📌 Role Context

Position within the DG EAC IT Projects and Support Unit of a European institution, focused on building and operating digital solutions for funding programmes. The objective of the team is to develop and maintain secure, scalable digital platforms aligned with European values (education, social inclusion, youth mobility, and solidarity).

🧠 Organisational Context & Mission

The candidate will work directly with the IT Security Officer of DG EAC, supporting the enhancement of the cybersecurity posture of the unit.

The role requires interaction with:

• technical development teams

• IT architecture teams

• operations teams

• business stakeholders

The ideal candidate must operate at the intersection of:

• practical, hands-on security implementation

• regulatory and compliance requirements

The assignment may evolve over time depending on portfolio and project needs.

🧠 Responsibilities

🏗 1. Application Security Design

• Support the design of secure IT architectures

• Ensure compliance with European Commission security policies and standards

• Collaborate with development, operations, and architecture teams

• Embed security throughout the application lifecycle (SDLC)

🔐 2. Security Requirements & Technical Actions

• Define and implement security requirements within IT projects

• Support integration of security controls in development and infrastructure

📄 3. Documentation & Compliance

• Maintain security documentation for audits and compliance

• Support drafting of:

  • security assessments

  • architecture security blueprints

  • security configurations

🧑‍💻 4. Application Security Implementation

• Promote secure development practices and ensure adoption

• Work with DevSecOps teams to strengthen software security

• Improve security across the software development lifecycle

⚠️ 5. Risk Analysis & Security Policy Compliance

• Perform risk assessments

• Propose mitigation actions

• Align with European Commission risk management methodologies

🧪 6. Vulnerability Testing & Remediation

• Coordinate vulnerability assessments and penetration testing follow-up

• Support remediation planning and tracking of corrective actions

🚨 7. Incident & Threat Categorisation

• Support incident classification and prioritisation

• Collaborate with IT operations on security incident handling

🎓 8. Security Training & Awareness

• Deliver security best practice training sessions

• Support development of awareness programmes on secure development and risk management

🧭 9. Security Strategy & Implementation

• Support definition of security plans

• Define access management strategies

• Contribute to risk mitigation frameworks

• Support long-term cybersecurity initiatives within the IT ecosystem

🧠 Knowledge & Skills

⚖️ European Regulations

• In-depth knowledge of GDPR (General Data Protection Regulation)

• Knowledge of the proposed ePrivacy Regulation

• Awareness of AI Act implications for IT security and data protection

• Knowledge of NIS2 Directive

🔐 Secure Development & Security Best Practices

• In-depth understanding of OWASP Top 10 security risks and application in software development

• Good knowledge of secure coding frameworks and guidelines

• Good knowledge of cloud security practices

🏛 Standards & Risk Management

• Comprehensive knowledge of:

  • ISO 27001 (Information Security Management)

  • ISO 27002 (Security Controls Code of Practice)

  • ISO 27005 (Information Security Risk Management)

☁️ Cloud Security

• Knowledge of Cloud Security best practices

• Experience with Cloud Security Alliance (CSA) Cloud Controls Matrix

🧠 Soft Skills

• Ability to apply high quality standards

• Experience in coaching and training

• Strong communication skills with technical and non-technical audiences:

  • ability to deliver technical and business presentations

  • ability to write clear and structured documentation

• Ability to engage stakeholders and influence positively

• Ability to manage organisational change

• Ability to facilitate teamwork and collaboration

• Ability to animate a community of practice

🧪 Mandatory Specific Experience

1. Secure Development Experience

• Minimum 3 years of experience in IT security applied to software development

• Minimum competence level: 3 (able to guide others)

2. Cloud Security Experience

• Minimum 3 years of experience in cloud security frameworks and guidelines

• Including Cloud Security Alliance (CSA) Cloud Controls Matrix

• Minimum competence level: 3

🎓 Education Requirements

• Master’s degree or 5+ years of higher education

📜 Mandatory Certifications

At least one of the following (or equivalent approved by the Commission):

• CISSP (Certified Information Systems Security Professional)

• CISM (Certified Information Security Manager)

• CEH (Certified Ethical Hacker)

• OSCP (Offensive Security Certified Professional)

🌍 Languages

• English – C1 (mandatory)

📍 Location

• Brusells

💼 Work Model

• Hybrid model from Brusells