Description
System Security Consultant/Brussels/12 Months Contract/610 EUR (Per Day)
Serco - System Security Consultant
The Role
The Union Registry information system is connected to the United Nation transaction log system, the Independent Transaction Log (ITL), in order to keep a record of all transactions performed under the Kyoto Protocol. Messages from Member States are first verified by the ITL and then forwarded to the EUTL. Nightly reconciliations are performed to check the consistency of the transaction data present in each Registry against those in the ITL and the EUTL. This ensures the accurate accounting of all units under the Kyoto Protocol and the accurate accounting of allowances under the ETS.
The Union Registry information system is considered as a highly sensitive financial system as it is processing approximatively 50 Billion Euros of allowances transactions every year.
Both EUTL and EUCR are web applications based on both web-services and web user interface systems implemented in Java, using BEA WebLogic as Application Server and Oracle as the relational database management system.
The Commission has awarded a framework contract for software development, maintenance and user support related to the EUTL and the Union Registry to an external contractor (named the "developer" in the following text).
The objective of the system security service is to ensure the implementation of security controls at the level of the IT infrastructure that hosts the Union Registry and the EUTL. To this end, DG CLIMA requires a specialist with a wide area of expertise that will be able to conduct the tasks described below. The contractor will conduct her/his activity on the DG CLIMA Unit B2's premises, according to the presence time sheets annexed to the Specific Contract. The contractor will work connecting to the host
DESCRIPTION OF TASKS
Under the supervision of the Union Registry and EUTL Security System Officer (SSO), the system security service contractor will be asked to perform the (nonexhaustive) following tasks:
1) The contractor will monitor and participate in the implementation of the Commission security requirements at the level of the applications composing the union registry information system, which includes:
a. Security requirements definition and update;
b. Security requirements inclusion in the software development life cycle process, ensuring requirements traceability from the design to the deployment in production phases;
c. Coordination with the security testers to prepare and review security tests in order to access compliance;
2) The contractor will also take part in the definition, the deployment, the operation and the maintenance of other subsystem of the union registry:
a. Database extract system;
b. Database access system;
c. Token system;
3) The contractor will also take part in the definition and the review of the monitoring scenarios used by the DIGIT security operation centre in charge of network monitoring activities.
4) The performance of the above tasks and any other assigned by the SSO, will be subject to the development of the relevant documentation (draft reports, meeting minutes) and the review of the documentation provided by the stakeholders involved in these tasks.
5) The contractor will therefore be required to keep updated all the documentation related to the tasks he/she will be assigned
EDUCATION AND EXPERIENCE
The contractor is required to have the following level of education and experience:
- University degree with minimum 4 years' experience in IT;
or
- Non-university degree with minimum 8 years' experience in IT;
- Minimum 2 years' experience in IT consulting
- Proven experience with quality procedures
- Minimum 2 years' experience in the realisation of studies in the domain of information security
- Proficiency in spoken and written English (technical writing)
KNOWLEDGE AND SKILLS
The contractor is required to have an in-depth knowledge and professional experience (minimum 5 years) in the following specific technologies that constitutes the technical environment in which the contractor will be required to provide its service:
- To have been actively involved (requirements definition and tracking) in a structured software development process (Software Development Life Cycle), ideally in a public administration entity where the development was externalized or a private company where the development was subcontracted, and based on established methodology like RUP (ideally ;
- In-depth knowledge of information security (INFOSEC) acquired through the development of security functionalities or software, ideally within a software security evaluation framework (Common criteria, PCI-DSS, OWASP, OpenSamm )
- Unix family Operating Systems (x86 Linux, mainly RHEL);
- Oracle Database Management Systems with hands-on practice (with the use of tools like SQL*Plus or SQL Developer);
- Weblogic (or other Java EE compliant) application Servers;
- Public Key Infrastructure - X509 certificates;
- SSL/TLS communication layer implementation on large and highavailability infrastructure;
SECURITY CLEARANCE
The contractor should have eligibility for a valid security clearance for access to the EU Secret classified information or higher, or, to be under the application for such clearance. In case of rejection of grating such clearance, DG CLIMA reserves a right to immediately terminate the service contract and the contractor assignment at DG CLIMA.
If you match these requirements, please apply in the normal way. Elevate will send you an email, please open, click and action that email and your application will be visible to the hiring organisation directly.