The post in a nutshell:
The information technology security assessor works in laboratories that carry out information technology security assessments for sponsors. It verifies the compliance of a product, or even a system, with its security specification, according to a method and standardized, regulatory (Common Criteria-CC, First Level Security Certification-CSPN, etc.) or private criteria. (defined by the sponsor). It acts as a third party independent of the product developers and security assessment sponsors. The evaluator can be specialized in the evaluation of material products (hardware) or software (software).
Equivalent title: Evaluation Manager
Carrying out the assessment:
- Comply with an evaluation procedure and methodology according to previously defined criteria
- Check that the documentation provided by the developer is compliant
- Carry out technical tests to verify that the security functions reach the required level of robustness in line with the security target and the level of certification targeted
- Evaluate the robustness of the product’s cryptological mechanisms
- Write the evaluation report for the certification authority
- Participate in the continuous improvement of evaluation means and methods
Assistance to a sponsor for the preparation of an evaluation carried out by another evaluator:
- Assist in drafting the security target and supplies needed for the assessment
- Conduct upstream security tests
Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.
- Product certifications and assessments: knowledge of security assessment processes (Common Criteria, CPSN, etc.)
- Security of electronics and hardware architectures
- Intrusion tests: mastery of technical security audit techniques
- Cyberdefense: knowledge of attack and intrusion techniques
- Cyberdefense: knowledge of environment vulnerabilities
- Knowledge of systems reverse engineering (or reverse engineering)
- Development knowledge (embedded codes, design languages, scripting)
- Drafting of reports adapted to different levels of interlocutors
- The ability to work in a team
Description of the profession in the ANSSI directory
The evaluator must take into account international regulations, in particular those related to the certification of connected products.
How to access into the job?
Training: Bac+3 to Doctorate including specialization in cybersecurity Job accessible from professional experience in security auditing For certain types of assessments, specialized doctoral profiles may be necessary
Our Intra-company training
From 2023 the CSB SCHOOL will offer you to train your employees to help them develop their different skills in the cybersecurity field. After a thorough study of the need by our development manager, you will be put in touch with our different pedagogical experts on the identified theme.
Bachelor Cybersecurity specialist
The perfect path for the technical professions of cybersecurity. At your entrance, select your specialty (IT - IT or Industrial - OT) and start the adventure! Gateways exist for people who have already validated training related to the world of cyber or wrongly judged "distant" from the world of cyber
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.