he European Union Agency for the Space Programme (EUSPA) is an operational EU Agency that provides safe and secure European satellite navigation services, promotes the commercialization of Galileo, EGNOS, and Copernicus data and services. It also coordinates the EU’s forthcoming governmental satellite communications programme GOVSATCOM. EUSPA is also responsible for the security accreditation of all the Components of the EU Space Programme. For more information on the EUSPA and the EU Space Programme, click here.
The Security Operations and Monitoring Department (SOM) will undertake security operations (including security monitoring, cyber-defence and PRS) and monitoring (including performance assessment) of all (ground and space) elements of the EU Space Programme component through the continuous operations of the GSMC and of the GRC facilities; and will ensure the operational readiness of the corresponding operational teams and infrastructure, with the support of teams from other departments deployed in sites, to ensure the daily effective implementation of the Security Operations and Monitoring function.
The GSMC (Galileo Security Monitoring Centre) is an integral part of the Galileo infrastructure responsible for monitoring and responding to security threats and alerts, and the overall operational status of system components. For Public Regulated Services (PRS), the Centre is the Access management interface with governmental entities. The GSMC also supports the EEAS on the security of systems and services deployed, operated, and used under the Union Space Programme which may affect the security of the Union under the Council Decision (CFSP) 2021/698 of 30 April 2021.
The GRC (Galileo Reference Centre) provides independent monitoring and assessment of Galileo service provision performance, contributes to investigation and provides expertise in case of service degradation and integrates data coming from the Programme Member-States.
The GSMC and GRC sites are located in the EU:
- GSMC Master site – Saint-Germain-en-Laye, France;
- GSMC Backup site – San Martín de la Vega, Community of Madrid, Spain;
- GRC – Noordwijk, The Netherlands.
The place of employment for this position is Saint-Germain-en-Laye, one of the more affluent suburbs of Paris. With its historic museum and impressive castle, the city is less than 32 kms from romantic Paris and even less from the football stadium Parc des Princes, the home of Paris Saint-Germain club
Qualifications We Are Looking For
The Security Operations and Monitoring Department is looking to recruit a GSMC Operations Analyst who will support the Cyber Security Operations, Security Monitoring, the PRS Access operations, the application of the Council Decision 2021/698/CFSP and will contribute to the Security expertise/analysis.
The jobholder will report to the Head of department or his/her assignee and will have the following main tasks and responsibilities:
- Ensure Cyber Security Operations in support to the Operations performed at GSMC:
- Perform Cyber Vulnerability Analysis activities, in particular:
- Manage the network maps, ensure systematic examination of the operational infrastructure to detect and identify security deficiencies and new vulnerabilities;
- Define mitigation strategies to reduce the risk and propose adequate security measures;
- Contribute and participate to Cyber Review Boards;
- Maintain the GSMC Vulnerability Management archive and related process;
- Perform Cyber Threat Intelligence (CTI) Analysis activities, in particular:
- Collect CTI products, including CTI feeds and reports to be processed for integration into Cyber- Security Operations Centre (C-SOC) systems, to produce regular threat intelligence reports.
- Contribute to the creation and improvement of the security correlation rules based on threat intelligence, tactics, techniques, and procedures (TTPs), vulnerability and security incident reports;
- Define and maintain a threat intelligence reports methodology;
- Use a cyber threat intelligence platform or other tools to enhance analysis;
- Contribute to preparation and execution of cyber simulation and threat hunting exercises;
- Support security audits and implementation of security controls;
- Contribute to the Operations performed at GSMC:
- Contribute to the organisation of GSMC operations, including schedules, availability of operators and stand-by, availability of infrastructure and GSMC business continuity planning in coordination with other GSMC teams;
- Contribute to investigation of incidents, raising observations and anomaly reports, attend Anomaly review boards as required;
- Support development of operational procedures, processes, documentation and training plans;
- Support Service Transition:
- Support the Service Validation campaigns for new Galileo Infrastructure releases and contribute to the validation of other GSMC core services;
- Support development and coordination of Service Validation Plans and Reports;
- Support the GSMC Operations, Service and Configuration Review Boards;
- Work closely with the engineering team to develop new requirements, operational scenarios and procedures, and optimise the existing ones;
- Contribute to the Agency as a whole:
- Contribute actively to the cyber security community of the Agency and in the EU Space Programme;
- Liaise with other departments, notably in the area of Administration, to ensure the execution of related corporate tasks, such as planning, reporting, administration, financial & budget management, risk management.
The GSMC Operations Analyst will be required to be on “on call” duty and might be requested to work also on shifts. To that extent, the necessary training will be organised by the EUSPA and the GSMC Operations Analyst will have to pass the relevant operational training and evaluations for both roles in order to remain qualified for the post.
The selection procedure is open to applicants who satisfy the following eligibility criteria, on the closing date for application:
- A level of education which corresponds to completed university studies attested by a diploma when the normal period of university education is four years or more
A level of education which corresponds to completed university studies attested by a diploma and at least one year of appropriate professional experience when the normal period of university education is three years
- In addition to the above, appropriate professional experience of at least six years after obtaining the required diploma
- Be a national of a Member State of the European Union, Iceland or Norway
- Be entitled to his or her full rights as a citizen
- Have fulfilled any obligations imposed by the applicable laws concerning military service
- Meet the character requirements for the duties involved
- Have a thorough knowledge of one of the languages of the European Union and a satisfactory knowledge of another language of the European Union to the extent necessary for the performance of his/her duties
- Be physically fit to perform the duties linked to the post