La European Space Agency (ESA) ricerca un Information and Communication Technology (ICT) Security Engineer per la sede di Frascati, Lazio.
Vacancy in the Directorate of Internal Services.
ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability or other characteristics. Applications from women are encouraged.
This post is classified A2-A4 on the Coordinated Organisations’ salary scale.
ESRIN, Frascati, Italy or ESTEC, Noordwijk, Netherlands
ESA’s IT Department (esait) provides corporate and common IT services to all business areas within ESA.
To ensure that security is embedded into all esait services and activities and that security and privacy risks are correctly identiﬁed and managed, esait has implemented and applied its own information security management system (ISMS), which is based on ISO 27001 and has been certiﬁed externally since 2019. To deliver services oﬀering adequate security assurance, esait has developed a secure systems engineering process (SSE).
The ISMS and the SSE processes combined allow esait to deliver IT services that are aligned with the ESA Security Framework and that can be certiﬁed and/or accredited by the ESA Security Oﬃce (ESO) as required.
As IT security is a complex topic of interest to many, both within and outside of ESA’s IT Department, esait has also put in place an industrial service contract oﬀering information security support services (ISSS), which supports esait’s ISMS and SSE processes and is also available to other business areas within ESA.
You will report to the Head of the IT Security Section in the Security and Shared Infrastructure Services Division within ESA’s Information Technology Department and will drive, monitor and improve the Department’s ISMS, SSE processes and ISSS contract.
You will have a large degree of autonomy to perform the following duties:
- Act as ISMS Manager for esait, overseeing the day-to-day performance and implementation of the ISMS within the Department and ensuring its continued external certiﬁcation;
- Continuously monitor and improve the SSE process applied within esait, ensuring that it is ﬁt for purpose and takes into account the changing threat landscape and policies;
- Act as the Service Manager and Technical Oﬃcer responsible for the ISSS contract;
- Act as the overall IT security management and engineering expert both inside esait and via-a-vis other stakeholders in the Agency, in particular security oﬃcers and directorate IT teams, in view of potential scope expansion.
More concretely, you will:
- support and guide esait project and service managers in uniformly applying the correct security processes while performing their duties;
- maintain system security certiﬁcation schedules in agreement with the various project and service managers, the esait Security Oﬃcer and the ESA Security Oﬃce;
- advise project and service managers and IT management on identiﬁed security risks and their possible treatment options;
- propose and maintain the annual ISMS workplan and roadmap and drive, coordinate and monitor their timely and eﬀective implementation;
- report on ISMS status and performance to esait’s management team, highlighting risks and issues and any proposed mitigation actions;
- monitor the performance of the ISSS service contract and maintain its service portfolio and lifecycle.
To perform these tasks, you will be required to:
- acquire a good understanding of esait’s various services, underlying systems and components;
- identify and propose re-usable building blocks providing security assurance for various IT systems and services;
- understand the overall eﬀectiveness of the esait security management and engineering processes and maintain a good knowledge of existing and upcoming legislation and standards;
- explain security risks and demonstrate the overall value of security management and engineering processes to various (business) stakeholders.
Secure systems engineering process development and implementation
ISO27001 and ISO27002 implementation
Cyber security: policy, detection, reaction and correction
Security risk assessment
IT architecture design
Project and technical management
IT service management
A master’s degree in computer science, IT/cyber security, engineering or another relevant discipline is required for this post.
You are expected to be a self-starter and an eﬀective communicator with the ability to drive your projects and processes autonomously.
Please note that demonstrated experience of successful management or application of secure systems engineering processes in a large company is mandatory. In addition, experience with ISMS (preferably ISO 27001) management and implementation is a prerequisite.
Experience with security certiﬁcation and/or accreditation in the context of sensitive and/or classiﬁed information would be an asset.
For behavioural competencies expected from ESA staff in general, please refer to the ESA Competency Framework.
For further information please visit: Professionals, What we offer and FAQ
The working languages of the Agency are English and French. A good knowledge of one of these is required. Knowledge of another Member State language would be an asset.
Applicants must be eligible for security clearance by their national security administrations.
The Agency may require applicants to undergo selection tests.
At the Agency we value diversity and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further please contact us email firstname.lastname@example.org.
Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, the United Kingdom and Canada, Latvia, Lithuania, Slovakia and Slovenia.
According to the ESA Convention, the recruitment of staff must take into account an adequate distribution of posts among nationals of the ESA Member States*. When short-listing for an interview, priority will first be given to internal candidates and secondly to external candidates from under-represented Member States*.
In accordance with the European Space Agency’s security procedures and as part of the selection process, successful candidates will be required to undergo basic screening before appointment conducted by an external background screening service.
In principle, recruitment will be within the advertised grade band (A2-A4). However, if the selected candidate has less than four years of relevant professional experience following the completion of the master’s degree, the position may be filled at A1 level.
*Member States, Associate Members or Cooperating States.
Candidati per questa posizione al seguente link