Cyber Security and Forensics Specialist (3 posts)
Serve as a senior Cyber Security and Forensics Specialist in ESA's ESACERT.
Overview
Serve as a senior Cyber Security and Forensics Specialist in ESA's ESACERT.
You have:
- A vocational qualification (EQF level 5) in Operations Cyber Security is required for this post together with 4 years of relevant professional experience.
- Experience working in an international context is considered a strong asset.
- Experience working in the space sector is considered an asset.
- The selected candidates will be part of an on-call set-up, requiring regular weekly on-call duties as Technical Incident Handling Coordinator.
- Knowledge of another Member State language would be an asset.
This is a 4-year appointment, which can be extended for an indefinite duration depending on performance.
Location ESRIN, Frascati, Italy or ESEC, Redu, Belgium
Description
As Cyber Security and Forensics Specialist, you will be a senior member of ESACERT, ESA's Computer Emergency Response Team.
ESACERT is one of the services provided by the central IT Department at ESA. It is part of the IT Security Section, which in turn is part of the Security and Shared Infrastructure Services Division.
ESACERT forms an important part of ESA's Cyber Security Operations, together with C-SOC. While C-SOC has a focus on continuous monitoring, detection, initial and automated response, ESACERT focuses on incident response, forensic analysis, threat intelligence, pen testing, incident response procedure definitions and investigations.
Duties
Your tasks and responsibilities will include:
- acting as technical incident handling coordinator for medium- and high-severity security incidents;
- prioritising, executing or coordinating the required incident response actions aligned with main stakeholders such as security officers, system owners, system administrators, business owners and the ESA Security Office;
- ensuring proper registration of all incident handling steps in incident handling reports and providing timely updates to stakeholders;
- defining proper recovery plans agreed with stakeholders and ensuring they are properly understood and tracked;
- participating in lessons learned exercises feeding back into overall security governance processes in view of continuous improvement;
- defining and/or contributing to security awareness sessions/campaigns;
- leveraging threat intelligence: deriving actions or campaigns and delivering reports to various stakeholders;
- executing or coordinating and assessing Security Testing Campaigns (penetration tests, source code analysis, threat hunting, ...) and defining and following up on the resulting actions;
- defining and continuously improving incident handling procedures and playbooks in strong collaboration with C-SOC;
- acting as a forensics specialist supporting investigations (triggered by Internal Audit, Human Resources, Legal);
- supporting any other task assigned to ESACERT;
- acting as advisor on cyber security and related technical matters that may be referred to you;
- contributing to the IT Security Section's work and objectives;
- any other related tasks.
Technical competencies
Cyber Incident Handling (categorisation, response, reporting)
Forensic Analysis (collection, identification, extraction, analysis)
Threat Intelligence
Advanced Security Testing
Ethical Hacking
Behavioural competencies
Result Orientation Operational Efficiency Fostering Cooperation Relationship Management Continuous Improvement Forward Thinking
For more information, please refer to the ESA Core Behavioural Competencies guidebook
Education and professional experience
A vocational qualification (EQF level 5) in Operations Cyber Security is required for this post together with 4 years of relevant professional experience.
Additional requirements
The selected candidates will be part of an on-call set-up, requiring regular weekly on-call duties as Technical Incident Handling Coordinator. Experience working in an international context is considered a strong asset. Experience working in the space sector is considered an asset.
Diversity, Equity and Inclusiveness ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, religious beliefs, age, disability or other characteristics.
At the Agency we value diversity, and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further, please contact us via email at [email protected].
Important Information and Disclaimer Applicants must be eligible to access information, technology, and hardware which is subject to European or US export control and sanctions regulations & eligible to acquire the security clearance by their national security administrations.
During the recruitment process, the Agency may request applicants to undergo selection tests. Additionally, successful candidates will need to undergo basic screening before appointment, which will be conducted by an external background screening service, in compliance with the European Space Agency's security procedures.
Note that ESA is in the process of transitioning to a Matrix setup, which could lead to organisational changes affecting this position.
The information published on ESA’s careers website regarding working conditions is correct at the time of publication. It is not intended to be exhaustive and may not address all questions you would have.
Nationality and Languages Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Spain, Sweden, Switzerland, the United Kingdom and Canada, Cyprus, Latvia, Lithuania and Slovakia.
According to the ESA Convention, staff shall be recruited on the basis of their qualifications, taking into account an adequate distribution of posts among nationals of the Member States.
The working languages of the Agency are English and French. A good knowledge of one of these is required. Knowledge of another Member State language would be an asset.
Potential interview questions
| How would you handle a medium-severity security incident? | The interviewer wants to assess your incident handling skills and experience. | Outline your approach to coordinating actions and communicating with stakeholders. |
| Can you describe your experience with forensic analysis in cyber security? | The interviewer is evaluating your technical competencies in forensic analysis. | Pro members can see the explanation. |
| What role does threat intelligence play in incident response? | Pro members can see the explanation. | Pro members can see the explanation. |
| Describe a time you contributed to a security awareness campaign. What was the outcome? | Pro members can see the explanation. | Pro members can see the explanation. |
| How do you prioritize tasks during a security incident? | Pro members can see the explanation. | Pro members can see the explanation. |
| Have you participated in lessons learned exercises? What did you gain? | Pro members can see the explanation. | Pro members can see the explanation. |
| What are the essential elements of a recovery plan following a cyber incident? | Pro members can see the explanation. | Pro members can see the explanation. |
| What considerations do you keep in mind when developing incident handling procedures? | Pro members can see the explanation. | Pro members can see the explanation. |
Added 13 hours ago
-
Updated 3 hours ago
-
Source:
jobs.esa.int
Recent jobs in Redu
21 days left
33 days left
