Project System Security Officer
Noordwijk, NL
Location
ESTEC, Noordwijk, Netherlands
Description
Project/System Security Officer (PSSO) in the System Security Section (TEC-SES), End-to-End Systems Division, Systems Department, Directorate of Technology, Engineering and Quality.
The System Security Section is responsible for the end-to-end system security engineering of the Agency’s missions, projects and activities in the space, ground and user segments and communication links, at system, subsystem, element and equipment level. It covers the missions from study phase to the definition of requirements, design, development, security integration/verification, and security service preparation, across the full stack, from the physical to the application layer. The System Security Section provides functional support to ESA missions and projects in the area of end-to-end security engineering and cyber security. To serve these functions, it also defines and carries out the associated technology research and development (R&D) and studies.
In this role, you will support the Directorate of Technology, Engineering and Quality, or projects and systems as a Project/System Security Officer (PSSO).
Duties
As a Project/System Security Officer (PSSO) you will be responsible for the design and successful implementation of all security measures designed as part of the overall system(s) you will be assigned to. The tasks to be accomplished will be defined and supervised by the ISO (Information Security Officer). Specifically, your tasks and responsibilities will include the following:
- Create and implement comprehensive security policies, procedures and access control protocols in compliance with the ESA Security Framework;
- Ensure that the entire corporate information system and all the assets for which the PSSO is responsible are secured, managed and accounted for in accordance with the ESA Security Directives;
- Specify the security standards and practices to be adhered to by the supplier of the system;
- Proactively identify, analyse and mitigate security threats to the infrastructure;
- Contribute to the definition, analyses and consolidation of system security requirements;
- Conduct security risk assessments and support security risk management by proposing suitable security mitigations and countermeasures;
- Produce or update as needed the security operating procedures (SECOPS);
- Coordinate vulnerability assessment/penetration testing on the infrastructure under your responsibility, and ensure required mitigations are put in place;
- Contribute to the authoring of the Information Security Management Plan;
- Provide support to the information security and cyber security activities related to the infrastructure under your responsibility, as needed;
- Monitor network activity for threats and manage the response, investigation and reporting of security breaches;
- Ensure compliance with data protection laws and industry regulations (e.g., ISO 27001), and perform regular security audits;
- Educate staff on security awareness, including how to recognise cyberattacks and follow security procedures;
- Collaborate with IT and management to design, implement and maintain required security tools, as well as disaster recovery plans;
- Collaborate with technical support, IT and management to scope, design, implement and support the certification/accreditation process (when applicable), in coordination with the ESA accreditation authority;
- Collaborate with the wider pool of PSSOs, ISOs and security officers on new security governance activities, cross-directorate processes, implementations, improvements and lessons learned;
- Maintain security-related tools and systems as well as their disaster and recovery plans;
- When needed, report to executives regarding the security posture and risk levels.
Technical competencies
Behavioural competencies
Result Orientation
Operational Efficiency
Fostering Cooperation
Relationship Management
Continuous Improvement
Forward Thinking
For more information, please refer to the ESA Core Behavioural Competencies guidebook
Education and professional experience
A master's degree in Computer Science or Cybersecurity or relevant engineering discipline is required for this post together with at least 5 years of relevant professional experience.
Additional requirements
Certifications in the area of the job description (such as CISSP, SANS) would be a plus.
Diversity, Equity and Inclusiveness
ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, religious beliefs, age, disability or other characteristics.
At the Agency we value diversity, and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further, please contact us via email at contact.human.resources@esa.int.
Important Information and Disclaimer
In principle, recruitment will be within the advertised grade band (A2-A4). However, if the selected candidate has less than four years of relevant professional experience following the completion of the master’s degree, the position may be filled at A1 level.
Applicants must be eligible to access information, technology, and hardware which is subject to European or US export control and sanctions regulations & eligible to acquire the security clearance by their national security administrations.
During the recruitment process, the Agency may request applicants to undergo selection tests. Additionally, successful candidates will need to undergo basic screening before appointment, which will be conducted by an external background screening service, in compliance with the European Space Agency's security procedures.
Note that ESA is in the process of transitioning to a Matrix setup, which could lead to organisational changes affecting this position.
The information published on ESA’s careers website regarding working conditions is correct at the time of publication. It is not intended to be exhaustive and may not address all questions you would have.
Nationality and Languages
Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Spain, Sweden, Switzerland, the United Kingdom and Canada, Cyprus, Latvia, Lithuania and Slovakia.
According to the ESA Convention, staff shall be recruited on the basis of their qualifications, taking into account an adequate distribution of posts among nationals of the Member States.
The working languages of the Agency are English and French. A good knowledge of one of these is required. Knowledge of another Member State language would be an asset.