms for existing or new Vulnerabilities that could potentially impact them. Maintain the vulnerability management system and ensure SLAs of the vulnerability management process. Perform vulnerability scan, policy scan, penetration test and other security assessments. You will lead the incident response process at the first level of analysis (PSIRT) and participate in vulnerability remediation efforts.

RESPONSIBILITIES:

The Cybersecurity Engineer is in charge of the following activities:

• Perform vulnerability watch on Alstoms solution and projects and alert the responsible teams for existing or new Vulnerabilities that could potentially impact them.
• Monitor published vulnerabilities and security advisories globally and provide communications on discovered vulnerabilities or security threats to internal groups
• Perform Cybersecurity Vulnerability scan on with the help of tools like Qualys or any other industry standard tools and provide the analysis to the development and design team.
• Perform penetration test to evaluate the security by safely trying to exploit vulnerabilities that may exist in OS, services, application flaws, improper configurations or risky end-user behaviour.
• Identify required Cybersecurity tools and practices. Provide documentation and training/guidance to the users of the tool and secure the deployment
• Provide internal training on Cybersecurity, vulnerability management process and tools.

Qualifications & Skills:

Prior experience in vulnerability management and application security or demonstrated security experience in either a forensic or an offensive security focused role. Minimum 5 years of experience in performing pen tests /vulnerability assessments and ethical hacking, desirable from product development or industrial control system background.

EDUCATION

• Bachelors or Masters in Computer Science, Information Technology or equivalent
• ECSA and OSCP certifications preferred
• Desirable to have Cybersecurity certification in any one or few of GICSP, CISSP, GSEC, CEH, CISM

BEHAVIORAL COMPETENCIES:

• Be Innovative and be aligned to new technologies, methods and tools
• Demonstrate excellent communication skills and able to guide, influence and convince others in a matrix organization.
• Team Player with prior experience in working with European customer is not mandatory but preferable.

TECHNICAL COMPETENCIES & EXPERIENCE

• Having good experience and able to work independently on atleast few of security tools (Qualys, Kali Linux, Nessus, Netsparker, OpenVAS, Nexpose, Wireshark, Metasploit, IBM AppScan, HP Webinspect, NTO Spider Burp, SQLmap, nmap, fuzzers, password recovery tools and other penetration testing tools)
• Strong experience in performing penetration tests and/or vulnerability assessments on products, web applications and networks.
• Prior Knowledge of security assessment on SCADA and IOT devices.
• Under standing of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming / Scripting languages (C, Java, Python, Shell)
• Excellent knowledge on configuration review of Linux, Windows and Network devices with respect to CIS Benchmark
• Experience with static analysis tools and software composition analysis tools
• Knowledge of Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE) and Common Weakness Enumeration (CWE)
• Considerable knowledge on programming languages (e.g. Java, C, C++, C#.NET, Scripting languages)
• Knowledge of some security solutions and areas, such as: BRP / DRP, GRC, IAM, DLP, PKI, SOC, IDS / IPS, SAP, security, etc.
• A strong understanding of technologies and associated protocols such as HTTPS, TLS, DNS, SSL etc.
• Main standards and regulations, such as: ISO 2700X, 62443 and NIST..
• Experience presenting to or training technical audiences a plus.
• A technical writing experience is a plus.

EXPERIENCE / SKILL SET

• Manual Penetration Testing and Application Security Testing skills
• Platform - Kali Linux, Windows, CentOS, Red Hat
• Discovery : Netdiscover, nmap, masscan
• Services : Nmap, masscan
• Enumeration : enum4linux, smbclient
• Application Layer Testing: DirBuster, Nikto
• Exploitation : Hydra, MetaSploit, SQLMap
• Vulnerability scan, Web App scan, Policy compliance scan : Qualys, Tenable
• Web Scanners : Qualys, NetSparker, Acunetix, Burpsuite Pro
• Network Scanners : Qualys, Nessus

• Language Skills: Proficient in English language
• IT Skills: MS office tools (Word, Excel, PowerPoint), Visio,

An agile, inclusive and responsiblecultureis the foundation of ourcompanywhere diverse people are offered excellent opportunities to grow, learn and advanceintheir careers.We are committed toencouragingour employeesto reach their full potential,while valuing and respecting them as individuals.

Job Type:?Experienced?