Senior Specialist - ICT Application Security (AD 7)

Europol/2019/TA/AD7/385

ABOUT EUROPOL

This selection procedure is intended to establish a reserve list of successful candidates (indicative number is 3).
Europol may retain the right to make use of the reserve list to select candidates for similar posts, should business needs require so.

Europol is a well-established and recognized organisation that became an EU agency in 2010. It is constantly looking for creative, self-reliant and energetic employees, who are up to the challenges involved in international crime-fighting, to work in its state-of-the-art headquarters in The Hague, the Netherlands.

Europol employs more than 1,000 personnel, including around 160 analysts, to identify and track the most dangerous criminal and terrorist networks in Europe. Our people come from a variety of professional backgrounds such as law enforcement, finance, legal, information technologies, human resources, communication, etc.

Working in close-knit teams, our specialists use their expertise and our cutting-edge technology to support investigations into serious organised crime and terrorism within and outside the EU.

A solid track record
Europol has:
• disrupted many criminal and terrorist networks
• contributed to the arrest of thousands of dangerous criminals
• helped recover millions of euros of crime proceeds
• helped hundreds of victims of trafficking and abuse, including children

The working environment at Europol has a lot to offer. It is:
• highly collaborative
• intellectually stimulating
• multilingual
• multidisciplinary
• international

Prospective candidates should be prepared to work in a dynamic and fast-moving environment that requires a high level of flexibility, and should have the ability to perform well within a team.

Equal opportunity

Europol is an equal opportunities employer and encourages applications without distinction on the basis of gender, colour, racial, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, nationality, age, sexual orientation or gender identity.
We aim to create and maintain a healthy and attractive work environment that supports our colleagues in their career planning and in achieving a healthy work-life balance.
Employment at Europol is open to nationals of EU Member States. There is no nationality quota system in operation, but Europol is striving for a broad range of nationalities in order to keep a well-balanced geographical distribution among its staff members.

BACKGROUND, MAIN PURPOSE AND TASKS OF THE POST

The C1 ICT Department has the responsibility for devising, delivering and operating critical technology capabilities and solutions supporting the core mission and support processes of Europol. Over 150 internal staff members and a significant number of domain-specific consultants are responsible for devising, developing, delivering and operating information management and communication technology capabilities that ensure enhanced criminal information analysis and exchange among Europol, Member States and third parties.

The ICT Infrastructure & Operations Unit, responsible for the operations and management of the Europol ICT Infrastructure. This includes Workplace services, Customer Service Centre, Solutions Operations and Deployment services, Infrastructure services and ICT Security.

The incumbent will be responsible for integrating security into the development of Europol’s applications. The Senior Specialist – ICT Application Security will work closely with the software development team to threat model, vulnerability scan, and pen test the early software, system and network architecture and identify required control points in the application stack in order to diagnose, document, and remediate application security vulnerabilities.

The successful applicant is also to define consistent Secure Software Development Lifecycle practices for all Europol ICT projects throughout the planning and delivery cycles that assure mitigation of application security vulnerabilities while also evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.

The successful applicant will have to carry out the following main duties:

• Perform risk-based, technical assessments of applications, using dynamic and static scanning tools; Produce reports, and meet with development/project team(s).
• Work with appropriate stakeholders in solution development and management to develop formal application security requirements and standards within Europol’s SDLC process.
• Perform application security audits ensuring compliance with industry standards, procedures, etc.
• Consult with application development and technical operations on security designs of applications, potential vulnerabilities, and remediation.
• Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals. Create documentation and training material to educate development team and other stakeholders on key security concepts.
• Improve secure coding practices, application security requirements, automation, training and metrics and integrate threat-modelling practices into the Software Development Lifecycle.
• Perform Security Architecture and Low Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security and Network Security.
• Perform any other tasks in the area of competence as assigned by the line manager.

REQUIREMENTS - ELIGIBILITY CRITERIA

a. Candidates must
• Be a national of one of the Member States of the European Union and enjoy full rights as a citizen;
• Have fulfilled any obligations imposed by the applicable laws on military service;
• Produce appropriate character references as to his or her suitability for the performance of the duties;
• Be physically fit to perform the duties pertaining to the position (prior to appointment the successful candidate will be medically examined by one of the institution’s medical officers in order that the institution may be satisfied that the candidate fulfils the requirements of Article 12(2)(d) CEOS);
• Produce evidence of a thorough knowledge of one of the languages of the Union and a satisfactory knowledge of another language of the Union to the extent necessary for the performance of the duties.

b. Candidates must have
A level of education, which corresponds to completed university studies attested by a diploma when the normal period of university education is four years or more;
OR
A level of education, which corresponds to completed university studies attested by a diploma and appropriate professional experience of at least one year when the normal period of university education is three years;
OR
Professional training of an equivalent level in a relevant area and after having completed the training, at least the number of years of relevant professional experience as indicated below:

Duration of professional training        Professional experience
More than 6 months and up to 1 year             4 years
More than 1 year and up to 2 years                3 years
More than 2 years and up to 3 years               2 years
More than 3 years                                          1 year

In addition to the above at least 6 years of total professional work experience gained after the award of the diploma.

REQUIREMENTS - SELECTION CRITERIA

a. Professional experience (assessed mainly during the Shortlisting phase):
Essential:
• At least six (6) years of working experience in Web Application Security, Penetration Testing, SSDLC and Threat Modelling;
• Experience in application security assessments and web application penetration testing;
• Experience in effective implementation of Software Security Development Lifecycle and software maturity models;
• Experience developing remediation plans to target cyber security vulnerabilities;
• Experience performing application security audits ensuring compliance with industry standards.
• Experience with Source Code Review.
b. Professional knowledge (assessed during the selection procedure)
Essential:
• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application architecture, development and deployment;
• Proficient in web application design, penetration testing, application risk assessment and risk categorization;
• Expertise with Source Code Review;
• Expertise with driving and implementing secure development practices into SDLC (SSDLC);
• Deep knowledge in using SAST, DAST and fuzz testing tools.
• Knowledge of risk assessment methodologies, cloud risk assessment methodologies and information security standards.
Desirable:
• Familiarity with Version Control Tools (e.g. Git, Svn, Bitbucket) – qualification or hands-on experience;
• Familiarity with CI/CD related/supporting tools (e.g. Jenkins, Docker, Puppet, and Kubernetes)- qualification or hands-on experience;
• CISSP, CEH, CISA, OSCP, OSCE, or OSWE Certifications.
c. General competencies (assessed during the selection procedure)
Essential:
Communicating:
• Excellent communication skills in English, both orally and in writing;
• Excellent presentation skills;
• Ability to draft clear and concise documents on complex matters for various audiences.
Analysing & problem solving:
• Structured approach to work aimed at getting results;
• Excellent analytical and critical thinking skills;
• Competent user of Microsoft Office applications and the internet.
Delivering quality and results:
• High degree of commitment and flexibility;
• High level of customer and service-orientation.
Prioritising and organising:
• Excellent organizational skills including the ability to plan own work load, establish clear priorities and exercise initiative;
• Ability to manage projects and familiarity with project management terminology and methodology.
Resilience:
• Strong ability to work well under pressure, both independently and in a team;
• Ability to remain effective under a heavy workload and demonstrate resistance to stress.
Living diversity:
• Ability to establish and maintain effective working relations with co-workers in an international and multi-disciplinary work environment.
Advising:
• Ability to synthesise various data into a coherent and relevant whole, transforming it into a valuable and correct conclusion.
• Building constructive relationships with clients, adequately identifying and managing their needs and expectations, and giving well-grounded advice.

d. Additional condition:
Fulfil the condition stipulated in Article 5 of the Decision of the Executive Director on the Duration of contracts of employment for Temporary Agents, on the start date of the possible contract of employment which may be offered.

SELECTION PROCEDURE

The Authority Authorised to Conclude Contracts of Employment (AACC) sets up a Selection Committee, which consists of at least three members, consisting of one chair and at least one member from the Administration of Europol and one member designated by the Staff Committee.

In specific cases, in particular for selection procedures of experts, additional members may be designated from Europol, from outside Europol or from outside the Union institutions. 

The Selection Committee determines candidates’ suitability for the position by assessing their skills, experience and qualifications against the established job profile and makes an initial selection from the applications received.

The Selection Committee will invite the 5 highest scoring candidates (short-listed). All candidates having a score equal to the 5th highest scoring candidate will be included to the list of invited candidates.

Shortlisted applicants are invited to participate in a post-related selection procedure, generally consisting of written and/or practical tests and competency-based interviews. 

The AACC takes a decision of appointment on the basis of advice from the Selection Committee, and will inform the Selection Committee accordingly. The AACC has also the possibility to establish a reserve list of successful candidates, which is, in principle, valid for 12 months. The validity of the reserve list may be extended, in principle, for 12 months. All candidates who attend the selection procedure will be informed of the outcome.

Candidates who attended a selection procedure may request feedback on their performance of the written test and interview within three months after the selection procedure. Europol will not be in a position to respond to feedback inquiries received outside this time frame.

The Selection Committee’s work and deliberations are confidential. It is forbidden for candidates to make direct or indirect contact with the members of the Selection Committee or for anyone to do so on their behalf. All enquiries or requests for information or documentation in relation to the competition should be addressed to the Europol Recruitment Team.

Detailed information on the selection procedure, including the appeal procedure is available in the Europol Recruitment Guidelines, which can be found on Europol’s website 

 

 

SALARY

Scale: AD7
The gross basic monthly salary is EUR 6.128,51 (step 1) or EUR 6.386,04 (step 2). 

The step in grade is determined on the basis of professional experience gained after the education required for the position and in line with applicable implementing rules. 

Staff pay EU tax at source but salaries are exempt from national taxes. Compulsory deductions are made for medical insurance, pension and unemployment insurance. 

Subject to the applicable conditions being met, as defined in the EUSR/CEOS and further specified in the case law of the Court of Justice of the European Union, allowances such as expatriation allowance (16% of basic gross salary) or foreign residence allowance (4% of basic gross salary), household allowance, dependent child and / or education allowance may be granted.

Staff enjoy worldwide insurance coverage by the Joint Sickness Insurance Scheme (JSIS) and are insured against sickness, the risk of occupational disease and accident (conditions and ceilings apply).
Europol offers flexible working arrangements, a comprehensive provision for annual leave as well as parental leave supporting a healthy work-life balance.

Indicative net salary sample calculation AD7/1:
a) Staff member (single) in receipt of expatriation allowance (16%): EUR 6255
b) Staff member with two dependent children in their custody in receipt of expatriation allowance (16%): EUR 8001

The above information is indicative and for information purposes only. It is merely meant to give an indication of the possible net salary in light of the currently applicable amounts of the related allowances and the level of taxation. It has no legal value and no rights can be derived from it.
The information is based on figures applicable as of July 2018.

 

TERMS AND CONDITIONS

Probation period

Engagement for this position is subject to the successful completion of a probationary period of 9 months. Within this period the successful candidate will have to undergo a post-related security screening.

Europol reserves the right to terminate the contract of employment during or at the end of the probation period in accordance with Article 14 of CEOS.

Security screening and certificate of good conduct

All candidates who have successfully passed a selection procedure are required to apply for a national "certificate of good conduct" at the time an offer of employment is made. The "certificate of good conduct" must be provided to Europol prior the signature of the employment contract. In case of unfavourable entries in the "Certificate of good conduct" Europol reserves the right not to award an employment contract.

However, the national certificate of good conduct does not substitute a valid full Personal Security Clearance Certificate (PSCC) that must be obtained for all Europol staff at the level indicated in this Vacancy Notice. A PSCC is a certificate issued by a competent authority establishing that an individual is security cleared. It contains: the level of clearance; the date of issuance and the date of expiry. Failure to obtain the requisite security clearance before the expiration of the probationary period may be cause for termination of employment contract.

The requested level of Security Clearance for this post is: SECRET UE/EU SECRET.

Contract of employment

The successful candidate will be recruited in the type of post Administrator, function group AD, grade 7 pursuant to Article 2 (f) of CEOS and Annex I EUSR.

The initial contract will be concluded for a period of 4 years (full-time – 40 hours a week). The contract may be renewed, in principle, for a period of 2 years. Any further renewal shall be for an indefinite duration.

If the successful candidate is already a member of temporary staff 2(f) in the relevant function group, he/she will be offered the opportunity of contract continuity, subject to establishment plan availabilities.

The place of employment will be The Hague, The Netherlands.

For further information on terms and conditions please consult the EU Staff Regulations which are available on Europol’s website.

ADDITIONAL INFORMATION

Privacy Statement
Europol respects your privacy and is committed to protecting your personal data. Your data will be processed in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data applicable to Europol under Article 46 of the Europol Regulation.
For additional information, please consult the applicable privacy statement available on our website

Main dates
Deadline for application:  23 September 2019 23:59 CET
Recruitment procedure:   October 2019

Application process and selection procedure
Please refer to the EUROPOL RECRUITMENT GUIDELINES available on Europol’s website for further details on the application process and the selection procedure.

Contact details
For further details on the application process please call +31 (0) 70 353 1298 or +31 (0) 70 302 5235.

Apply

Deadline

23 September 2019, 23:59:59 CEST

Contract type

Non-Restricted Temporary Agent

Unit/Group

Capabilities Directorate

Reports to

Head of Team ICT Embedded Security - Head of Unit ICT Infrastrusture & Operations