Cybersecurity Engineer

Job Description

Req ID:214872 We create smart innovations to meet the mobility challenges of today and tomorrow. We design and manufacture a complete range of transportation systems, from high-speed trains to electric buses and driverless trains, as well as infrastructure, signalling and digital mobility solutions. Joining us means joining a truly global community of more than 70000 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact. NETWORK & LINKS: The Selected candidate report to Lead Security Assessment and will work with a highly motivated Cybersecurity team involved in vulnerability assessment, scanning and ethical hacking for Alstom s solutions and products. The candidate will be positioned at Bangalore Technology Center of Alstom Digital & Integrated System division.INTERNAL The candidate will have strong links internally with

• Manager Cybersecurity Excellence Center
• Regional Cybersecurity Managers
• Platform Cybersecurity Managers
• Program / Project Cybersecurity Managers

EXTERNAL

• Project / Program Managers
• Product / Software Development Teams
• Product & Systems Team
• Alstom IT Organisation

OVERALL PURPOSE OF THE ROLE : We are currently seeking individuals interested in helping us to build and maintain a variety of tooling that Alstom uses to maintain and improve our security posture. Cybersecurity Engineer role is to perform security assessment of Alstom s Products and Solutions and report it to the Products and Platforms for existing or new Vulnerabilities that could potentially impact them. Perform vulnerability scan, policy scan, web application scan, penetration test and other security assessments and do the first level of analysis and participate in vulnerability remediation workflow. RESPONSIBILITIES : The Cybersecurity Engineer Security Assessment perform the following activities:

• Setup infrastructure and execute the Penetration test, Vulnerability scan, Policy Compliance scan and Web Application scan with the help of tools like Qualys or any other industry standard tools and provide the analysis to the programs/projects.
• Responsible for the Penetration test to evaluate the security by safely trying to exploit vulnerabilities that may exist in OS, services, application flaws, improper configurations or risky end-user behaviour.
• Perform vulnerability scan on Alstom s solution and projects and alert the responsible teams for existing or new Vulnerabilities that could potentially impact them.
• Monitor published vulnerabilities and security advisories globally and provide communications on discovered vulnerabilities or security threats to internal groups.
• Identify required Cybersecurity tools and practices. Provide documentation and training/guidance to the users of the tool and secure the deployment.
• Provide internal training on Cybersecurity, vulnerability management process and tools.

Qualifications & Skills:Minimum 4 years of experience in vulnerability assessment, vulnerability management and application security or demonstrated security experience in either a forensic or an offensive security focused role. Desirable from product development or industrial control system background. Preferable to have from Railway Cybersecurity domain.EDUCATION

• Bachelors or Masters in Computer Science, Information Technology or equivalent
• Must to have Cybersecurity certification in any one or few of GICSP, CISSP, GSEC, CEH, CISM, and Comptia Pen test+.
• Desirable to have ISA 62443 certification and/or ECSA and OSCP certifications preferred.

BEHAVIORAL COMPETENCIES:

• Strong individual and a team Player.
• Be Innovative and be aligned to new technologies, Methods and Tools.
• Demonstrate excellent communication skills and able to guide, influence and convince others in a matrix organization.
• Prior experience in working with European customer is desirable.

TECHNICAL COMPETENCIES & EXPERIENCE

• Having good experience and able to work independently on atleast few of security tools (Qualys, Kali Linux, Nessus, Netsparker, OpenVAS, Nexpose, Wireshark, Metasploit, IBM AppScan, HP Webinspect, NTO Spider Burp, SQLmap, nmap, fuzzers, password recovery tools and other penetration testing tools)
• Strong experience in performing penetration tests and/or vulnerability assessments on products, web applications and networks.
• Prior knowledge of security assessment on SCADA and IOT devices.
• Under standing of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming / Scripting languages (C, Java, Python, Shell)
• Excellent knowledge on configuration review of Linux, Windows and Network devices with respect to CIS Benchmark
• Knowledge of Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE) and Common Weakness Enumeration (CWE)
• Knowledge of some security solutions and areas, such as : BRP / DRP, GRC, IAM, DLP, PKI, SOC, IDS / IPS, SAP, security, etc.
• Under standing of technologies and associated protocols such as HTTPS, TLS, DNS, SSL etc.
• Experience with static analysis Tools and software composition analysis Tools.
• Main standards and regulations such as: ISO 2700X, ISA 62443 and NIST
• Desirable to have experience in programming languages (e.g. Java, C, C++, C#.NET, Scripting languages)
• Experience in presenting to or training technical content to audiences a plus.
• A technical writing experience is a plus.

EXPERIENCE / SKILL SET

• Vulnerability scan, Web App scan, Policy compliance scan: Qualys, Tenable
• Web Scanners: Qualys, NetSparker, Acunetix, Burpsuite Pro
• Network Scanners: Qualys, Nessus
• Manual Penetration Testing and Application Security Testing skills
• Platform - Kali Linux, Windows, CentOS, Red Hat
• Discovery: Netdiscover, Nmap, masscan
• Services: Nmap, masscan
• Enumeration: enum4linux, smbclient
• Application Layer Testing: DirBuster, Nikto
• Exploitation: Hydra, Metasploit, SQLMap

• Language Skills: Proficient in English language

• IT Skills: MS office tools (Word, Excel, PowerPoint), Visio.

An agile, inclusive and responsible culture is the foundation of our company where diverse people are offered excellent opportunities to grow, learn and advance in their careers. We are committed to encouraging our employees to reach their full potential, while valuing and respecting them as individuals. Job Type: ExperiencedJob Segment: ERP, Mainframe, Linux, Developer, Java, Technology ,

Keyskills :
ms office toolsms officecustomer relationskali linuxfirewallmusic makingnetworkingsecurity toolsidspenetration testingapplication security testingweb appcontrol system