Mission Security & Accrediation Engineer

Are you looking for a new opportunity in a fast-moving global company with a family feel? A job where you could have an impact?

On behalf of ESA, we are looking for a Mission Security & Accreditation Engineer to work at ESTEC’s premises in the city of Noordwijk, The Netherlands.

Tasks and Activities

The scope of work will include:

• Guiding and recommending to the Programmes/Projects in the area of Security Management, Security Risk Management, Controls and countermeasures with respect to the applicability of the ESA Security Regulations and Directives and Project-specific security needs.
• Generating and reviewing the Project End-to-End Mission Security Risk Analysis and review the detailed Security Risk Assessment for each relevant Milestone of the Project/Programme.
• Contributing to the definition of the minimum set of Security Requirements to grant the level of assurance of the Mission in terms of availability, integrity and confidentiality of the information, based on the outcome of the security risk analysis and the review of existing project documentation.
• Providing guidance on the proper definition of the system security architecture and mission-level operational concepts.
• Reviewing the relevant documentation, in terms of the System Security Requirements, the System Security Design and its achievement of the Mission Requirements to an appropriate level of protection.
• Monitoring the correct implementation of the system/segment, SSRS, security measures, design, and qualification, with the target to control, or decrease, the residual risk of the configuration(s) of the system(s) to be deployed.
• Supporting the definition and review the implementation of the cybersecurity monitoring and security response for the Project/Programme.
• Reviewing and monitoring the Project security testing, verification, qualification and certification, where possible exploiting the ESA cyber capabilities.
• Supporting auditing and penetration testing in order to monitor and supervise the cybersecurity implementation level.
• Supporting the Accreditation/Certification process during the complete lifecycle for the Project, collating the certification/accreditation files to be submitted to the Certification/Accreditation bodies (either ESO or the EU SAB, as appropriate).

Skills and Experience

The following skills and experience are mandatory:

• A Master’s degree in Cybersecurity, System Engineering or a related discipline.
• Security Risk Management (i.e. security risk assessment, threat assessment, risk analysis and continuity management methodologies) of INFOSEC systems (application of standards, and recognised techniques like EBIOS, OCTAVE, SABSA, MEHARI).
• Implementation of security with Information Security standards such as ISO27000 series.
• IT Security from the perspective of secure development, secure evaluation/test, security audit or security accreditation.
• Cybersecurity risk evaluation, mitigation or response (operational or development).
• Security Threat Intelligence and Security Threat Modelling techniques and uses.
• Technical expertise in System Engineering.
• Technical expertise in Design and Development, system end-to-end.
• Minimum of three years’ relevant professional experience in working on complex engineering systems in an engineering and/or security risk management capacity.
• Preferably the abovementioned experience should be in the space sector, or other complex fields such as telecommunications, critical national infrastructure or the military domain.
• Knowledge of the Space Programme Security Accreditation and Certification process.
• Ability to work both autonomously and as part of a team within the boundaries of assigned tasks.
• Proficiency in the English language (spoken and written).
• Excellent communication and interpersonal skills required.
• Flexibility, organization and ability to work under pressure, delivering results.

The following skills and experience would be highly desirable:

• Experience in cyber risk assessment, hardening or operational response for complex engineering systems is desirable.
• Knowledge of EU policies/regulations/institutions.
• Knowledge of other Member States’ languages.

Why should you apply?

• You will have the opportunity to work within a major institution.
• We encourage everyone to think outside the box and to push the boundaries of traditional knowledge. This role is an opportunity to join a forward-thinking company and allows for a deeper understanding of the industry.
• Benefits include: competitive remuneration packages; unique career opportunities, including working in other countries; personalized training and development programmes; flexible relocation support.

We welcome applications from people with disabilities, members of ethnic minorities, all genders, LGBTQ+ individuals and ex-service personnel.