IT Security Architect - Network Security

Description

IT Security Architect - Network Security in the IT Security Section, Security and Shared Infrastructure Services Division, Information Technology Department, Directorate of Internal Services.

ESA’s IT Department (esait) provides corporate and common IT services to all business areas within ESA. 

The IT Security Section provides security services including information and infrastructure protection solutions, ensures compliance of all esait services with ESA’s Security Framework through an ISMS (Information Security Management System), hosts security roles and provides cyber security operations for all ESA. 

As ESA consists of multiple directorates, many with their own specific IT services and solutions, it is critical that esait provides protection for these services and solutions which are connected to the corporate network. This is done by offering advanced network and communications security services and providing security requirements at system or application level, supervising and facilitating their implementation.

To implement solutions, ESA leverages various vendors and industry solution providers. The resulting services are operated and maintained by external service providers.

If selected for this position, you will report to the Head of the IT Security Section in the Security and Shared Infrastructure Services Division within ESA’s IT Department, drive the definition and evolution of network security policies and facilitate their implementation by offering self-service and automated solutions for system and application owners across the Agency. 

Duties

You will have a large degree of autonomy to perform the following duties:

• Evolve ESA’s Network Security Policy, Network Security Requirements and related documentation;
• Drive the implementation of Network Security Services using a user-based self-service approach and in an automated manner towards various distributed IT teams across the ESA directorates;
• Act as point of contact for the integration and adoption of esait’s network security services;
• Provide technical and engineering support to other functions within the Section such as the PSSO (Project System Security Officer), the SOC and CERT managers, and the ISMS Manager;
• Other security-related tasks as may be required from time to time, including acting as a security lead to IT projects and providing IT security architecture advice and guidance.

More concretely, you will:

• own and drive the network security zoning strategy and policies;
• ensure proper definition and segregation of ESA’s Network Security Zones;
• drive the end-to-end implementation of Zero Trust Network Access (ZTNA) across ESA, leveraging tools and services offered by other IT sections and divisions within esait; 
• develop measurement metrics and measure the overall effectiveness and compliance with network policies;
• deliver clear instructions and guidelines for IT Teams, external (IT) service providers and system owners to connect or integrate their systems and services to/with ESA’s corporate network; 
• ensure the registration of systems and services connected to ESA’s corporate network(s) by their respective System Owners;
• support the Cyber Security Operations teams in the fields of attack surface management, monitoring, logging and alerting with regard to the corporate network;
• act as the interface for IT teams when it comes to network security architecture and designs and guiding them to applicable instructions and guidelines but also advising as well as identifying and resolving gaps;
• drive the network security architecture design and strategy, drive and validate the implementation of new solutions, contributing to the overall security architecture;
• contribute to the operational model for network security services, with the aim of empowering the various IT teams to deliver network (security) services autonomously as long as they remain compliant with the network security policy and related requirements;
• contribute to the continuous evolution and improvement of the IT Security Section and the security posture of the Agency;
• develop and maintain appropriate documentation;
• stay abreast of networking and communications technologies and adapt ESA’s network/comsec security posture and services accordingly.

To achieve this, you will have to:

• acquire a good understanding of esait’s various services, underlying systems and components;
• acquire a good understanding of ESA’s directorates, their IT teams and their specific needs;
• understand the current network security architecture and implementation as well as proposing and driving its evolution;
• engage with security professionals across the Agency in order to evaluate and evolve the network security policies;
• define and explain security use-cases and operating procedures to both end-users and IT teams/service providers.

Technical competencies

Behavioural competencies

Result Orientation
Operational Efficiency
Fostering Cooperation
Relationship Management
Continuous Improvement
Forward Thinking

Education

A master's degree in computer science, IT, cyber security, software engineering or other relevant discipline is required for this post. A master’s degree in other subjects may be acceptable if combined with appropriate experience.

Additional requirements

You are expected to be a self-starter, an effective communicator and able to drive your projects and processes autonomously. 

Candidates should note that demonstrated experience of successful management of network security implementations in a large company or organisation is mandatory.  

Experience of designing and operating classified networks including certified/accredited solutions would be an advantage.