PSIRT Core Developer R&D (M/F)

Organizational context

The Product Security Incident Response Team (PSIRT) is a dedicated team focused on the security of the product developed in Atos BDS. Its objective is to triage the vulnerabilities potentially affecting them and to ensure they are remediated in time. The PSIRT core team is not directly involved in the implementation of remediation, which remains to be done by development teams.

Its role is to:

• Monitor the potential threats to the security of Atos BDS products.
• Make a first triage on the potential vulnerabilities.
• Liaise with the product teams to further analyze the vulnerabilities and decide over remediation.
• Prepare security advisories related to Atos BDS products.
• Notify relevant authorities in compliance with regulations (notably the Cyber Resilience Act)
• Track the remediation with the support of development teams.

The PSIRT interacts with:

• Product R&D teams through Product Security Officers, to ensure in-depth analysis of potential vulnerabilities and remediation availability.
• Support teams to help addressing Customer issues with respect to vulnerability remediation.
• Product Managers to help prioritize remediation and assess security risks.
• The Chief Product Security Officer (CPSO) who is responsible for the overall governance of Product Security in Eviden’s delivered products.

Role description: The PSIRT Core Developer

Key responsibilities:

• Contributes to the 7/7 main monitoring mission of PSIRT in triaging the discovered vulnerabilities.
• Develops the features of the PSIRT automation tools to improve PSIRT efficiency.
• Interacts with Engineering, Support, and Product Management to confirm vulnerabilities, assess their risk, and elaborate and validate workarounds and remediation.

Required skills:

• Knowledge of scripting languages, especially python and bash.
• Knowledge on vulnerability management and reporting procedures.
• Knowledge on security concepts for administrators especially those useful in a production environment.
• Fluent written and spoken English.

Nice to have:

• Knowledge on cybersecurity tools, best practices, CISO role and ISO 27001 processes.
• Experience in Cybersecurity area: access control, encryption / collecting & analyzing events.