5 months ago
VULNERABILITY MANAGEMENT FOR PRODUCT SECURITY
APSYS Risk Engineering GmbH - Hamburg
Created in 1985, APSYS is a wholly-owned subsidiary of AIRBUS.
Apsys delivers essential services across AIRBUS and provides Expertise in Technical, Human & Organizational Risks Management dedicated to Aerospace, Automotive, and Railway, Nuclear, Environment and Petrochemical industries
Airbus is a global leader in aeronautics, space and related services. In 2016, it generated revenues of € 67 billion and employed a workforce of around 134,000. Airbus offers the most comprehensive range of passenger airliners from 100 to more than 600 seats. Airbus is also a European leader providing tanker, combat, transport and mission aircraft, as well as Europe’s number one space enterprise and the world’s second largest space business. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions worldwide.
Our people work with passion and determination to make the world a more connected, safer and smarter place. Taking pride in our work, we draw on each other's expertise and experience to achieve excellence. Our diversity and teamwork culture propel us to accomplish the extraordinary - on the ground, in the sky and in space.
Description of the job
Products which contain software components have to be monitored for vulnerabilities even after entry into market, thus ensuring the function and the integrity of the product.
Internships at Airbus
Tasks & accountabilities
For this task the Common Vulnerability Scoring System (CVSS) in combination with the Security Content Automation Protocol (SCAP), Common Platform Enumeration (CPE) and Common Vulnerabilities and Exposures (CVE) are the tools of choice. APSYS Risk Engineering GmbH offers this work as part of its service portfolio.
As an intern you will be working in the Apsys office on a currently active vulnerability management project. Your tasks will comprise:
* Introduction to the function and architecture of the product/system,
* Introduction to the vulnerability management process and the tool used,
* Compilation of CPE lists,
* Scoring of CVEs,
* Summary of analysis in a report.
All tasks have a direct link to the products of Airbus Group, thus securing the European aerospace from attacks from cyberspace.
Current study of computer science or engineering with a focus on information security, aeronautics, systems engineering or comparable subject,
* first experience in the field of information security,
* profound analytical skills,
* fluent in English, possibly German,
* excellent interpersonal and communication skills,
* rigorous in the quality of the work done,
* team player with the ability to work autonomously with a strong customer-oriented work attitude,
* knowledge of system development and/or aeronautics is welcome,
* knowledge of relevant standards (ISO 27005, BSI Std. 100-3, NIST SP 800-30) is welcome.