About this job

Sapienza Consulting, a tpgroup company, is recruiting an Information Security Engineer for Sapienza to work on our Customers Site (ESA-ESTEC).

Sapienza has been a partner of ESA for almost 30 years, and we pride ourselves in supporting a wide range of missions including Galileo, MTG, Copernicus and ExoMars. Our team is international with activities across the U.K., the Netherlands, North Macedonia, Belgium, Luxembourg, France, Germany, Italy and Spain.

Responsibilities

ESACERT based security service-related tasks:

• Security Monitoring and Analytics:
  • SIEM technology’s
  • SPLUNK
  • Syslog
• Security Awareness:
  • Develop and deliver security awareness and compliance training programs
  • Conduct knowledge transfer training sessions to security operations team upon technology implementation.
• Forensics Analysis:
  • Utilize investigative methods, forensic software and hardware to locate specific electronic data including: internal and external e-mail; Internet history usage; documents, malware; and other files to support ESACERT Service manager.
• Vulnerability Management:
  • Utilize standard vulnerability tools like Nessus, Acunetix , OpenVas
• Security Intelligence:
  • Integration within existing tool of Security Intelligence services
  • Knowledge of OSINT tools
  • MISP
• Incident Response:
  • Incident Handling & Reporting
  • Vulnerability Scanning
  • SIEM Log Analysis
  • Firewall Analysis
  • Malware and APT
• ICT Infrastructure management:
  • Maintaining CERT technical environment infrastructure
  • Servers, Appliances, VMs and workstations used for the daily security activities
• Analysis of ESA environment software/hardware against security risks
  • Security White Papers

Non-technical requirements:

Considering the nature of the service privacy and non-conflicts of interest are essential requirements to be able to deliver the service specified above. In particular:

• The staff shall be ready to apply, upon ESA request, for national security clearance.
• The staff shall not respond to or be employed by a company that plays major roles in the delivery of IT/Technical services to ESA.

ZED! support to Directorates:

Zed! Is a software solution from Primex technology that has been selected as EU dual approved encryption technology suitable for ESA classified documents up to ‘’Restricted’’.

Zed! Uses encrypted containers to protect file transports regardless of the method used (email attachment, USB stick, removable device, file transfer, etc.)

Support need to be provided to end-users all over the Agency for:

• ZED! Secure software installation, configuration and disposal in according to existing procedures on supported platform (Windows, VDI/MAC)
• Preparation and maintenance of ZED! Guideline for secure utilization of the software within the ESA environment.
• Troubleshooting and support user request who has issues with the software.
• Incident Management

Profile

• Master’s degree
• Minimum 4 years of relevant experience
• Professional Certifications related Security skills are considered an asset:
  • EC-Council, (http://www.eccouncil.org) Certified Ethical Hacker
  • GIAC, http://www.giac.org/ Certified Incident handler, Certified penetration tester, Certified Forensic analyst
  • Offensive Security, http://www.offensive-security.com/
• Fluent in English; knowledge of another ESA member-state language is an asset

Required BASIC skills:

• Good knowledge of Networking and TCP/IP protocols,
• Operating Systems: Unix/Linux, Windows XP/7/2008/2012, VMWare
• Programming Languages: C, C++ (at least one)
• Scripting Languages: PHP, Python, Perl (at least one)
• Knowledge of Firewall, IDS/IPS, proxies and VPN Gateways

Required ADVANCED skills:

• Experience in CERT or SOC (Blue team)
• SIEM, Investigation skills on centralized log management systems
• Penetration test and Vulnerability Assessment (Red team)
• Malware analysis (static and dynamic) with knowledge on Sandbox devices.
• Strong experience in Encryption technology and tools (e.g. ZED!, PGP,PKI)

Other skills

• Project Management
• Good interpersonal and diplomatic skills and team player
• Fluent in English speaking and writing (e.g. B2)
• Writing User Manuals
• Writing and managing Project and Service Documentation
• Working knowledge of data protection based on a defense-in-depth approach
• Working knowledge of the ITIL and the ISO27000 Framework
• Knowledge of the EU Data Classification model is an asset
• Willing to travel for user community related requirements and issues.

Candidates must be eligible to work in the EU

For information on how we process the personal data in your application, please see the Sapienza Privacy Statement here.