Security Risk Assessment Engineer

[1] The place of employment is subject to changes in the interest of the service and always under due consideration of the Staff Member’s interests.

[2] Possibility of renewal for a fixed period and a further renewal for an indefinite period on the conditions set out in the Staff Regulations and in the Conditions of Employment for Other Servants

[3] The organisational department and the hierarchical reporting line may change in line with the developments of the EUSPA and department’s organisation.

[4] The successful candidate must hold a valid personnel security clearance at the level defined above or be able and willing to apply for it immediately after the contract signature. The procedure for obtaining a personnel security clearance shall be initiated on request of the employer only, and not by the individual candidate. Description of the EU classified information levels is available here.

The European Union Agency for the Space Programme (EUSPA) provides safe and secure European satellite navigation services, promotes the commercialization of Galileo, EGNOS, and Copernicus data and services and coordinates the EU’s forthcoming governmental satellite communications programme GOVSATCOM. EUSPA is responsible for the security accreditation of all the EU Space Programme components. By fostering the development of an innovative and competitive space sector and engaging with the entire EU Space community, EUSPA contributes to the European Green Deal and digital transition, the safety and security of the Union and its citizens, while reinforcing its autonomy and resilience.

A core task for EUSPA is security of the EU Space Programme. The Security Department (SEC) proactively contributes to the fulfilment of the missions of the Agency by providing the security expertise in order to (1) ensure that the components of the Space Programme are defined, implemented and exploited securely, (2) achieve successful security accreditation of the components of the Programme, and (3) ensure a wide, secure and sustainable use of the services provided by the different components.

The Galileo Security Monitoring Centre (GSMC) is an integral part of the Galileo infrastructure responsible for monitoring and responding to security threats and alerts, and the overall operational status of systems components. For Public Regulated Services (PRS), the Centre is the interface with governmental entities for cryptographic keys requests. The GSMC also supports the European External Action Service in case of threat to the security of the European Union or of a Member State.

The GSMC is currently composed of four teams (operational, engineering, facility management and security) working together under the leadership of the Head of GSMC in the following locations:

• GSMC Master site – Saint-Germain-en-Laye, France;
• GSMC Backup site – San Martin de la Vega, Community of Madrid, Spain.

You will be joining a dynamic and operational EU Agency and have the opportunity to work with colleagues from a broad array of different backgrounds and expertise all contributing to one of the most important and ambitious projects ever undertaken by the EU. We are committed to implement the EU Space Programme and turn the EU space ambitions into a reality. For more information on the EUSPA and the EU Space Programme, click here.

The Agency is looking for a Security Risk Assessment Engineer with strong engineering and organisational skills to join our dynamic EU Agency.

The jobholder will be located in GSMC and will support the preparation and maintenance of the security accreditation documentation related to GSMC sites, equipment and operations as well as corporate security engineering. She/he will report to the Head of Security department or Team Leader (located at the Agency’s headquarters in Prague).

The Security Risk Assessment Engineer will be entrusted with the following tasks and responsibilities:

1. Security accreditation file preparation:

• Provide security support to the preparation of the security accreditation files for the GSMC systems, operations and sites;
• Support the maintenance of the schedule of the GSMC accreditation activities;
• Contribute to the security risks analyses and to the definition of the associated risks mitigation actions and security measures and follow up on their implementation for GSMC sites, equipment and operations;
• Follow up on tasks related to the system development and operations for the GSMC in the preparation of the security accreditation files and security risk analysis;
• Update the GSMC input to the Galileo security risk registers, including monitoring and reporting on the implementation of treatment plans;
• Support Interactions with Member States’ Local Security Accreditation Authorities (LSAA) in the frame of the Security Accreditation Process and of the Critical Infrastructure Management Process;
• Provide procurement support t in areas that have implications in the security accreditation processes of the Components (e.g. site hosting, infrastructure and operations) and assess the impact of changes to the security baseline;
• Contribute to the establishment, analysis and continuous update of the Statement of Compliance to the applicable security requirements, its impact in the associated security accreditation file and follow-up to corresponding actions;
• Participate in on-site security audits/visits of the ground stations of the different Components when necessary.

2. GSMC operational ICT deployed systems, activities and facilities:

• Contribute to definition, compliance and implementation of the security requirements;
• Contribute to design of security aspects for technical infrastructure;
• Prepare the disaster recovery and business continuity plans for the information and communication technology (ICT) systems and facilities;
• Review the documents for anomalies reporting and resolution, and configuration changes to ensure compliance with the applicable security requirements and operating procedures.

3. Support to corporate activities:

• Contribute through the Agency’s accreditation organisation to technical support for the activities of the different Security Boards and associated Working Groups;
• Liaise and coordinate with the other teams of the Agency to provide security engineering support.

The Security Risk Assessment Engineer shall be available for occasional on-call duties at the GSMC outside normal working hours or upon request in case of operational emergency (availability by phone with ability to come back to the site within predefined times that will be established to meet operational external requirements). Relevant necessary training will be provided.

Place of employment:

The place of employment will be Saint-Germain-en-Laye. However, the jobholder may be requested to go on frequent missions (including long term missions) to other EUSPA sites (Spain and Czech Republic) to perform similar tasks to those in France.

The selection procedure is open to applicants who satisfy the following eligibility criteria, on the closing date for application:

1. A level of education which corresponds to completed university studies⁵ of at least three years attested by a diploma
2. Be a national of a Member State of the European Union
3. Be entitled to his or her full rights as citizen
4. Have fulfilled any obligations imposed by the applicable laws concerning military service
5. Meet the character requirements for the duties involved⁶
6. Have a thorough knowledge of one of the languages of the European Union⁷ and a satisfactory knowledge of another language of the European Union to the extent necessary for the performance of his/her duties
7. Be physically fit to perform the duties linked to the post⁸

Temporary agents (2f) from EUSPA and other EU agencies, in grade AD5 or AD6, are also invited to apply in accordance with the following EUSPA rules:https://www.euspa.europa.eu/sites/default/files/conditions_of_employment_of_temporary_staff_ta.pdf

[5] Only study titles that have been awarded in EU Member States or that are subject to the equivalence certificates issued by the authorities in the said Member States shall be taken into consideration. Qualifications/diplomas awarded in the United Kingdom until 31/12/2020 are accepted without further recognition. For diplomas awarded in the United Kingdom after this date (from 01/01/2021), a NARIC recognition is required: https://www.enic-naric.net/ [6] Prior to the appointment, the successful candidate will be asked to provide a Police certificate confirming the absence of any criminal record. [7] The languages of the EU are: Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, Irish, German, Greek, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovene, Spanish, Swedish. [8] Before a successful candidate can be appointed, s/he will be medically examined by a selected medical service so that the Agency will be satisfied that s/he fulfils the requirement of Article 28(e) of the Staff Regulation of Officials of the European Communities.

All eligible applications, according to the afore-mentioned criteria, will be assessed against the requirements listed below solely based on the information provided by the candidates in their application. 

The Selection Board responsible for this selection will determine the criteria to be assessed in the various phases of the selection procedure (assessment of the application forms, interview and written test) prior to being granted access to the names of the applicants. All essential criteria will be assessed during the applications evaluation phase.

Non-compliance with any of the essential criteria may result in the exclusion of the candidate from the selection process. Advantageous criteria constitute additional assets and will not result in exclusion, if not fulfilled.

When filling the online application, candidates are expected to clearly include elements that demonstrate that their profile matches the requirements below.

Essential criteria

1. University degree in a relevant field (e.g. engineering, physics, mathematics or other exact sciences);
2. Proven experience in the field of systems security, preferably in security accreditation or highly regulated domain (e.g. Maritime, Rail, Defence), or security risk management;
3. Excellent command of both written and spoken English;

Advantageous criteria

4. Experience in handling classified material at or above SECRET UE/EU SECRET (or equivalent);
5. Knowledge (by training or experience) of Space programmes (e.g. GNSS, Earth Observation, Telecommunication, SSA);
6. Knowledge (by training or experience) of security risk management methodologies and/or standards relevant for the post (e.g. CISSP, GIAC, ISO 27000, ISACA, Common Criteria);
7. Experience with working in international environments;
8. Good command of both written and spoken French;

Behavioural competencies

9. Motivation;
10. Excellent communication skills;
11. Ability to work with others within a team;
12. Customer service-oriented mind-set;
13. Ability to deliver accurate work under pressure, organise workload and prioritise tasks.

The current vacancy aims to establish a reserve list.

A comprehensive description of the selection process is available here.

Indicative date for the interview and written test: June/July 2021. The date might be modified depending on the availability of the Selection Board members.

Candidates are strictly forbidden to make any contact with the Selection Board members, either directly or indirectly. Any infringement of this rule will lead to disqualification from the selection procedure.

Any questions regarding the selection procedure should be addressed only to: jobs@euspa.europa.eu

In order to be considered for this position, candidates need to create an account by registering via the EUSPA e-recruitment tool.

Only applications submitted via the e-recruitment tool will be accepted. Applications sent via email or post will not be taken into consideration.

Multiple applications received for the same position via different accounts will lead to the exclusion of the applicant from the selection procedure.

Important: the information provided by candidates in their online application constitutes the solely basis for the assessment of the eligibility and selection criteria. Therefore, they are invited to carefully read the requirements and to provide the relevant information in such detail that would allow this assessment. Particular attention should be paid to information on the education and professional experience, in particular exact dates, description of responsibilities and duties carried out. It is the candidate’s responsibility to ensure accurate and elaborate completion of the application form and avoidance of unclarities and typos.

All sections of the application should be completed in English in order to facilitate the selection procedure.

In order to be considered, applications must be received by the closing date indicated in the vacancy notice.

Candidates are advised to submit the application well ahead of the deadline in order to avoid potential problems during the final days before the closing date of applications’ submissions. The Agency cannot be held responsible for any last-minute malfunctioning of the e-recruitment tool due to heavy traffic on the website.

Any request for technical support must be sent to: jobs@euspa.europa.eu minimum two working days before the vacancy notice deadline. Please note, that if you submit your request for technical support later, we may not be able to assist you;

Please consult the e-recruitment guideline for instructions on completing the application.

Any questions regarding the selection procedure should be addressed only to: jobs@euspa.europa.eu

If a candidate considers that she/he has been adversely affected by a particular decision, she/he can lodge a complaint under Article 90(2) of the Staff Regulations of Officials of the European Union and Conditions of employment of other servants of the European Union; submit a judicial appeal under Article 270 of the Treaty on the Functioning of the EU (ex Art. 236 of the EC Treaty) and Article 91 of the Staff Regulations of Officials of the European Union; or make a complaint to the European Ombudsman.

Details on how to initiate these processes are available here.

FINANCIAL ENTITLEMENTS

The remuneration consists of a basic salary⁹ and, where applicable, additional allowances¹⁰, paid on a monthly basis and reimbursements¹¹, paid upon their evidenced occurrence.

The sum of the basic salary and the applicable additional allowances is weighted by the correction coefficient applicable for the location of the post¹². The sum of usual social deductions from salary at source is subtracted from the weighted amount¹³. The full pay is exempted from the national income tax, but is subject to the internal income tax and the solidarity levy¹⁴.

Examples of net monthly salaries (as currently applicable for Saint-Germain-en-Laye) are presented below:

LEAVE ENTITLEMENTS

Staff is entitled to annual leave of two working days per each complete calendar month of service plus additional days for the grade, age, home leave for expatriates and an average of 16 EUSPA public holidays per year.

Special leave is granted for certain circumstances such as marriage, moving, elections, birth or adoption of a child, serious sickness of spouse, etc.

SOCIAL SECURITY

The pension scheme provides a very competitive pension after a minimum of 10 years of service and reaching the pensionable age. Pension rights acquired in one or more national schemes before starting to work at the EUSPA may be transferred into the EU pension system.

EUSPA’s benefits include an attractive Health insurance: staff is covered 24/7 and worldwide by the Joint Sickness Insurance Scheme (JSIS). Staff is insured against sickness, accident and occupational disease, and could be entitled to unemployment and to invalidity allowances.

PROFESSIONAL DEVELOPMENT AND BENEFITS CONTRIBUTING TO WORK-LIFE BALANCE

EUSPA aims at creating and maintaining a supportive and healthy work environment that enables staff members to have a balance between work and personal responsibilities, for example through flexible working time arrangements. 

EUSPA also offers a wide range of training courses to develop staff members’ personal skills and to keep in touch with the latest developments in their field. The training and professional development opportunities are attuned to the career plan and requirements of the departments.

INTERAGENCY MOBILITY

In case of interagency mobility, EUSPA and the selected candidate shall conclude a contract of employment in accordance with the EUSPA rules: https://www.euspa.europa.eu/sites/default/files/conditions_of_employment_of_temporary_staff_ta.pdf

^[9] As per Articles 92 and 93 CEOS. ^[10] Household allowance (e.g. if you have a dependent child or you are married and your spouse's income is below a defined threshold); Dependent child allowance (e.g. if you have a child under the age of 18 or between 18 and 26, if in specified training programme); Education allowances (in very specific cases) or Payment of the education fees applicable to the educational institutions EUSPA has an agreement with (currently more than 18 international schools in the Czech Republic and Spain, and European Schools in France and in the Netherlands); Expatriation allowance (16% of the sum of basic salary and other applicable allowances). ^[11] If the staff member is requested to change the residence in order to take up duties, s/he will be entitled to: reimbursement of the travel costs; temporary daily subsistence allowance (e.g. EUR 43.11 for up to 10 months or EUR 34.76 for 120 days, if no dependents); installation allowance (depending on personal situation, 1 or 2 months of the basic salary – paid upon successful completion of the nine-month probationary period). ^[12] Currently correction coefficients for the EUSPA duty locations are: 85.5% for CZ, 117.7% for FR, 111.5% for NL, 91.6% ES. The coefficient is updated every year in December, with retroactive effect from 1 July. ^[13] Pension (9.7%); health insurance (1.70%); accident cover (0.10%); unemployment insurance (0.81%). ^[14] Currently: income tax: tax levied progressively at a rate of between 8% and 45% of the taxable portion of the salary; solidarity levy: 6%. ^[15] Please note that the numbers in examples b) and c) are indicative and net monthly remuneration varies depending on the personal, life and social situation of the incumbent. The various components of the remuneration are updated every year, with retroactive effect from 1 July.

Declaration of commitment to serve the public interest independently:

The jobholder will be required to make a declaration of commitment to act independently in the public interest and to make a declaration in relation to any interest that might be considered prejudicial to his/her independence.

The jobholder will be required to carry out his/her duties and conduct him/herself solely with the interests of the European Union in mind; he/she shall neither seek nor take instruction from any government, authority, organisation or person outside his/her institution. She/he shall carry out the duties assigned with objectivity, impartiality and loyalty to the European Union.

Commitment to promote equal opportunities:

The Agency is an equal opportunities employer and strongly encourages applications from all candidates who fulfil the eligibility and selection criteria without any distinction whatsoever on grounds of nationality, age, race, political, philosophical or religious conviction, gender or sexual orientation and regardless of disabilities, marital status or other family situation.

The personal data requested from applicants will be processed in line with Regulation (EU) N° 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, officers and agencies and on the free movement of such data (repealing Regulation (EC) N° 45/2001 and Decision N° 1247/2002/EC) and the applicable privacy statement which can be accessed here: https://www.euspa.europa.eu/sites/default/files/privacy_statement_selection_and_recruitment_2019.pdf.