Security Risk Assessment Engineer

Saint-Germain-en-Laye, France, European Union Agency for the Space [EUSPA/2021/AD/028]

Field(s) of expertise
Cyber Security Space Systems Engineering
Job type

About this job

Please submit your application by 10/06/2021 11:59 (Prague time) 
The only means of submitting an application for this vacancy is through the EUSPA e-recruitment portal https://www.euspa.europa.eu/about/careers-euspa. 
The Agency is looking for a Security Risk Assessment Engineer with strong engineering and organisational skills to join our dynamic EU Agency.
The jobholder will be located in GSMC and will support the preparation and maintenance of the security accreditation documentation related to GSMC sites, equipment and operations as well as corporate security engineering. She/he will report to the Head of Security department or Team Leader (located at the Agency’s headquarters in Prague).


The Security Risk Assessment Engineer will be entrusted with the following tasks and responsibilities:
1. Security accreditation file preparation:

  • Provide security support to the preparation of the security accreditation files for the GSMC systems, operations and sites;
  • Support the maintenance of the schedule of the GSMC accreditation activities;
  • Contribute to the security risks analyses and to the definition of the associated risks mitigation actions and security measures and follow up on their implementation for GSMC sites, equipment and operations;
  • Follow up on tasks related to the system development and operations for the GSMC in the preparation of the security accreditation files and security risk analysis;
  • Update the GSMC input to the Galileo security risk registers, including monitoring and reporting on the implementation of treatment plans;
  • Support Interactions with Member States’ Local Security Accreditation Authorities (LSAA) in the frame of the Security Accreditation Process and of the Critical Infrastructure Management Process;
  • Provide procurement support t in areas that have implications in the security accreditation processes of the Components (e.g. site hosting, infrastructure and operations) and assess the impact of changes to the security baseline;
  • Contribute to the establishment, analysis and continuous update of the Statement of Compliance to the applicable security requirements, its impact in the associated security accreditation file and follow-up to corresponding actions;
  • Participate in on-site security audits/visits of the ground stations of the different Components when necessary.

2. GSMC operational ICT deployed systems, activities and facilities:

  • Contribute to definition, compliance and implementation of the security requirements;
  • Contribute to design of security aspects for technical infrastructure;
  • Prepare the disaster recovery and business continuity plans for the information and communication technology (ICT) systems and facilities;
  • Review the documents for anomalies reporting and resolution, and configuration changes to ensure compliance with the applicable security requirements and operating procedures.

3. Support to corporate activities:

  • Contribute through the Agency’s accreditation organisation to technical support for the activities of the different Security Boards and associated Working Groups;
  • Liaise and coordinate with the other teams of the Agency to provide security engineering support.

The Security Risk Assessment Engineer shall be available for occasional on-call duties at the GSMC outside normal working hours or upon request in case of operational emergency (availability by phone with ability to come back to the site within predefined times that will be established to meet operational external requirements). Relevant necessary training will be provided.
Place of employment:
The place of employment will be Saint-Germain-en-Laye. However, the jobholder may be requested to go on frequent missions (including long term missions) to other EUSPA sites (Spain and Czech Republic) to perform similar tasks to those in France.


The selection procedure is open to applicants who satisfy the following eligibility criteria, on the closing date for application:

  • A level of education which corresponds to completed university studies of at least three years attested by a diploma
  • Be a national of a Member State of the European Union
  • Be entitled to his or her full rights as a citizen
  • Have fulfilled any obligations imposed by the applicable laws concerning military service
  • Meet the character requirements for the duties involved
  • Have a thorough knowledge of one of the languages of the European Union and a satisfactory knowledge of another language of the European Union to the extent necessary for the performance of his/her duties
  • Be physically fit to perform the duties linked to the post

All eligible applications, according to the afore-mentioned criteria, will be assessed against the requirements listed below solely based on the information provided by the candidates in their application. 
The Selection Board responsible for this selection will determine the criteria to be assessed in the various phases of the selection procedure (assessment of the application forms, interview and written test) prior to being granted access to the names of the applicants. All essential criteria will be assessed during the applications evaluation phase.
Non-compliance with any of the essential criteria may result in the exclusion of the candidate from the selection process. Advantageous criteria constitute additional assets and will not result in exclusion, if not fulfilled.
When filling the online application, candidates are expected to clearly include elements that demonstrate that their profile matches the requirements below.
Essential criteria

  • University degree in a relevant field (e.g. engineering, physics, mathematics or other exact sciences);
  • Proven experience in the field of systems security, preferably in security accreditation or highly regulated domain (e.g. Maritime, Rail, Defence), or security risk management;
  • Excellent command of both written and spoken English;
  • Advantageous criteria

  • Experience in handling classified material at or above SECRET UE/EU SECRET (or equivalent);
  • Knowledge (by training or experience) of Space programmes (e.g. GNSS, Earth Observation, Telecommunication, SSA);
  • Knowledge (by training or experience) of security risk management methodologies and/or standards relevant for the post (e.g. CISSP, GIAC, ISO 27000, ISACA, Common Criteria);
  • Experience with working in international environments;
  • Good command of both written and spoken French;
  • Behavioural competencies

  • Motivation;
  • Excellent communication skills;
  • Ability to work with others within a team;
  • Customer service-oriented mind-set;
  • Ability to deliver accurate work under pressure, organise workload and prioritise tasks.
  • For information on how the personal data in your application is processed, please see the European Union Agency for the Space Privacy Policy.