Information and Communication Technology (ICT) Security Engineer
JOB DETAIL
Vacancy in the Directorate of Internal Services.
ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability or other characteristics. Applications from women are encouraged.
This post is classified A2–A4 on the Coordinated Organisations’ salary scale.
Location
ESRIN, Frascati, Italy or ESTEC, Noordwijk, Netherlands
Description
ESA’s IT Department (esait) provides corporate and common IT services to all business areas within ESA.
To ensure that security is embedded into all esait services and activities and that security and privacy risks are correctly identified and managed, esait has implemented and applied its own information security management system (ISMS), which is based on ISO 27001 and has been certified externally since 2019. To deliver services offering adequate security assurance, esait has developed a secure systems engineering process (SSE).
The ISMS and the SSE processes combined allow esait to deliver IT services that are aligned with the ESA Security Framework and that can be certified and/or accredited by the ESA Security Office (ESO) as required.
As IT security is a complex topic of interest to many, both within and outside of ESA’s IT Department, esait has also put in place an industrial service contract offering information security support services (ISSS), which supports esait’s ISMS and SSE processes and is also available to other business areas within ESA.
You will report to the Head of the IT Security Section in the Security and Shared Infrastructure Services Division within ESA’s Information Technology Department and will drive, monitor and improve the Department’s ISMS, SSE processes and ISSS contract.
Duties
You will have a large degree of autonomy to perform the following duties:
- Act as ISMS Manager for esait, overseeing the day-to-day performance and implementation of the ISMS within the Department and ensuring its continued external certification;
- Continuously monitor and improve the SSE process applied within esait, ensuring that it is fit for purpose and takes into account the changing threat landscape and policies;
- Act as the Service Manager and Technical Officer responsible for the ISSS contract;
- Act as the overall IT security management and engineering expert both inside esait and via-a-vis other stakeholders in the Agency, in particular security officers and directorate IT teams, in view of potential scope expansion.
More concretely, you will:
- support and guide esait project and service managers in uniformly applying the correct security processes while performing their duties;
- maintain system security certification schedules in agreement with the various project and service managers, the esait Security Officer and the ESA Security Office;
- advise project and service managers and IT management on identified security risks and their possible treatment options;
- propose and maintain the annual ISMS workplan and roadmap and drive, coordinate and monitor their timely and effective implementation;
- report on ISMS status and performance to esait’s management team, highlighting risks and issues and any proposed mitigation actions;
- monitor the performance of the ISSS service contract and maintain its service portfolio and lifecycle.
To perform these tasks, you will be required to:
- acquire a good understanding of esait’s various services, underlying systems and components;
- identify and propose re-usable building blocks providing security assurance for various IT systems and services;
- understand the overall effectiveness of the esait security management and engineering processes and maintain a good knowledge of existing and upcoming legislation and standards;
- explain security risks and demonstrate the overall value of security management and engineering processes to various (business) stakeholders.
Technical competencies
Behavioural competencies
Result Orientation
Operational Efficiency
Fostering Cooperation
Relationship Management
Continuous Improvement
Forward Thinking
Education
A master’s degree in computer science, IT/cyber security, engineering or another relevant discipline is required for this post.
Additional requirements
You are expected to be a self-starter and an effective communicator with the ability to drive your projects and processes autonomously.
Please note that demonstrated experience of successful management or application of secure systems engineering processes in a large company is mandatory. In addition, experience with ISMS (preferably ISO 27001) management and implementation is a prerequisite.
Experience with security certification and/or accreditation in the context of sensitive and/or classified information would be an asset.
Other information
For behavioural competencies expected from ESA staff in general, please refer to the ESA Competency Framework.
For further information please visit: Professionals, What we offer and FAQ
The working languages of the Agency are English and French. A good knowledge of one of these is required. Knowledge of another Member State language would be an asset.
Applicants must be eligible for security clearance by their national security administrations.
The Agency may require applicants to undergo selection tests.
At the Agency we value diversity and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further please contact us email [email protected].
Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, the United Kingdom and Canada, Latvia, Lithuania, Slovakia and Slovenia.
According to the ESA Convention, the recruitment of staff must take into account an adequate distribution of posts among nationals of the ESA Member States*. When short-listing for an interview, priority will first be given to internal candidates and secondly to external candidates from under-represented Member States*.
In accordance with the European Space Agency’s security procedures and as part of the selection process, successful candidates will be required to undergo basic screening before appointment conducted by an external background screening service.
In principle, recruitment will be within the advertised grade band (A2-A4). However, if the selected candidate has less than four years of relevant professional experience following the completion of the master’s degree, the position may be filled at A1 level.
*Member States, Associate Members or Cooperating States.
