Cyber-Risk Management Engineer
For one of the most famous and exiting European Space projects, you will have the opportunity to support the client in performing the systematic Risk Analysis based on the model defined in the GALILEO Security Accreditation and certification (SACP).
Starting from the feared events, you will have to:
- Define the Attack Trees by Feared Event;
- Allocate Threat Scenario within the Attack Trees;
- Identify the applicable risk using:
- Technical Requirement Baseline & SoCs
- Threat Scenario Coverage
- Penetration Testing Results
- S-QSRx outcome
- Consolidate Risks by assessing their value and to justify it
- Propose Treatment Plan to reduce risks;
- Identify the potential impact on SSRS 3.9 Requirements
This activity shall cover Security Risk Analysis in 2 phases:
- As-Specified Risk Analysis: The risk analysis assesses the security level of the system based on the requirement baseline. It will highlight if some functions/requirements are missing or need to be improved and so could drive modification of the architecture.
- As-Designed/As-Built Risk Analysis: The risk analysis assesses the security level for one dedicated configuration and then will highlight the vulnerabilities of this configuration.
Both are regularly consolidated through to be presented at Galileo Security Accreditation Panel (GSAP).
Before each GSAP, the identified risks are presented during PREPA-GSAP in order to get approval by the customer.
The following skills and experience are mandatory:
- You have a University Degree in Cybersecurity, Computer Sciences, IT Engineering or Management Information Systems.
- You have at least 5 years of professional experience in a similar role.
- Knowledge of IS Governance.
- Risk Management / Assessments / Impact Analysis (based on known methods, e.g., ISO 27001, NIST)
- Security Architecture principles
- Critical path analysis
- Data Integrity / Disaster Recovery.
- Security defences (Identity & Access Management, IDS, IPS other).
The following skills are not mandatory but strongly appreciated:
- Knowledge of the GALILEO system
- Knowledge of the EBIOS (2010, better);
- Proven Security certification(s) (e.g., ISO 27001 Lead Auditor, CISSP, CEH, other)
You are eligible for a Personal Security Clearance at SECRET UE/EU SECRET level, before the moment of entering into service.