Cyber Security Engineer

Description

In this role, you will work as a Cyber Security Engineer in the System Security Section (TEC-SES), End-to-End Systems Division, Systems Department, Directorate of Technology, Engineering and Quality.

The System Security Section is responsible for the end-to-end system security engineering of the Agency’s missions, projects and activities in the space, ground and user segments and communication links, as well as at system, subsystem, element and equipment level. It covers the missions from the study phase to the definition of requirements, design, development, security integration/verification and security service preparation, across the full stack, from the physical to the application layer.

To serve these functions, the System Security Section defines and executes the associated technology research and development (R&D) and studies, as well as the required security engineering standards.

Using security laboratory facilities, the System Security Section performs vulnerability assessments at all levels of its responsibility, proposing detection methods and mitigation and protection measures using security assessment tools and equipment.

In this position, you will support ESA directorates and space projects and systems, reporting functionally to the corresponding space project/system management structure.

Duties

Your tasks and responsibilities will include:

• Participating in programme reviews of projects, assessing the security design, implementation, qualification and validation, to ensure development is in line with relevant programme cyber security requirements.
• Reviewing the design, proposed implementation and technologies, identifying potential vulnerabilities, analysing their exploitability and their impact, and proposing the appropriate mitigations and required countermeasures.
• Conducting authorised hands-on penetration tests, leading a pen testing team, to identify security flaws.
• Recommending remedial actions to strengthen defences.
• Providing recommendations on security best practices.
• Following the implementation of the mitigation actions, either internally or with industry/partners.
• Reviewing and assessing the acceptability of cyber requests for waivers from industry.
• Organising vulnerability assessment and penetration testing campaigns, assessing the findings, proposing mitigations, and analysing collected evidence of fixed and mitigated vulnerabilities.
• Fostering new security application areas for multidisciplinary activities, placing emphasis on innovative concepts, cutting-edge technologies and system architectures in the field of cyber security.
• Proposing and supervising/following, as a technical officer, research and development activities in the area of security for space systems and missions.
• Supporting laboratory activities as required.
• Continuously following technological trends and evolutions in the scientific fields relevant for this position, and in particular the latest emerging threats, exploits and industry trends deployed to keep ahead of attackers.

Technical competencies

• Familiarity with tools like Metasploit, Nmap, Nessus, Burp Suite and Wireshark, as well as with fuzzing tools.
• General background and specific experience in the technical domains covered by the position.
• Deep understanding of Linux, Windows, real-time OS, Active Directory/LDAP and other IT enterprise software.
• Proficiency in scripting languages such as Python.
• Very good knowledge of security frameworks like OWASP.
• Understanding of related technologies, R&D trends and the industrial landscape.

Behavioural competencies

• Result Orientation
• Operational Efficiency
• Fostering Cooperation
• Relationship Management
• Continuous Improvement
• Forward Thinking

Education

A master’s degree in computer science and/or cyber security is required for this post.

Additional requirements

• Applicants must be eligible to access information, technology, and hardware which is subject to European or US export control and sanctions regulations and eligible to acquire the security clearance by their national security administrations.

Nationality and Languages

Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Spain, Sweden, Switzerland, the United Kingdom and Canada, Cyprus, Latvia, Lithuania and Slovakia.

The working languages of the Agency are English and French. A good knowledge of one of these is required. Knowledge of another Member State language would be an asset.