The post in a nutshell:
The information technology security assessor works in laboratories that carry out information technology security assessments for sponsors. It verifies the compliance of a product, or even a system, with its security specification, according to a method and standardized, regulatory (Common Criteria-CC, First Level Security Certification-CSPN, etc.) or private criteria. (defined by the sponsor). It acts as a third party independent of the product developers and security assessment sponsors. The evaluator can be specialized in the evaluation of material products (hardware) or software (software).
Equivalent title: Evaluation Manager
Carrying out the assessment:
- Comply with an evaluation procedure and methodology according to previously defined criteria
- Check that the documentation provided by the developer is compliant
- Carry out technical tests to verify that the security functions reach the required level of robustness in line with the security target and the level of certification targeted
- Evaluate the robustness of the product’s cryptological mechanisms
- Write the evaluation report for the certification authority
- Participate in the continuous improvement of evaluation means and methods
Assistance to a sponsor for the preparation of an evaluation carried out by another evaluator:
- Assist in drafting the security target and supplies needed for the assessment
- Conduct upstream security tests
Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.
- Product certifications and assessments: knowledge of security assessment processes (Common Criteria, CPSN, etc.)
- Security of electronics and hardware architectures
- Intrusion tests: mastery of technical security audit techniques
- Cyberdefense: knowledge of attack and intrusion techniques
- Cyberdefense: knowledge of environment vulnerabilities
- Knowledge of systems reverse engineering (or reverse engineering)
- Development knowledge (embedded codes, design languages, scripting)
- Drafting of reports adapted to different levels of interlocutors
- The ability to work in a team
Description of the profession in the ANSSI directory
The evaluator must take into account international regulations, in particular those related to the certification of connected products.
How to access into the job?
Training: Bac+3 to Doctorate including specialization in cybersecurity Job accessible from professional experience in security auditing For certain types of assessments, specialized doctoral profiles may be necessary
Are you looking forward to long studies? Is your job goal to quickly lead multidisciplinary teams?
Or do you enjoy life on our campus so much that you want to stay forever?
The 5-year program is made for you.
The perfect program for technical expert professions in cybersecurity. Select your specialisation (IT - IT or Industrial - OT) and off you go! Gateways exist for those who already validated training courses connected to the cyber field, such as IT or wrongly considered as being "remote" from the cyber field - law degree, business administration…
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.