Security Accreditation Officer

Vacancy in the Director General's Services.

ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore we welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability or other characteristics. Applications from women are encouraged.

This post is classified A2-A4 on the Coordinated Organisations' salary scale.

Location
ESTEC, Noordwijk, Netherlands with a resident assignment to Brussels, Belgium

Description

Security Accreditation Officer, ESA Security Office, Director General's Services.

On 15 March 2023, the European Parliament and the Council of the European Union adopted Regulation (EU) 2023/588 establishing the Union Secure Connectivity Programme for the period 2023–2027.

The objective of the EU Secure Connectivity Programme is to deploy an EU satellite constellation, IRIS2 (Infrastructure for Resilience, Interconnectivity and Security by Satellite). The Programme will provide an EU satellite-based, multiorbital communication infrastructure for governmental use while integrating and complementing existing and future national and European capacities in the framework of the GOVSATCOM component of the EU Space Programme.

The ESA Programme Related to EU Secure Connectivity is intended to support the effective development and validation of the EU Secure Connectivity (IRIS2) governmental infrastructure, which is to be developed, deployed and operated under a concession contract signed by the EU with a private consortium, and the services provided by it, as well as the validation and demonstration of services based on the commercial infrastructure developed by the contractors delivering the EU Secure Connectivity governmental infrastructure.

The European Commission and ESA will set up an Integrated Programme Team (IPT) to manage the EU IRIS2 Programme and, in particular, the related concession contract, and to ensure close coordination between all activities relating to IRIS2.

Reporting functionally to the Security Manager of the Integrated Programme Team and hierarchically to the Head of the ESA Security Office (ESA security authority), you will be responsible for supporting the preparation of the security accreditation dossier to be presented to the EU Security Accreditation Board (SAB).

You will liaise with ESA to that end and will rely on ESA for supervision of the related industrial activities in accordance with the agreements between ESA and the European Commission, interfacing with industry on matters relating to the security accreditation of the system and services developed under the IRIS2 concession.

You will be assigned to Brussels until Q1 2028, with a possible extension within the limits of the 12-year Contribution Agreement between ESA and the Commission. At the end of the assignment, you will be reassigned to another post within the ESA Security Office at one of its locations.

Duties

Your tasks and responsibilities will include:

• the preparation of security accreditation deliverables in compliance with the applicable security accreditation strategy to be issued by the SAB;
• interfacing with the ESA Security Office for security activities aiming to confirm the suitability of the end-to-end security risk analysis, as designed and as built, including compliance with the security framework and preparatory activities in support of the system accreditation. To this end, you will establish and maintain the system security risk analysis for integration of the security analyses of the various IRIS2 building blocks and their interfaces based on the relevant inputs from the concessionaire and related treatment plans:
• As-designed and as-built analyses, including industrial inputs, with the provision of system security impact and gap analysis;
• Identification of security measures at system level in order to ensure an acceptable system risk profile and accreditable architectural solutions;
• Review of the industry-driven security architecture, design, RFD, RFW, NCR and qualification status for the provision of system security impact analysis;
• Provision and maintenance of security vulnerability assessments, including specific penetration testing, and as-built compliance assessment in support of the security assessment of the security verification, qualification campaign and security accreditation process;
• Review and verification of adequacy and completeness between security operations procedures and the system security assurance in view of the potential threat landscape.
• establishing and maintaining the security management plan in liaison with ESA and EUSPA, addressing all security activities performed in line with the security framework and all operational measures aimed at creating, storing, processing and exchanging sensitive and classified information;
• interfacing with industry on matters relating to the security accreditation of the system and services developed under the IRIS2 concession;
• participating in security accreditation panels and boards;
• interfacing with the ESA Security Office for activities relating to cyber internal audits.

Technical competencies
General knowledge of ESA and EU Space ProgrammesIn-depth knowledge of the EU accreditation processIn-depth knowledge of programmes with high-security assurance requirementsIn-depth knowledge of security risk management frameworks and processesBehavioural competencies

Result Orientation

Operational Efficiency

Fostering Cooperation

Relationship Management

Continuous Improvement

Forward Thinking

Education

A master's degree in a relevant engineering discipline is required for this post.

Additional requirements

• You should have substantial security experience.
• You are expected to have a very strong background in cyber security, policy and the associated standards and regulations.
• You should demonstrate excellent organisational skills and a high level of competency in stakeholder management.
• You must possess good judgment and communication skills, as well as integrity, and be willing to travel.

Other information

For behavioural competencies expected from ESA staff in general, please refer to the ESA Competency Framework.

For further information please visit: Professionals, What we offer and FAQ

The working languages of the Agency are English and French. A good knowledge of one of these is required.

Knowledge of another Member State language would be an asset.

Applicants must be eligible to access technology and hardware which is subject to European and US export control regulations and for security clearance by their national security administrations.

The Agency may require applicants to undergo selection tests.

At the Agency we value diversity and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further please contact us email

Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, the United Kingdom and Canada, Latvia, Lithuania, Slovakia and Slovenia.

According to the ESA Convention, the recruitment of staff must take into account an adequate distribution of posts among nationals of the ESA Member States*. When short-listing for an interview, priority will first be given to internal candidates and secondly to external candidates from under-represented Member States*.

In accordance with the European Space Agency's security procedures and as part of the selection process, successful candidates will be required to undergo basic screening before appointment conducted by an external background screening service.

In principle, recruitment will be within the advertised grade band (A2-A4). However, if the selected candidate has less than four years of relevant professional experience following the completion of the master's degree, the position may be filled at A1 level.

*Member States, Associate Members or Cooperating States.

---