IT Cybersecurity Expert

**Contract type**:
Contract agent

**Directorate**:
Corporate Services Directorate

**Group**:
FGIV

**Grade**:
N.A.

**Level of Security Clearance**:
SECRET UE/EU SECRET

**Management of staff**:
N.A.

**Location**:
Brussels

**Indicative starting date**:
01/04/2025

09/01/2025

1. BACKGROUND

The European Defence Agency (EDA) was established on 12 July 2004, and is governed by Council Decision (CFSP) 2015/1835 defining the statute, seat and operational rules of the European Defence Agency. The Agency has its headquarters in Brussels.

The main task of EDA is to support the Council and the Member States in their effort to improve the Union's defence capabilities in the field of crisis management and to sustain the Common Security and Defence Policy (CSDP) as it currently stands and as it develops in the future.

The Agency is structured into four directorates. The Corporate Services Directorate (CSD) and three operational directorates: Industry, Synergies and Enablers (ISE); Capability, Armament & Planning (CAP); Research, Technology and Innovation (RTI).

2. THE AGENCY'S WAY OF WORKING

The Agency is an “outward-facing” organisation, constantly interacting with its shareholders, the participating Member States, as well as with a wide range of stakeholders. It works in an integrated way, with multi-disciplinary teams representing all of the Agency’s functional areas, to realise its objectives. Its business processes are flexible and oriented towards achieving results. Staff at all levels need to demonstrate the corresponding qualities of commitment, flexibility, innovation, and team-working; to work effectively with shareholders and stakeholder groups, formal and informal; and to operate without the need for detailed direction.

3. THE CORPORATE SERVICES DIRECTORATE

The Corporate Services Directorate (CSD) provides critical business support to EDA operations by delivering high-quality corporate services under six dedicated organizational elements, namely: Human Resources; Procurement and Contract Management; Finance; IT and Information Management, Security, Legal and Infrastructure. Additionally, the EDA Programme Manager and Corporate Projects Officer as well as the Record Manager, are responsible for the effective Project Management and the management of information produced and/or received by the organisation.

CSD processes are geared towards efficient and optimal use of resources, leveraging good practice and technological solutions while ensuring sound financial management, transparency and accountability; outward focus and commitment to continuous improvement are the hallmarks of CSD.

4. DUTIES

Under the supervision of the Head of the IT Unit, the IT Cybersecurity Expert will contribute to the following activities:

- Microsoft E5 Advanced Security: in close collaboration with Cert EU, plan, architect and lead the implementation of Microsoft E5 security capabilities, including Microsoft Defender for Cloud Apps, Azure AD Premium, Microsoft Defender, and Azure Security Center, to enhance the organization’s security posture;
- Cloud Network Security: design and implement secure cloud network architectures such as Azure Virtual Networks or Azure Firewall Premium. Ensure configurations follow best practices for security and compliance, minimizing potential vulnerabilities;
- Identity and Access Security: support the integration and management of Azure Active Directory (AAD) and Microsoft Entra Suite, focusing on Zero Trust, Multi-Factor Authentication (MFA), Conditional Access, and Privileged Identity Management (PIM) to safeguard user identities and prevent unauthorized access;
- EU Classified Information (EUCI) services: assist with the user support and the day-to-day operations of the EUCI services. Ensure effective collaboration with EUCI service providers to enforce the service level agreements;
- Threat Detection and Response: collaborate with the IT security operations team to monitor and respond to threats in real-time through Microsoft Sentinel and Defender for Identity. Leverage threat intelligence and advanced threat protection to provide insights and recommendations for improvement;
- Security Auditing and Compliance: contribute to the auditing of cloud infrastructure against regulatory standards (e.g. GDPR, ISO 27001) and internal security policies. Provide technical assessments and produce reports to ensure ongoing compliance and security readiness;
- Security Best Practices and Recommendations: improve the security architecture, including zero-trust principles, data loss prevention (DLP) policies, and encryption (incl. EUCI). Proactively identify potential risks and advise on risk mitigation strategies;
- Perimeter Security: configure and manage next generation firewalls and implement security rules to control traffic and prevent unauthorized access to on-premises systems;
- Local Area Network Management: ensure delivery of secure and robust wired and wireless network connectivi