Cybersecurity Engineer

Apply now »

Date: 14-Jun-2022

Location: Bangalore, KA, India

Company: Alstom

Req ID:238251 

We create smart innovations to meet the mobility challenges of today and tomorrow. We design and manufacture a complete range of transportation systems, from high-speed trains to electric buses and driverless trains, as well as infrastructure, signalling and digital mobility solutions. Joining us means joining a truly global community of more than 70000 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact.  

NETWORK & LINKS:

The Selected candidate report to Manager - Cybersecurity Excellence Center and will lead a highly motivated Cybersecurity team involved in Incident Management, Digital Forensics and Interfacing with Product CERT. The candidate will be positioned at Bangalore Technology Center of Alstom Digital & Integrated System division.

 

INTERNAL

The candidate will have strong links internally with

  • Regional Cybersecurity Managers
  • Platform Cybersecurity Managers
  • Program / Project Cybersecurity Managers

 

EXTERNAL

  • Project / Program Managers
  • Product / Software Development Teams
  • Product & Systems Team
  • Alstom IT Organisation
  • Customers
  • Suppliers
  • CERT

 

OVERALL PURPOSE OF THE ROLE :

We are currently seeking individuals interested in helping us to build and maintain Product Security Incident Response team and process Alstom and improve our security posture. The selected candidate will lead the incident response team and responsible for the first level of analysis of the cybersecurity incidents that are reported to the PSIRT and participate in vulnerability remediation and mitigation efforts. He will lead forensic examination of workstations, laptops, USB and external disks, virtual machines etc. and simulate Cyber incidents in a controlled lab environment to gather more detail about the attack and recommend the steps to prevent such type of attacks in future.

 

 

RESPONSIBILITIES :

The Lead – Incident Management perform the following activities:

  • Lead the incident response team and responsible for the first level of analysis (PSIRT) for the cybersecurity incidents that are reported to the PSIRT mail address and participate in vulnerability remediation efforts.
  • Responsible for setting up and deploy the Product Incident Management process at Alstom.
  • Raise incident tickets on PSIRT ticketing tool on Products/Solutions for the incidents and vulnerabilities reported to PSIRT.
  • Ensure tickets are treated by the assignee and follow up for closure.

  • Setup infrastructure and perform digital forensics to identify the root cause of the cyber incident, extract digital evidences and data (possible hidden and deleted) related to an incident.
  • Conduct forensic examination of workstations, laptops, USB and external disks, virtual machines etc. and simulate Cyber incidents in a controlled lab environment to gather more detail about the attack and recommend the steps to prevent such type of attacks in future.
  • Perform data recovery on workstations, laptops, as well as portable storage devices and having experience on preparing a detailed and easy to understand forensic report format.
  • Recover damaged, deleted, hidden and protected or encrypted files.
  • Participate in actions to close the incident along with the Product teams.
  • Identify required Cybersecurity tools and practices. Provide documentation and training/guidance to the users of the tool and secure the deployment.
  • Provide internal training on Cybersecurity, Incident Management process and tools.
  • Perform regular team management activities like workload and capacity management, incident ticket assignment and follow up for closure within SLA and performance management of the team members.

 

 

Qualifications & Skills:

Minimum 12 years of total experience and atleast 4 years in Cyber Security, which includes Digital Forensics, Incident Management, Network Security, Application Security and Penetration Testing, Desirable from product development or industrial control system background. Preferable to have from Railway Cybersecurity domain.

 

EDUCATION

  • Bachelors or Masters in Computer Science, Information Technology or equivalent
  • Must to have Cybersecurity certification in any one or few of GICSP, CISSP, GSEC, CEH, CISM, and Comptia Pen test+.
  • Desirable to have ISA 62443 certification and/or ECSA and OSCP certifications preferred.
  • Desirable to have certification, diploma or training in Digital Forensics.

 

 

BEHAVIORAL COMPETENCIES:

  • Strong people management skills.
  • Strong individual and a team Player.
  • Strong individual and a team Player.
  • Strong autonomy
  • Sense of Service
  • Delivery oriented
  • Capacity to work in complex environment
  • Negotiation skills
  • Problem solving
  • Be Innovative and be aligned to new technologies, Methods and Tools.
  • Demonstrate excellent communication skills and able to guide, influence and convince others in a matrix organization.
  • Prior experience in working with European customer is desirable.     

 

TECHNICAL COMPETENCIES & EXPERIENCE 

  • Expertise on examining all electronic media devices for extracting digital evidences and data (possible hidden and deleted) related to an cyber incident.
  • Experience in imaging devices with FTK Imager, FTK, Encase and Tableau WriteBlockers.
  • Having good experience on Forensic tools like FTK, KAPE, Log2timeline, RegRipper, SOLO-IV, Winhex, Volatility, Media Clone, GRR & Autopsy etc.
  • Having good experience and able to work independently on atleast few of security tools (Qualys, Kali Linux, Nessus, Netsparker, OpenVAS, Nexpose, Wireshark, Metasploit, IBM AppScan, HP Webinspect, NTO Spider Burp, SQLmap, nmap, fuzzers, password recovery tools and other penetration testing tools)
  • Strong experience in performing penetration tests and/or vulnerability assessments on products, web applications and networks.
  • Prior knowledge of security assessment on SCADA and IOT devices.
  • Under standing of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming / Scripting languages (C, Java, Python, Shell)
  • Experience in presenting to or training technical content to audiences a plus.
  • A technical writing experience is a plus.

 

EXPERIENCE / SKILL SET

  • Imaging tools: FTK Imager, FTK, Encase and Tableau WriteBlockers
  • Forensic tools: FTK, SOLO-IV, KAPE, GRR, Log2timeline, RegRipper, Winhex, Volatility, Media Clone, Autopsy etc.,
  • Vulnerability scan, Web App scan, Policy compliance scan: Qualys, Tenable
  • Web Scanners: Qualys, NetSparker, Acunetix, Burpsuite Pro
  • Network Scanners: Qualys, Nessus
  • Manual Penetration Testing and Application Security Testing skills
  • Platform - Kali Linux, Windows, CentOS, Red Hat
  • Discovery: Netdiscover, Nmap, masscan
  • Services: Nmap, masscan
  • Enumeration: enum4linux, smbclient
  • Application Layer Testing: DirBuster, Nikto
  • Exploitation: Hydra, Metasploit, SQLMap

 

  • Language Skills: Proficient in English language
  • IT Skills: MS office tools (Word, Excel, PowerPoint), Visio.

 

An agile, inclusive and responsible culture is the foundation of our company where diverse people are offered excellent opportunities to grow, learn and advance in their careers.  We are committed to encouraging our employees to reach their full potential, while valuing and respecting them as individuals.   

 

 

Job Type:​Experienced​


Job Segment: Testing, Computer Science, Open Source, Technical Writer, Linux, Technology