Cyber Security Engineer

European Space Agency - ESA
Noordwijk, The Netherlands
Added: April 20, 2024

Cyber Security Engineer

Job Requisition ID: 18529

Closing Date: 3 May 2024 23:59 CET/CEST

Establishment: ESTEC, Noordwijk, Netherlands

Directorate: Directorate of Connectivity and Secure Communicati

Publication: Internal & External

Type of Contract: Permanent

Date Posted: 12 April 2024

Vacancy in the Directorate of Connectivity and Secure Communications.

ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore we welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability or other characteristics. Applications from women are encouraged.

This post is classified A2-A4 on the Coordinated Organisations’ salary scale.


ESTEC, Noordwijk, Netherlands with a resident assignment to Brussels, Belgium


Cyber Security Engineer in IRIS² Integrated Programme Team in Secure Connectivity Programme Department in the Directorate of Connectivity and Secure Communications.

On 15 March 2023, the European Parliament and the Council of the European Union adopted Regulation (EU) 2023/588 establishing the Union Secure Connectivity Programme for the period 2023–2027.

The objective of the EU Secure Connectivity Programme is to deploy an EU satellite constellation, IRIS² (Infrastructure for Resilience, Interconnectivity and Security by Satellite). The Programme will provide an EU satellite-based, multiorbital communication infrastructure for governmental use while integrating and complementing existing and future national and European capacities in the framework of the GOVSATCOM component of the EU Space Programme.

The ESA Programme Related to EU Secure Connectivity is intended to support the effective development and validation of the EU Secure Connectivity (IRIS²) governmental infrastructure, which is to be developed, deployed and operated under a concession contract signed by the EU with a private consortium, and the services provided by it, as well as the validation and demonstration of services based on the commercial infrastructure developed by the contractors delivering the EU Secure Connectivity governmental infrastructure.

The European Commission and ESA will set up an Integrated Programme Team (IPT) to manage the EU IRIS² Programme and, in particular, the related concession contract, and to ensure close coordination between all activities relating to IRIS².

Reporting functionally to the Security Manager of the Integrated Programme Team and hierarchically to the Head of the ESA CSC Security Office, you will be responsible for all system security aspects, ensuring proper engineering implementation of the General Security Requirements of the governmental infrastructure, including the definition and planning of relevant R&D activities. You will liaise with ESA, aiming to ensure coordination in accordance with the agreements between ESA and the European Commission.

Initial assignment to Brussels is until Q1 2028 with a possible extension, within the framework of the 12 year Contribution Agreement between ESA and EC. At the end of the assignment, you will be reassigned to a position within CSC Directorate.


Your tasks and responsibilities will include:

  • supporting the IRIS² Security Manager to supervise the uniform and correct implementation of the applicable General Security Requirements (GSR), and in particular the cyber security requirements in the IRIS² programme;
  • ensuring proper implementation of the GSR Cyber Security Requirements in the infrastructure versions, including patching policy and hardening guidelines;
  • interfacing with industry on matters relating to system security aspects under the IRIS² concession;
  • interfacing with the various ESA Secure Connectivity programme offices and the ESA Security Office for the supervision of industrial activities relating to the definition of the security architecture of the system in accordance with the agreements between ESA and the European Commission;
  • supporting the planning and execution of the cyber audits to ensure that the systems are protected and controlled and providing support during the physical audits performed at contractors’ facilities;
  • following up penetration tests carried out by contractors or as part of the project;
  • providing support during the analysis of the cyber security risks relating to the supply chain;
  • supporting the IRIS² Security Manager in the cyber decision-making process regarding the implementation of cyber corrections, mitigations, security monitoring and risk management;
  • working with the CIA (Cyber Internal Auditor) to minimise the risks relating to the audit;
  • liaising regularly with the ESA Security Office to implement homogeneous security engineering processes;
  • defining the security aspects of the design of the next generation of the governmental infrastructure, including the definition and planning of relevant R&D activities, such as system studies and technology development, at all levels.

Technical competencies

Knowledge of cyber security: policy, detection, reaction and correction

Knowledge of cyber vulnerability management and associated standards

Knowledge of and experience in auditing of complex secure systems

Knowledge of security auditing standards and regulations

Knowledge of and experience in supply chain management

Behavioural competencies

Result Orientation

Operational Efficiency

Fostering Cooperation

Relationship Management

Continuous Improvement

Forward Thinking


A master's degree in engineering is required for this post.

Additional Requirements

  • You should have substantial security or audit experience.
  • You are expected to have a very strong background in cyber security, policy and the associated standards and regulations.
  • You should demonstrate excellent organisational skills and a high level of competency in stakeholder management.
  • You must possess good judgement and integrity and be willing to travel.

Other Information

For behavioural competencies expected from ESA staff in general, please refer to the ESA Competency Framework.

For further information please visit: Professionals, What we offer and FAQ

The working languages of the Agency are English and French. A good knowledge of one of these is required.

Knowledge of another Member State language would be an asset.

Applicants must be eligible to access technology and hardware which is subject to European and US export control regulations and for security clearance by their national security administrations.

The Agency may require applicants to undergo selection tests.

At the Agency we value diversity and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further please contact us email

Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, the United Kingdom and Canada, Latvia, Lithuania, Slovakia and Slovenia.

According to the ESA Convention, the recruitment of staff must take into account an adequate distribution of posts among nationals of the ESA Member States*. When short-listing for an interview, priority will first be given to internal candidates and secondly to external candidates from under-represented Member States*.

In accordance with the European Space Agency’s security procedures and as part of the selection process, successful candidates will be required to undergo basic screening before appointment conducted by an external background screening service.

In principle, recruitment will be within the advertised grade band (A2-A4). However, if the selected candidate has less than four years of relevant professional experience following the completion of the master’s degree, the position may be filled at A1 level.

  • Member States, Associate Members or Cooperating States.