IT Security Engineer

Application deadline
Tuesday, April 7, 2020
Reference number
Apply now

You will have the opportunity to provide the ESA IT Department with professional IT services that are essential to ensure the confidentiality, integrity, availability and business continuity of the agencies’ Communication and Information Systems, in compliance with the ESA Security Directives.

Tasks and Activities
  • ECRD Operations Support
    • Operate the ESA Classified RESTRICTED Documents services for the tasks allocated to the ECRD Services Team. This involves but is not limited to management, monitoring and support of the ECRD infrastructure, ECRD Encryption services, key management, user service requests, troubleshooting coordination between all ECRD Service Providers, etc.
    • Produce, document, optimize and maintain operational processes and procedures to run the service in line with ESA’s requirements, to be defined by the ESA TR at the beginning of the activity.
    • Collect and assess user and service provider requests related to the current ECRD services and the evolution of the service.
    • Complement the ECRD Evolutions Service Resources with providing practical input, suggestion and possible solutions/improvements, derived from the daily operations of the service.
  • ECRD Evolution Engineering
    • Assess the user and Service Provider requirements for service evolution and propose corresponding solutions/ improvements that will need to be validated and approved by Corporate IT, the Security Architect, Security Officer, the ESA Security Office and ultimately by the Member States. The proposed solutions will also require approval from ESA’s IT Governance Board for budget approval.
    • Prepare the implementation planning, Bill of Material, follow up delivery of required elements,  interface with vendors, implement the approved solution against the agreed implementation plan, prepare test plans and validate the implemented solution accordingly.
    • Prepare and maintain all documents required for the Service Readiness Review and Transfer To Operations. The ESA ISO9000 based QMS will be followed.
    • Support the Security Section in its meetings with the user community, ESA Security Office, the Member States. This may entail for instance to prepare and deliver presentations, demonstrations clarifications etc.
  • C-IAM Engineering For ESA’s External Community
    • Identify, collect and prepare the requirements for the different use cases of ESA’s external user community with regards to External Directory Services, (Multi-Factor) Authentication, use of Federated authentication, authorization and integration in ESA’s existing C-IAM services.
    • Design a solution in line with these use case requirements, the Corporate IT technologies, services and processes in place, the ESA (Security) Policies.
    • Implement a Proof of Concept (PoC) and validate the solution against all requirements.
    • Prepare all documentation for taking this PoC to the full implementation phase of this service.
  • Vulnerability Management System Engineering and PoC
    • Identify, collect and prepare the requirements and interlocks for an ESA-wide vulnerability management service using Skybox technologies, the various data sources available in ESA. To this end, close interaction with ESACERT, Corporate IT Service Providers and possible other Directorate peers will be needed. Automation of data collection and vulnerability management tasks is a major aim of theses activities.
    • Design a solution in line with these requirements and boundary conditions, the Corporate IT technologies, services and processes in place, the ESA (Security) Policies and Directives.
    • Implement a Proof of Concept (PoC) for the Corporate IT provided services and validate the solution against all requirements and boundary conditions. The PoC shall be extensible to other areas in ESA.
    • Prepare all documentation for taking this PoC to the full implementation phase of this service.
Skills and Experience

The following skills and experience are mandatory:

  • You have a Technical Degree (Bsc., Diploma or equivalent) from a recognised Institution or you ideally have a PhD or Msc Engineering from a recognised Institution of secondary studies (University, Ecole supérieure, etc.).
  • You have expertise in the following technical domains:
    • IT Security Architecture
    • Modern IT technologies used for securing end-points (PCs, Mobile devices, IoT, etc.), Infrastructure (network, storage, computing infrastructure and cloud), Operating Systems and Applications.
    • Information Security Management according to ISO 27001
  • You have experience and expertise in the following specific IT technologies
    • In depth Windows Active Directory, Windows and Linux
    • Open standards based federated Identity and authentication technologies (e.g. SAML, oAuth2, OpenID)
    • F5 Big IP
    • Trusted List for Approved cryptographic products
    • EU VMware Virtualization and VDI technologies
    • Thales encryption solutions
    • Zabbix,
    • Advenica encryption and data protection technologies
    • Varonis Data Advantage & Directory Services
    • Skybox vulnerability management solution technologies
  • You must be eligible for obtaining a personnel security clearance at ESA SECRET level.
  • You are regularly kept ‘up-to-date’ in terms of technologies and methods.  

The following skills would be highly desirable:

  • You hold a specific IT Security industry certification/specialisation (e.g. CISSP).


One file only.
10 MB limit.
Allowed types: txt pdf odt doc docx.