RHEA Group is an international leading Space and Security engineering organisation providing engineering services and customised technology solutions enabling the design, operation and utilisation of space systems and other critical infrastructure. We attract skilled engineers, scientists and management professionals worldwide; and offer a range of exciting career paths within our organisation and working alongside clients such as the UK Space Agency, the European Space Agency, the European GNSS Agency, NATO, the European Commission, EUMETSAT, etc.
We are currently looking for a Security Risk Analyst to join our Security Services Business Unit.
You will have the opportunity to work in a challenging environment with state-of-the-art technologies and challenging security projects. As a Security Risk Analyst, you will be involved in risk assessment exercise required in our Security and Research & Development projects in order to pursue the security-by-design approach, support the delivery of security operations services and cybersecurity training.
If you have a passion or interest for cyber security and would like to join a team of seasoned experts with diverse backgrounds, then you are in the right place! At RHEA Group will have the opportunity to work and learn in an exciting environment and participate in unique cyber-security projects for the European Space Agency, NATO and the European Commission.
Tasks and Activities
The scope of work will include:
- Perform security risk assessment leveraging different methodologies (including ISO27005, MEHARI, HTRA).
- Perform security requirements elicitation from the risk assessment results.
- Prepare security risk treatment plan.
- Implement the security-by-design approach.
- Design of secure architecture encompassing firewalls, IDS/IPS, VPN, AAA, encryption etc.
- Provisioning of best practice advice and guidance in the areas of cyber defence and security operations supporting incident detection, analysis and response including operations policy and procedure development.
- Prepare and deliver training modules in the frame of RHEA Cyber security training courses.
Skills and Experience
The following skills and experience are mandatory:
- University degree in computer science, engineering, IT or a related field.
- At least 5 years proven work experience as security risk analyst or security engineer.
- Experience in delivery of operations services or specification of solutions for cyber defence or security operations including some of the following:
- ISO 27000 series standards;
- Information Security policies, standards, and procedures;
- Information Security concepts involving confidentiality, integrity and availability;
- Information Security concepts involving threat, vulnerability and risk analysis;
- Cloud Computing or virtual machine security;
- Cyber Defence or Continuous Monitoring Solutions;
- Trusted Product Evaluation standards such as Common Criteria or FIPS 140;
- Secure technology standards such as Trusted Platform Module, Trusted Execution Environment;
- Certification and Accreditation concepts and processes;
- Cryptography and Public Key Infrastructure (PKI);
- Identity Management systems;
- Technical vulnerability assessment (VA) and penetration testing (PenTest);
- Vulnerability and patch management solutions;
- Host or network based Intrusion Detection and Prevention Systems (IDS/IPS);
- Firewalls or Unified Threat Management (UTM) systems;
- Virtual Private Networking (VPN).
- Network Management (NM) systems;
- Security Information and Event Management (SIEM) systems;
- Knowledge in one or more of the following:
- Information Security concepts involving incident detection, analysis, decision support and response;
- Network Local Area Networking (LAN), Metropolitan Area Networking (MAN) or Wide Area Networking (WAN) technologies;
- Internet Protocols such as TCP/IP, UDP, RIP, OSPF, BGP, SIP, SNMP, IPSec, SSL, TLS;
- End system architectures and operating systems such as Windows, Linux.
- Virtualization technologies such as KVM, VMWare, open nebula etc.
- Professional qualification or certification such as CISSP, OSPT or similar.
- Strong interpersonal skills, team working, good analytic and problem solving capabilities.
- Strong communication and documentation abilities.
- Detail-oriented attitude.
- Analytical mind and problem-solving aptitude.
- Effective time management and organizational skills.
- Past experience in cyber security for space, defense, critical infrastructure, finance or government systems.
- Excellent oral and written communications capability in English.
When you work for RHEA, you will have the opportunity to work alongside some of the best talented minds and experts in our industries, either working at our clients sites on some of the most exciting space missions or on cutting-edge projects in security, concurrent design, data and ground systems within our own offices.
To attract the best candidates, RHEA offers our employees competitive remuneration packages, unique career opportunities, individualised training and development programmes and local relocation support to take the stress out moving to another country or city. We are recruiting now. We understand your concerns during this period of a global pandemic and we will work with you, at your pace ensuring your questions are answered and maximum flexibility is offered.