PSIRT Core Developer R&D (M/F)

Eviden, part of the Atos Group, with an annual revenue of circa € 5 billion is a global leader in data-driven, trusted and sustainable digital transformation. As a next generation digital business with worldwide leading positions in digital, cloud, data, advanced computing and security, it brings deep expertise for all industries in more than 47 countries. By uniting unique high-end technologies across the full digital continuum with 47,000 world-class talents, Eviden expands the possibilities of data and technology, now and for generations to come.

Organizational context:

The Product Security Incident Response Team (PSIRT) is a dedicated team focused on the security of the product developed in Atos BDS. Its objective is to triage the vulnerabilities potentially affecting them and to ensure they are remediated in time. The PSIRT core team is not directly involved in the implementation of remediation, which remains to be done by development teams.

PSIRT Core Developer:

• Contributes to the 7/7 main monitoring mission of PSIRT in triaging the discovered vulnerabilities.
• Develops the features of the PSIRT automation tools to improve PSIRT efficiency.
• Interacts with Engineering, Support, and Product Management to confirm vulnerabilities, assess their risk, and elaborate and validate workarounds and remediation.
• Knowledge of scripting languages, especially Python and Bash.
• Knowledge on vulnerability management and reporting procedures.
• Knowledge on security concepts for administrators, especially those useful in a production environment.

• Monitor the potential threats to the security of Atos BDS products.
• Make a first triage on the potential vulnerabilities.
• Liaise with the product teams to further analyze the vulnerabilities and decide over remediation.
• Prepare security advisories related to Atos BDS products.
• Notify relevant authorities in compliance with regulations (notably the Cyber Resilience Act).
• Track the remediation with the support of development teams.

• Product R&D teams through Product Security Officers, to ensure in-depth analysis of potential vulnerabilities and remediation availability.
• Support teams to help addressing Customer issues with respect to vulnerability remediation.
• Product Managers to help prioritize remediation and assess security risks.
• The Chief Product Security Officer (CPSO) who is responsible for the overall governance of Product Security in Eviden’s delivered products.

• Knowledge of scripting languages, especially Python and Bash.
• Knowledge on vulnerability management and reporting procedures.
• Knowledge on security concepts for administrators, especially those useful in a production environment.
• Fluent written and spoken English.
• Nice to have: Knowledge on cybersecurity tools, best practices, CISO role and ISO 27001 processes.
• Experience in Cybersecurity area: access control, encryption / collecting & analyzing events.