JOB DESCRIPTION

1. European Union Agency for Asylum

The European Union Agency for Asylum (hereinafter “EUAA”), established by Regulation (EU) 2021/2303¹, is a centre of expertise by virtue of its independence, the scientific and technical quality of the assistance it provides and the information it collects and disseminates, the transparency of its operating procedures and methods, its diligence in performing the tasks assigned to it, and the information technology support needed to fulfil its mandate.

Specifically, the EUAA focuses on:

• Contributing to ensuring the efficient and uniform application of Union law on asylum in the Member States in a manner that fully respects fundamental rights.
• Facilitating and supporting the activities of the Member States in the implementation of the Common European Asylum System (CEAS), including by enabling convergence in the assessment of applications for international protection across the Union and by coordinating and strengthening practical cooperation and information exchange.
• Improving the functioning of the CEAS, including through a monitoring mechanism² and by providing operational and technical assistance to Member States, in particular where their asylum and reception systems are under disproportionate pressure.

The organisational chart of the Agency can be consulted on the EUAA’s website at: https://euaa.europa.eu/about-us/who-we-are

The Agency’s headquarters are located in Malta with additional offices in Belgium, Italy, Greece, Spain, and Cyprus.

Job description

The ICT Security Assistant will work in the Information and Communications Technology Unit (ICTU) within the Administration Centre (C5). The job holder will contribute to the design, operation, and evolution of the Agency’s ICT security and will be responsible for the following tasks:

1. Perform business and security risk assessments during the initial deployment and further development of Agency systems;
2. Support the design of security architectures and define security requirements for new and evolving systems;
3. Draft security and resilience requirements for inclusion in technical specifications of relevant procurement procedures;
4. Participate in the technical evaluation of contractor offers for system deployment and enhancement projects;
5. Assist project managers and project teams on security and business-continuity aspects throughout project lifecycles;
6. Develop and execute security-related use-cases and test-cases, validate technical implementations;
7. Implement and verify fulfilment of technical security controls for Agency systems;
9. Monitor security logs, configure detection mechanisms and identify potential security incidents or events;
10. Perform continuous threat and vulnerability assessments and carry out internal system security audits;
11. Support the service desk and end-users in secure administration and usage of Agency ICT systems;
12. Implement and maintain the Security Incident Management processes at system level;
13. Develop system-specific security policies, standards, procedures and guidelines;
14. Contribute to business-continuity and disaster-recovery planning and control implementation;
15. Conduct penetration tests, red/blue-team exercises and other security assessments on a periodic basis;
17. Ensure correct configuration of security components across infrastructure in cooperation with operational teams;

16. Carry out any other relevant duties, in the interest of the service, as assigned by the Head of ICT Unit.

Requirements

1. Eligibility Criteria

Candidates will be considered eligible for selection based on the fulfilment of the following formal criteria, by the deadline for applications:

1. Have a level of post-secondary education attested by a diploma and, after having obtained the diploma, at least 9 years of appropriate professional experience, or

have a level of secondary education attested by a diploma, giving access to post-secondary education and, after having obtained the diploma, at least 12 years of appropriate professional experience³;

2. Be nationals of one of the Member States of the European Union, Iceland, Liechtenstein, Norway, and Switzerland;
3. Be entitled to full rights as an EU citizen;
4. Have fulfilled any obligations imposed on them by the laws on military service;
5. Possess a thorough knowledge (level C1 in all dimensions as per the Common European

Framework of Reference for Languages or CEFRL) of one                of the official EU languages         and         a

satisfactory knowledge (level B2 in all dimensions as per the               CEFRL) of another one of     these

languages to the extent necessary for the performance of the duties pertaining to the post⁴;

6. Meet the character requirements for the duties involved⁵;
7. Be physically fit to perform the duties linked to the post⁶.

Selection Criteria

If the eligibility criteria set out in section A) Eligibility criteria are met, the candidates’ applications will be evaluated on the following selection criteria. These criteria have been subdivided into two categories: Essential and Advantageous Selection Criteria.

Please note that all Essential criteria are mandatory, meaning that no application will be assessed further if a candidate obtains a zero score in any of the Essential Criteria.

The most suitable candidates with the highest overall scores will be invited to an interview.

Essential

1. Professional experience in ICT security of at least 3 years;
2. Professional experience in ICT security monitoring, threat detection         and incident response;
3. Knowledge of, and professional experience with industry frameworks and    standards    (e.g.

ISO/IEC 27001, NIST Cybersecurity Framework, ITIL).

Advantageous

1. Professional experience gained within an international and multicultural environment, preferably within EU institutions, agencies or bodies;
2. Professional certifications relevant to the job description (e.g. CISSP, CISM, CISA, CEH, OSCP, GIAC);
3. Professional experience with cloud security controls and services (e.g. Azure, AWS or equivalents);
4. Professional experience in one or more of the following domains:

• Infrastructure security (LAN, WLAN, perimeter controls);
• Application security and best practices;
• Internet security controls;
• Database security and monitoring;
• Proactive threat hunting, forensic analysis and malware analysis;
• Security Information & Event Management (SIEM) solutions;
• Security assessments, IT security audits and cyber security incident investigations.