Cyber Security Maintenance and Operations Engineer (m/f/d) _REF. NO. 24_78732

How would it sound if there was a job opportunity to help develop space for safety and security, covering specific space subject such as debris mitigation, debris removal but also broader subjects like cyber resilience?

For our customer, the European Space Agency (ESA/ESOC) located in Darmstadt, Germany we are looking for Cyber Security Maintenance and Operations Engineers.

ESA’s space infrastructure is becoming ever more critical and ensuring cyber resilience on its space and ground systems is mandatory. In line with this vision, ESA, under the lead of the ESA Security Office (ESO), is creating a new centre for cyber-security which will safeguard all ESA systems against malicious interference, extending from ESA infrastructure around the globe to satellites in orbit.

The new centre is called C-SOC, the ESA Cyber Security Operations Centre. Its operations will be distributed across two sites (C-SOC instances): the European Space Security and Education Centre (ESEC) in Belgium and the European Space Operations Centre (ESOC) in Germany.

ESOC located in Darmstadt Germany, is the primary location for C-SOC operations delivery for security monitoring and incident management for ESA Space Systems and Ground Segment and the primary provider of SOC capabilities to safeguard ESA’s space system and ground segment assets as well as the associated customers from cyber threats.

The position will include tasks such as:

• Assessing and developing cybersecurity programs to help mature the security posture of tenants prior to an incident.
• Incident response investigations. Conducting or managing incident response. investigations for organizations, investigating targeted threats such as the advanced persistent threat, organized crime, and hacktivists.
• Creating customized tactical and strategic remediation plans.
• Hunting for threats, anomalies and cyber-related disruptions.
• Research and assess customer’s threats and IOCs / IOAs.
• Performing threat analysis with policy and regulatory mandates.
• Conducting penetration tests.
• Performing network analysis.
• Troubleshooting and diagnosing issues at the application and operating system level within either Windows and Linux environments.
• Performing network operations.
• Producing and ensuring delivery of high-quality written and verbal reports, presentations, recommendations, and findings.
• Effectively communicate with other teams (tasks, guidance, and methodology).

Required Skills:

• Engineering degree in a relevant technical field with min. 5 years of experience
• Good command of the English language, verbal and written is mandatory, as English is the working language.
• Problem solving, and willingness to support tenants
• Analytical and critical thinking

Strong understanding of:

• System internals
• Network protocols
• Network analysis tools
• Secure network architecture
• Targeted attacks
• MITRE ATT&CK techniques / sub-techniques
• Current and emerging threats
• Intrusion lifecycle and nation-state adversary TTPs
• Regex & any query language
• Techniques and tools for crawling, extracting and processing data

Ability to:

• Effectively communicate tasks, guidance, and methodology with other teams
• Use a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise
• Find innovative ways to get data from various sources
• Tailor communication to a wide range of stakeholders from security analysts to executives
• Produce and ensure delivery of high quality written and verbal reports, presentations, recommendations, and findings
• Communicate technical detail in a simple, top-down manner
• Research and assess customer’s threats and IOCs / IOAs

Desirable:

• Certifications:
  • CISSP - Certified Information Systems Security Professional
  • GCDA - GIAC Certified Detection Analyst
  • GCFA - GIAC Certified Forensics Analyst
  • GCFE - GIAC Certified Forensic Examiner
  • GCIA - GIAC Certified Intrusion Analyst
  • GCIH - GIAC Certified Incident Handler
  • GCTI - GIAC Cyber Threat Intelligence
  • GMON - GIAC Continuous Monitoring
  • GNFA - GIAC Network Forensic Analyst
  • GOSI - GIAC Open Source Intelligence
  • GPEN - GIAC Penetration Tester
  • GWAPT - GIAC Web Application Penetration Tester
  • OSCP - Offensive Security Certified Professional
  • OSEP - Offensive Security Experienced Penetration Tester
  • OSWA - Offensive Security Web Application
  • OSWE - Offensive Security Web Expert

This is a full-time position, located at the customer site in Darmstadt, Germany.

The support will involve on-site and remote activities. As a baseline, ESA only requires availability during normal operating hours, while other activities (e.g., incident triage and incident response support) may require additional coverage. We would like to point out the need for 24/7 support, on request, for specific events (e.g., a satellite launch campaign, severe incidents) and that ESA’s requirements for operating hours coverage are expected to evolve over time.

What can Terma offer
At Terma, we consider skilled employees, enthusiasm and job satisfaction as the very foundation of our success and as a prerequisite for the development of the “best-in-class” solutions that Terma provides. We lead the way in applying new technology, offering a wide range of growth opportunities for each individual and emphasizing mutual respect across the board in our workplace.

Terma offers you a pleasant working environment at the customer site, where you will be able to take on challenging tasks and responsibilities in a highly professional company.

• Great opportunities for training and personal development
• Challenges in advanced technical environment
• International and cosmopolitan working atmosphere
• An employment contract with an attractive package with extra-legal benefits
• Highly competitive salary

Additional information
For further information, please contact Mrs. Liliane Bromberg Carvalho, by telephone [+49 6151 860050] or by email [[email protected]].

To ensure that your application will reach us and is properly processed please apply through the link below with an up-to-date Curriculum Vitae and (ideally) a Cover Letter.

Please note that applicants must be EU citizens. You are expected to be eligible to obtain a Personal Security Clearance (PSC) up to ESA SECRET or equivalent.
The requested start of work is April 2024 or as soon as possible thereafter.

Recruitment is depending on successful selection by the customer.

Application deadline:
Ongoing