IT Security Engineer – Network Security

Frascati, Italy
negotiable Expires in 2 weeks

JOB DETAIL

EUROPEAN SPACE AGENCY

 

IT Security Engineer – Network Security

Job Requisition ID: 19133
Closing Date: 4 December 2024 23:59 CET/CEST
Establishment: ESTEC, Noordwijk, Netherlands
Directorate: Directorate of Internal Services
Publication: Internal & External
Type of Contract: Permanent
Date Posted: 13 November 2024

 

EUROPEAN SPACE AGENCY

Vacancy in the Directorate of Internal Services.

ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability or other characteristics. Applications from women are encouraged.

Post

IT Security Engineer – Network Security

This post is classified A2-A4 on the Coordinated Organisations’ salary scale.

Location
ESTEC, Noordwijk, Netherlands, or ESRIN, Frascati, Italy.

Description

IT Security Architect – Network Security in the IT Security Section, Security and Shared Infrastructure Services Division, Information Technology Department, Directorate of Internal Services.

ESA’s IT Department (esait) provides corporate and common IT services to all business areas within ESA.

The IT Security Section provides security services including information and infrastructure protection solutions, ensures compliance of all esait services with ESA’s Security Framework through an ISMS (Information Security Management System), hosts security roles and provides cyber security operations for all ESA.

As ESA consists of multiple directorates, many with their own specific IT services and solutions, it is critical that esait provides protection for these services and solutions which are connected to the corporate network. This is done by offering advanced network and communications security services and providing security requirements at system or application level, supervising and facilitating their implementation.

To implement solutions, ESA leverages various vendors and industry solution providers. The resulting services are operated and maintained by external service providers.

If selected for this position, you will report to the Head of the IT Security Section in the Security and Shared Infrastructure Services Division within ESA’s IT Department, drive the definition and evolution of network security policies and facilitate their implementation by offering self-service and automated solutions for system and application owners across the Agency.

Duties

You will have a large degree of autonomy to perform the following duties:

  • Evolve ESA’s Network Security Policy, Network Security Requirements and related documentation;
  • Drive the implementation of Network Security Services using a user-based self-service approach and in an automated manner towards various distributed IT teams across the ESA directorates;
  • Act as point of contact for the integration and adoption of esait’s network security services;
  • Provide technical and engineering support to other functions within the Section such as the PSSO (Project System Security Officer), the SOC and CERT managers, and the ISMS Manager;
  • Other security-related tasks as may be required from time to time, including acting as a security lead to IT projects and providing IT security architecture advice and guidance.

More concretely, you will:

  • own and drive the network security zoning strategy and policies;
  • ensure proper definition and segregation of ESA’s Network Security Zones;
  • drive the end-to-end implementation of Zero Trust Network Access (ZTNA) across ESA, leveraging tools and services offered by other IT sections and divisions within esait;
  • develop measurement metrics and measure the overall effectiveness and compliance with network policies;
  • deliver clear instructions and guidelines for IT Teams, external (IT) service providers and system owners to connect or integrate their systems and services to/with ESA’s corporate network;
  • ensure the registration of systems and services connected to ESA’s corporate network(s) by their respective System Owners;
  • support the Cyber Security Operations teams in the fields of attack surface management, monitoring, logging and alerting with regard to the corporate network;
  • act as the interface for IT teams when it comes to network security architecture and designs and guiding them to applicable instructions and guidelines but also advising as well as identifying and resolving gaps;
  • drive the network security architecture design and strategy, drive and validate the implementation of new solutions, contributing to the overall security architecture;
  • contribute to the operational model for network security services, with the aim of empowering the various IT teams to deliver network (security) services autonomously as long as they remain compliant with the network security policy and related requirements;
  • contribute to the continuous evolution and improvement of the IT Security Section and the security posture of the Agency;
  • develop and maintain appropriate documentation;
  • stay abreast of networking and communications technologies and adapt ESA’s network/comsec security posture and services accordingly.

To achieve this, you will have to:

  • acquire a good understanding of esait’s various services, underlying systems and components;
  • acquire a good understanding of ESA’s directorates, their IT teams and their specific needs;
  • understand the current network security architecture and implementation as well as proposing and driving its evolution;
  • engage with security professionals across the Agency in order to evaluate and evolve the network security policies;
  • define and explain security use-cases and operating procedures to both end-users and IT teams/service providers.

Technical competencies

Network and communications security
IT architecture design
Security policies and compliance
IT operations
IT security risk management
Project and technical management

Behavioural competencies

Result Orientation
Operational Efficiency
Fostering Cooperation
Relationship Management
Continuous Improvement
Forward Thinking

Education

A master’s degree in computer science, IT, cyber security, software engineering or other relevant discipline is required for this post. A master’s degree in other subjects may be acceptable if combined with appropriate experience.

Additional requirements

You are expected to be a self-starter, an effective communicator and able to drive your projects and processes autonomously.

Candidates should note that demonstrated experience of successful management of network security implementations in a large company or organisation is mandatory.

Experience of designing and operating classified networks including certified/accredited solutions would be an advantage.

Diversity, Equity and Inclusiveness
ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability or other characteristics. Applications from women are encouraged.

At the Agency we value diversity, and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further, please contact us via email at [email protected].

Important Information and Disclaimer
In principle, recruitment will be within the advertised grade band (A2-A4). However, if the selected candidate has less than four years of relevant professional experience following the completion of the master’s degree, the position may be filled at A1 level.

Applicants must be eligible for security clearance by their national security administrations.

During the recruitment process, the Agency may request applicants to undergo selection tests. Additionally, successful candidates will need to undergo basic screening before appointment, which will be conducted by an external background screening service, in compliance with the European Space Agency’s security procedures.

Note that ESA is in the process of transitioning to a Matrix setup, which could lead to organisational changes affecting this position.

The information published on ESA’s careers website regarding working conditions is correct at the time of publication. It is not intended to be exhaustive and may not address all questions you would have.

Nationality and Languages
Please note that applications can only be considered from nationals of one of the following States: Austria, Belgium, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, the United Kingdom and Canada, Latvia, Lithuania, Slovakia and Slovenia.

According to the ESA Convention, the recruitment of staff must take into account an adequate distribution of posts among nationals of the ESA Member States*. When short-listing for an interview, priority will first be given to internal candidates and secondly to external candidates from under-represented Member States*.

The working languages of the Agency are English and French. A good knowledge of one of these is required. Knowledge of another Member State language would be an asset.

*Member States, Associate Members or Cooperating States.

 

 

Frascati, Italy

location