RHEA Group is an international leading Space and Security engineering organisation providing engineering services and customised technology solutions enabling the design, operation and utilisation of space systems and other critical infrastructure. We attract skilled engineers, scientists and management professionals worldwide; and offer a range of exciting career paths within our organisation and working alongside clients such as the UK Space Agency, the European Space Agency, the European GNSS Agency, NATO, the European Commission, EUMETSAT, etc.
RHEA Group is currently recruiting a Senior Security Engineer to support our cyber-security team based in Frascati, Italy.
You will have the opportunity to work in a challenging environment with state-of-the-art technologies within the cyber-security and space domains. As a Senior Security Engineer, you will be involved in the design, development, improvement and management of our advanced cyber-security services, as well as in the delivery of complex cyber-security solutions.
If you have a passion or interest for cyber security and would like to join a team of seasoned experts with diverse backgrounds, then you are in the right place! At RHEA Group will have the opportunity to work and learn in an exciting environment and participate in unique cyber-security projects for the European Space Agency, NATO and the European Commission.
Tasks and Activities
- Provisioning of best practice advice and guidance in the areas of cyber defence and security operations supporting incident detection, analysis and response including operations policy and procedure development, operational scenario definition, operations centre technology selection and implementation, network and host based sensor technology selection and implementation;
- Provisioning of cyber defence and security operations advice and guidance to technical development teams in the areas of cyber defence situation awareness concepts and requirements; incident detection, analysis and response management; visualization requirements; collaborative information sharing; and relevance of security metrics;
- Perform security risk assessment leveraging different methodologies (including for example ISO27005, MEHARI, EBIOS, HTRA) and tools;
- Perform security requirements elicitation from the risk assessment results;
- Prepare security risk treatment plan;
- Design of secure architecture encompassing firewalls, IDS/IPS, VPN, AAA, encryption etc.
- Design security solutions following a security-by-design approach;
- Design and support the preparation of Cyber security training and awareness, which may include training delivery as well;
- Plan and coordinate security testing activities such as penetration testing and vulnerability assessment.
Skills and Experience
The following skills and experience are mandatory:
- You have a Bachelor’s or master’s in computer science, engineering, IT or a related field
- You have at least 5 years proven work experience as a senior security engineer.
- You have experience in the design of security architectures encompassing SIEM, intrusion detection systems, firewalls, anti-virus software, log management, authentication systems, content filtering, etc.
- You have a professional qualification or certification such as CISSP.
- You possess strong interpersonal skills, team working, good analytic and problem solving capabilities.
- You have strong communication and documentation abilities.
- You are detail-oriented.
- You have an analytical mind and problem-solving aptitude.
- You have effective time management and organizational skills.
You have experience in delivery of operations services or specification of solutions for cyber defence or security operations including some of the following:
- Security Information and Event Management (SIEM) systems and Security Orchestration Automation and Response
- Information Security policies, standards, and procedures;
- Information Security concepts involving confidentiality, integrity and availability;
- Information Security concepts involving threat, vulnerability and risk analysis;
- Information Security concepts involving incident detection, analysis, decision support and response;
- Trusted Product Evaluation standards such as Common Criteria or FIPS 140;
- IT/OT system security.
Some of the following skills would be highly desirable, in order of priority:
- Computer network design (LAN and WAN architectures, routing protocols, TCP/IP);
- Experience in cyber security for space, defense, critical infrastructure, finance or government systems
- Experience with best practices and standards like: ISO27000, NIST Cybersecurity Framework, ISA62443, NIS directive, Common Criteria
- Certification and Accreditation concepts and processes;
- Cloud Computing and virtual environment security;
INTERNATIONAL TECHNICAL RECRUITER