Job Listings

Industrial Cybersecurity Expert Facing growing customers' requests in securing our European Critical Infrastructures against Cyberattack, Expleo is looking to strengthen its teams to assist its customers in Air, Sea and Land Transportation.   Role Your role is very diversified and exciting. You will work closely with Industrial Cybersecurity Architects, Engineers, Customer Engineers and Testing and validation teams.   In this role you will: - Define System, Component, and sub-components level Cybersecurity of Rail (Applicable to others Transport Industrial areas) systems requirements, - Align with the Industrial Cybersecurity Architects, testers and customers teams to have the latest Threat landscape and Risks picture to adapt the resilience where needed, - Keep requirements updated with the latest developments in Regulations, Directives, and other Technical Specifications of the sector,   Profile We are not looking for the candidate that ticks all the boxes, but if you find yourself in the following sentences then we would be glad to meet you! - Minimal a bachelor’s degree in computer science or programming, - Minimum of 5 years of experience in a combination of information security and GRC, - Knowledge of common information security management frameworks, such as ISO/IEC 27001, IEC 62443; NIST Cybersecurity framework for critical infrastructure, - You have experience with OT / ICS Cybersecurity, - You are familiar with OT Network segmentation zonings & requirements, - Advanced knowledge of risk assessment approaches, methodologies, Target Security Level definition, - Professional security management certification is a PLUS, such as Certified Information Systems Security Professional (CISSP), CISA, CISM, ISO 27001 LA/LI, ISO 27005 RM, GIAC Information Security Professional (GISP), or other similar credentials, - Knowledge on Cybersecurity requirements definitions, integrations to Business processes (Procurement, Build, Run, Maintenance, …), - Significant knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.   Other skills: - Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security requirements related concepts to diverse audiences, - Ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives, - Ability to collaborate with large international security technology projects and security remediation projects with significant dependencies on external IT teams, - Strong analytical skills with very good experience in documenting requirements based on Architecture design, risk assessments, Threats identified and policies, - Ability to translate technical details into practical understandable requirements for non-Cybersecurity audience (Engineers, Customer stakeholders, …) and Cybersecurity audience (Customer CISO, Cybersecurity Technical teams, …) - Fluent in English. French and/or German being a strong plus,

Industrial Cybersecurity Architect Facing growing customers' requests in securing our European Critical Infrastructures against Cyberattack, Expleo is looking to strengthen its teams to assist its customers in Air, Sea and Land Transportation.   Role Your role is very diversified and exciting. You will work closely with Industrial Cybersecurity architects to translate Architecture design into Security requirements.  In this role you will: - Document the System under Consideration (SuC) functional description, - Identify the essential and non-essential functions, - Analyse the environment SUC Cyberthreat landscape, - Develop a high-level risk assessment to define the zones and Conduits - Perform a detailed risk assessment to define the targeted Security Level required to protect the SUC - Define Cybersecurity Requirements Specifications for Zones & Conduits (CRS)   You will be part of a team spread across the World and report directly to Cybersecurity Expertise Centre Manager. You will explain and communicate the CRS to the Industrial Cybersecurity expert, or the Customer Cybersecurity teams, engineers, asset owners, …   Profile We are not looking for the candidate that ticks all the boxes, but if you find yourself in the following sentences then we would be glad to meet you! - You are qualified with an IT degree or equivalent, - You demonstrate experience in IT / OT architecture design (System, Components, and subcomponents levels), - You have strong expertise in Risk assessments and Security Level definition, - You are familiar with Industrial Cybersecurity standards: IEC 62443, NIST Cybersecurity framework for Critical Infrastructure, - You have experience with OT / ICS Cybersecurity, - You have strong knowledge in IT/OT Network segmentation zonings & requirements, - You are open to be trained in various Transportation processes and landscapes,   Technical skills: - Minimum of 3 years' experience of network/system security, - Knowledge and experience in VM and OS hardening, - You have been working on Securing automation systems from corporate network communications, - Knowledge and experience in LDAP/Active Directory, Hardening, network protocols, - Knowledge of Industrial and/or process automation protocols is a plus (Modbus, Profinet, OPC xx), - Excellent understanding of security perimeters technologies, - Security certifications are a plus (SANS, ISO, ISC2…), - Knowledge of Railway technical specifications is a plus, - Familiar with IT network protocols (TCP/IP, UDP/IP, TLS, SSH, IPSEC, 802.1X, 801.1Q…) and PKI architectures, - Fluency in English is a must, knowledge of German and /or French is a plus, - Ability to synthetize and draw complex architectures in an easy understandable format for both Safety/Security Engineers and Cybersecurity engineers, - Ability to collaborate & communicate with non-cybersecurity aware people, - Ability to work in a multicultural environment and remotely,

Industrial Cybersecurity Analyst / Engineer Facing growing customers' requests in securing our European Critical Infrastructures against Cyberattack, Expleo is looking to strengthen its teams to assist its customers in Air, Sea and Land Transportation.   Role Your role is very diversified and exciting. You will work closely with Industrial Cybersecurity architects and experts to translate Architecture design and requirements into security measures. You will remain up to date with on-going Cybersecurity new legislative so to advise and support customer implementations (Cybersecurity Act, Cybersecurity Resilience Act, Transport Specific Cybersecurity Technical Specifications…)   In this role you will: - Support the saucerization of Industrial solutions integration for our customers, - Balance business and technical requirements (Architecture Zones and Conduits) at Systems, Components, subcomponents levels to build security measures and countermeasures, - Assist customers requests for Impact Analysis, - Provide advice to red and blue customers teams dealing with Cyber-incidents, Cyberthreats response and mitigations, - Contribute to R&D Cybersecurity projects (Pen testing automated tools for Drones, Embedded systems for automotive, …) You will be part of a team spread across the World and report directly to Cybersecurity Expertise center manager.   Profile We are not looking for the candidate that ticks all the boxes, but if you find yourself in the following sentences then we would be glad to meet you! - You are qualified with an IT degree or equivalent. You can collaborate with Engineers to build a secure solution for our customers by integrating Cybersecurity into their activities, - You are open to be trained in various Transportation processes and landscapes, - You are familiar with Industrial Cybersecurity standards: IEC 62443, NIST Cybersecurity framework for Critical Infrastructure, - You have experience with OT / ICS Cybersecurity, - You are familiar with OT Network segmentation zonings concepts, - You have been exposed to Cybersecurity Operations by assisting Red/blue teams with end point security, network security and application security, - You are very good at Security hardening,   Technical skills: - Minimum of 3 years' experience of network/system security, - Knowledge and experience in VM and OS hardening, - Knowledge and experience in LDAP/Active Directory, network segmentation, - Knowledge of Industrial and/or process automation protocols is a plus (Modbus, Profinet, OPC xx), - Excellent understanding of security perimeters technologies, - Security certifications are a plus (SANS, ISO, ISC2…), - Knowledge of Railway technical specifications, - Familiar with network protocols (TCP/IP, UDP/IP, TLS, SSH, IPSEC, 802.1X, 801.1Q…) and PKI architectures, - Fluency in English is a must, knowledge of German and /or French is a plus, - Ability to collaborate & communicate with non-cybersecurity aware people, - Ability to translate Architecture concepts / Design and requirements, Cybersecurity requirements and specifications into Cybersecurity measures, - Remote collaboration with international Community of experts across the globe,