IT Security Engineer

Company Details

RHEA Group is an international leading Space and Security engineering organisation providing engineering services and customised technology solutions enabling the design, operation and utilisation of space systems and other critical infrastructure. We attract skilled engineers, scientists and management professionals worldwide; and offer a range of exciting career paths within our organisation and working alongside clients such as the UK Space Agency, the European Space Agency, the European GNSS Agency, NATO, the European Commission, EUMETSAT, etc.

Why join RHEA?

We are a growing international company, with over 700 staff working in 11 countries. Our teams are involved in innovative space missions and cutting-edge projects in security, concurrent design, data and ground systems.

When you join us, you will work alongside recognized industry experts, either on our clients’ premises or in our offices across Europe and Canada. This is your opportunity to boost your career and shape the future of the space, security and systems engineering industries.

We are looking for an IT Security Engineer to work in Frascati, Italy.

The key individual will support ESA in the management and evolution of the Earth Observation security services.

Tasks and Activities

The scope of work will include:

  • Collecting, defining, and analyzing security requirements for project and service deliveries, ensuring that projects and services go live with security controls in place.
  • Evaluating and supporting the design, testing and implementation of IT security solutions.
  • Monitoring, assessing, and reporting on performance and deliverables of third parties’ IT security services, and identifying areas for improvement.
  • Supporting the integration of systems and services into ESA Earth Observation infrastructure in compliance with the applicable security requirements, procedures and policies.
  • Coordinating and supporting vulnerability assessment and web application scanning activities.
  • Supporting the Project/System Security Officer for the security incident handling and in particular:
    • Ensuring that projects and services define and applying procedures to this purpose.
    • Ensuring that security breaches are reported to the ESA IT Computer Security Emergency Response Team (ESACERT).
  • Assisting the Project/System Security Officer in conducting risk management and providing guidance on the selection of the appropriate risk treatment measures.
  • Assisting and advising the Project/System Security Officer in the establishment of the Information Security Management Plan, and in the review and update of the Department Security Framework.
  • Preparing security best practices and guidelines (e.g. for application development).
  • Providing the Department’s staff and contractors with periodical security awareness training.
  • Delivering and reviewing reports, procedures, and other requested documentation.

Skills and Experience

The following skills and experience are mandatory:

  • A university degree or equivalent qualification, preferably in Telecommunication Engineering or Computer Science.
  • Project management experience in ICT and security integration projects.
  • Experience in the design and integration of security architectures, including Cloud Computing and virtual environment.
  • Good knowledge of Information Security management policies, standards, and procedures.
  • Experience with security risk assessment methodologies.
  • Familiar with Certification and Accreditation concepts and processes
  • In depth knowledge of:
    • Information Security concepts, processes, and methodologies.
    • Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR) and Security Operation Centre (SOC).
    • Intrusion detection systems, firewalls, anti-virus software, log management, authentication systems, content filtering, Cryptography and Public Key Infrastructure (PKI), Identity Management systems.
    • Vulnerability assessment tools (e.g.: Qualys) and management solutions (e.g.: Skybox).
    • Penetration testing (PenTest).
    • LAN and WAN technologies and relevant protocols (such as TCP/IP, UDP, RIP, OSPF, BGP, SNMP, IPSec, SSL, TLS, VPN).
    • End system architectures and operating systems such as Windows and Linux.
    • Cloud Computing technologies and services.
    • Virtualization technologies such as KVM, VMWare or Containerization.
    • ICT and network services (email, name server applications, etc.).
  • Strong interpersonal and organisational skills, team working capabilities, time management skills, analytical thinking and a problem-solving aptitude.
  • Strong communication and documentation skills.
  • Fluent in English, both written and spoken.

The following skills would be highly desirable:

  • A working knowledge of other European languages, both written and spoken.
  • In possession of relevant security and networking certifications (e.g. CISSP, CEH, CISM, CCNP, ISO/IEC 27001).

What we offer

  • Competitive remuneration packages
  • Unique career opportunities, including working in other countries
  • Personalized training and development programmes
  • Flexible relocation support
  • Stable company with a family atmosphere.

This position is open to protected categories under Italian Law 68/99 (“Rules for the right to work of disabled people”).
Questa posizione e’ aperta alle categorie protette L. 68/99.

Tagged as: cyber security, it project management

Visit us on LinkedInVisit us on FacebookVisit us on Twitter