End-to-end Information Security Engineer
EUROPEAN SPACE AGENCY
Vacancy in the Directorate of Telecommunications and Integrated Applications.
ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. For this purpose, we welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability or other characteristics. Applications from women are encouraged.
End-to-end Information Security Engineer
This post is classified A2-A4 on the Coordinated Organisations’ salary scale.
ESTEC, Noordwijk, The Netherlands or ECSAT, Harwell, United Kingdom
The Telecommunications and Integrated Applications (TIA) Security Office manages all the security aspects of the TIA Directorate, in close coordination with the ESA Security Office (ESO), and is responsible for drawing up the TIA Directorate Security Plans.
You will report to the Head of the TIA Security Office.
- Supporting the TIA Information Security Officer (ISO) in supervising the uniform, correct implementation of the ESA Security Framework (Security Regulations, Security Directives, TIA-specific Security Implementation Procedures) in the Directorate, especially the following:
- implementation of the Information Security Management Plan (ISMP) for the Directorate, in coordination with and with the input of the Project System Security Officers (PSSOs);
- implementation of the Information Security Management Plan (ISMP) for all relevant contracts;
- implementation of the Directorate’s personnel security policy, by
- providing initial basic security awareness briefings to newcomers to the Directorate;
- establishing the security awareness programme for the Directorate, with clear quality indication points to be achieved, while ensuring and supervising its implementation and keeping records of participation by Directorate personnel;
- coordinating with the relevant Agency specialists/services regarding dedicated awareness sessions and briefings (e.g. with the ESA Export Control Coordinator and the ESA Security Office regarding COMSEC Authorisation Briefings);
- providing compulsory briefings to the Directorate personnel requiring access to information classified ESA RESTRICTED (or equivalent), and ensuring relevant records are kept;
- reporting of TIA security incidents (i.e. security breaches and the potential or actual compromising of information) to the ESA Security Office, taking the immediate necessary remedial measures and assisting the ESA Security Office in possible subsequent security investigations;
- performing threat assessment and risk analysis with the PSSOs and all relevant technical specialists in the Directorate, to establish an overall security risk analysis and security risk management plan for the Directorate;
- providing support for the Telecommunications Satellite Programmes Department project development requiring security engineering;
- ensuring a uniform, commensurate approach to cybersecurity in the Directorate and its programmes/projects/activities in coordination with the Directorate’s Cyber Security Managers (CSMs) and PSSOs;
- in coordination with the PSSO, analysing, with the ITT Initiating Authority and the Contract Officer responsible, the sensitivity of the information generated, distributed and received in the scope of a procurement activity, ensuring compliance with the ESA Security Directives;
- acting as the Directorate Information Security Officer in the absence of the TIA ISO (Alternate ISO);
- liaising regularly with the ESA Security Office to implement security engineering processes uniformly across the Directorate.
Frequent missions, in particular to ESRIN, Frascati (Italy), are required.
A Master's degree in engineering is required.
You should have 10 years’ experience in Information Protection Management, Personnel Security Management and CIS Security Management (e.g. ISO 27000 series) as well as all related best practices in those areas, including security risk management. Having the related certifications (e.g. CISSP, CPP, ISO) will be considered an asset.
You should be able to apply recognised techniques such as OCTAVE, SABSA, MEHARI and EBIOS, and conduct or coordinate threat assessment/risk analysis exercises on complex systems.
You should have experience of working on Classified projects or programmes and in Classified environments.
Being knowledgeable about the Agency and its internal rules, regulations and working practices as well as having general knowledge of physical security related matters (e.g. accreditation of facilities, security zoning) will be considered an asset.
You should be eligible to obtain Personnel Security Clearance at SECRET level, issued by your parent National Security Authority.
At the end of your probation period, you will be required to pass a dedicated suitability test set by the ESA Security Office.
For behavioural competencies expected from ESA staff in general, please refer to the ESA Competency Framework.
The working languages of the Agency are English and French. A good knowledge of one of these is required. Knowledge of another Member State language would be an asset.
The Agency may require applicants to undergo selection tests.
At the Agency we value diversity and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further please contact us email email@example.com.
Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, the United Kingdom and Canada, Latvia and Slovenia.
According to the ESA Convention the recruitment of staff must take into account an adequate distribution of posts among nationals of the ESA Member States. When short-listing for an interview, priority will first be given to internal candidates and secondly to external candidates from under-represented Member States. (https://esamultimedia.esa.int/docs/careers/NationalityTargets.pdf)
In accordance with the European Space Agency’s security procedures and as part of the selection process, successful candidates will be required to undergo basic screening before appointment.
Recruitment will normally be at the first grade in the band (A2); however, if the candidate selected has little or no experience, the position may be filled at A1 level.