Project System Security Officer

Job Requisition ID:  20365
Date Posted:  25 March 2026
Closing Date:  15 April 2026 23:59 CET/CEST
Publication:  Internal & External
Type of Appointment Fixed-Term
Directorate:  Technology, Engineering and Quality
Workplace: 

Noordwijk, NL

Grade Band A2 - A4

This is a fixed-term appointment with an initial duration of 4 years. Depending upon performance and organisational needs, the appointment may be extended up to a possible maximum duration of 8 years. 

Location
ESTEC, Noordwijk, Netherlands 

Description

Project/System Security Officer (PSSO) in the System Security Section (TEC-SES), End-to-End Systems Division, Systems Department, Directorate of Technology, Engineering and Quality.

The System Security Section is responsible for the end-to-end system security engineering of the Agency’s missions, projects and activities in the space, ground and user segments and communication links, as well as at system, subsystem, element and equipment level. It covers the missions from the study phase to the definition of requirements, design, development, security integration/verification and security service preparation, across the full stack, from the physical to the application layer. The System Security Section provides functional support to ESA missions and projects in the area of end-to-end security engineering and cyber security. To serve these functions, it also defines and executes the associated technology research and development (R&D) and studies.

In this position, you will support ESA directorates, or projects and systems, as a Project/System Security Officer (PSSO). 

Duties

As a Project/System Security Officer (PSSO), you will be responsible for all security measures designed as part of the overall system(s) you will be assigned to. The tasks to be accomplished will be under the control of and defined by the ISO (Information Security Officer). Specifically, your tasks and responsibilities will include:

  • creating and implementing comprehensive security policies, procedures and access control protocols in compliance with the ESA Security Framework;
  • ensuring that the corporate information system and all assets for which the PSSO is responsible are secured, managed and accounted for in accordance with the ESA Security Directives;
  • specifying the security standards to be met and practices to be applied by the supplier of the system;
  • proactively identifying, analysing and mitigating security threats to infrastructure;
  • contributing to the definition, analysis and consolidation of system security requirements;
  • conducting security risk assessments and supporting security risk management by proposing suitable security mitigations and countermeasures;
  • producing or updating as needed the Security Operating Procedures (SECOPS);
    coordinating vulnerability assessment/penetration testing on the infrastructure under your responsibility, and ensuring required mitigations are put in place;
  • contributing to the authoring of the Information Security Management Plan;
  • providing support to (cyber) security activities on the infrastructure under your responsibility, as needed;
  • monitoring network activity for threats and managing the response, investigation and reporting of security breaches;
    ensuring compliance with data protection laws and industry regulations, for example ISO 27001, and performing regular security audits;
  • educating staff on security awareness, including how to recognise cyber attacks and follow security procedures;
  • collaborating with IT and management to design, implement and maintain required security tools and disaster recovery plans; 
  • collaborating with technical support, IT and management to scope, design, implement and support the certification/accreditation process (when applicable) in
  • coordination with the ESA accreditation authority;
  • collaborating with the wider pool of PSSOs, ISOs and security officers on new security governance activities, cross-directorate processes, implementations, improvements and lessons learned;
  • maintaining security-related tools and systems, as well as their disaster and recovery plans;
    when needed, reporting to executives on the security posture and risk levels.

Technical competencies

General background and specific experience in the technical domains covered by the position
Expertise in network security, encryption, firewalls and cloud environments
Certifications relevant to the job description, such as CISSP, CISM and ISO/IEC 27001
Familiarity with compliance standards such as GDPR
Understanding of related technologies, R&D trends and the industrial landscape

Behavioural competencies

Result Orientation
Operational Efficiency
Fostering Cooperation
Relationship Management
Continuous Improvement
Forward Thinking


For more information, please refer to ESA Core Behavioural Competencies guidebook

Education

A master’s degree in an engineering discipline, preferably computer science or cyber security, is required for this post.

Additional requirements

  • At least five years of experience in IT security, risk management or compliance.
  • Strong analytical thinking, leadership, and the ability to communicate technical risks to non-technical staff.

Diversity, Equity and Inclusiveness 
ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, religious beliefs, age, disability or other characteristics. 

At the Agency we value diversity, and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further, please contact us via email at contact.human.resources@esa.int.

 
Important Information and Disclaimer
In principle, recruitment will be within the advertised grade band (A2-A4). However, if the selected candidate has less than four years of relevant professional experience following the completion of the master’s degree, the position may be filled at A1 level.

Applicants must be eligible to access information, technology, and hardware which is subject to European or US export control and sanctions regulations & eligible to acquire the security clearance by their national security administrations.

During the recruitment process, the Agency may request applicants to undergo selection tests. Additionally, successful candidates will need to undergo basic screening before appointment, which will be conducted by an external background screening service, in compliance with the European Space Agency's security procedures.

Note that ESA is in the process of transitioning to a Matrix setup, which could lead to organisational changes affecting this position.

The information published on ESA’s careers website regarding working conditions is correct at the time of publication. It is not intended to be exhaustive and may not address all questions you would have. 

Nationality and Languages 
Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Spain, Sweden, Switzerland, the United Kingdom and Canada, Cyprus, Latvia, Lithuania and Slovakia. 

According to the ESA Convention, staff shall be recruited on the basis of their qualifications, taking into account an adequate distribution of posts among nationals of the Member States.

The working languages of the Agency are English and French. A good knowledge of one of these is required. Knowledge of another Member State language would be an asset.  
At Impactpool we do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
Before applying, please make sure that you have read the requirements for the position and that you qualify. Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.