About this job

Serco Europe is recruiting a Information Security Engineer to work on our Customers Site (ESA-ESTEC).

Serco is a trusted provider of services to National Space Agencies and the European Space Agency (ESA), we have over 40 years’ experience supporting the space sector and providing services for all stages of our customer’s space missions.

Responsibilities

• Security Monitoring and Analytics:
  • SIEM technologies.
  • SPLUNK.
  • Syslog.
• Security Awareness:
  • Develop and deliver security awareness and compliance training programs.
  • Conduct knowledge transfer training sessions to security operations team upon technology implementation. Support the Risk Management and Configuration Management processes within the ESA Project Team, including the disposition of requests for Deviations and Requests for Waivers (RFDs & RFWs).
• Forensics Analysis:
  • Utilize investigative methods, forensic software and hardware to locate specific electronic data including: internal and external e-mail; Internet history usage; documents, malware; and other files to support ESACERT Service manager.
• Vulnerability Management:
  • Utilize standard vulnerability tools like Nessus, Acunetix , OpenVas.
• Security Intelligence:
  • Integration within existing tool of Security Intelligence services.
  • Knowledge of OSINT tools.
  • MISP.
• Incident Response:
  • Incident Handling & Reporting.
  • Vulnerability Scanning.
  • SIEM Log Analysis.
  • Firewall Analysis.
  • Malware and APT.
• ICT Infrastructure management:
  • Maintaining CERT technical environment infrastructure.
  • Servers, Appliances, VMs and workstations used for the daily security activities.
• Analysis of ESA environment software/hardware against security risks:
  • Security White Papers
• The candidate shall be ready to apply, upon ESA request, for national security clearance.
• The candidate shall not respond to or be employed by a company that plays major roles in the delivery of IT/Technical services to ESA.
• Zed! Is a software solution from Primex technology that has been selected as EU dual approved encryption technology suitable for ESA classified documents up to ‘’Restricted’’. Zed! Uses encrypted containers to protect file transport regardless of the method used (email attachment, USB stick, removable device, file transfer, etc.) Support needs to be provided to end-users all over the Agency for:
  • ZED! Secure software installation, configuration and disposal according to existing procedures on supported platform (Windows, VDI/MAC).
  • Preparation and maintenance of ZED! Guideline for secure utilization of the software within the ESA environment.
  • Troubleshooting and supporting user requests who has issues with the software.
  • Incident Management.

Profile

• Master’s degree in a relevant discipline.
• Minimum of 4 years’ relevant experience.
• Required basic knowledge:
  • Good knowledge of Networking and TCP/IP protocols
  • Operating Systems: Unix/Linux, Windows XP/7/2008/2012, VMWare.
  • Programming Languages: C, C++ (at least one).
  • Scripting Languages: PHP, Python, Perl (at least one).
  • Knowledge of Firewall, IDS/IPS, proxies and VPN Gateways.
• Required advanced knowledge:
  • Experience in CERT or SOC (Blue team).
  • SIEM, Investigation skills on centralized log management systems
  • Penetration test and Vulnerability Assessment (Red team)
  • Malware analysis (static and dynamic) with knowledge on Sandbox devices.
  • Strong experience in Encryption technology and tools (e.g. ZED!, PGP,PKI).
• Other skills:
  • Project Management
  • Good interpersonal and diplomatic skills and team player
  • Writing User Manuals
  • Writing and managing Project and Service Documentation
  • Working knowledge of data protection based on a defense-in-depth approach
  • Working knowledge of the ITIL and the ISO27000 Framework
  • Knowledge of the EU Data Classification model is an asset
  • Willing to travel for user community related requirements and issues.
• Professional Certifications related Security skills are considered an asset:
  • EC-Council, (http://www.eccouncil.org) Certified Ethical Hacker
  • GIAC, http://www.giac.org/
  • Certified Incident handler,
  • Certified penetration tester,
  • Certified Forensic analyst
  • Offensive Security, http://www.offensive-security.com/
• Excellent interpersonal skills are needed, together with a high degree organizational and communication abilities, and comfortable with working in a diverse and multinational team environment.
• Proficient in the English language, both written and spoken
• Knowledge of another official ESA language is an asset.
• Candidates must be eligible to work in the EU.