Eu Institutions: IT Security Assessment and

**WHO WE ARE**
- **Etinars** is a values-focused company with multi-year experience, specialised in the **recruitment of professionals** for niche markets - managing **the full-life cycle** of specialist and executive level hires.
- At Etinars, we genuinely care about **who you are and what you need**.
- We place great emphasis on fostering robust, enduring **connections** built upon **trust and transparency**.
- Our approach ensures a **swift journey**, leading you hand in hand towards **signing** your next career step.

**WHAT WE ARE LOOKING FOR**

**_EU Institutions: IT Security Assessment and Penetration Testing Specialist_**

The JRC ICT Security Operations sector is part of the JRC LISO entity and is in charge of coordinating and providing operational security services to the JRC. This includes ensuring that adequate security measures are in place and operational for the IT infrastructure or information systems of the directorate general Joint Research Centre (JRC)

A set of standards on Information Systems Security adopted by the Commission (in accordance with the Commission Decision 2017/46 concerning the security of information systems used by the European Commission) provides instructions to ensure that all Commission Information receive the appropriate level of protection in a consistent way.

The objective is to ensure that appropriate security controls are identified and included in the Commission Information Systems.

This specific agreement is to supply technical assistance to verify the level of implementation of this objective within JRC and more particularly to perform security assessments of JRC information systems..

**YOUR TASKS**
- Security assessments of Information Systems and underlying infrastructure to verify correct implementation of security controls and identify potential vulnerabilities.
This includes usage of the following testing techniques: black/grey/white box testing.
- Security audit of system architecture, and, compliance with EC security policies and industry best practices
- Analysis and reporting on identified issues
- The service provider will participate to the update and planning of security assessment dashboard. He will also be asked to provide, on a regular basis, report about performed activities (meetings, information gathering, produced documents, etc.) and possible issues/improvements proposals.
- He/she will have to perform his/her task following the standard on Information Systems Security adopted by the Commission, in particular the Standard on Secure Systems Development.

**YOUR SKILLS AND EXPERIENCE**

Following specific expertise is mandatory:

- Security assessments and penetration testing: White/Grey/Blackbox testing
- Knowledge of Burp Suite® tool suite
- Experience in vulnerability monitoring
- Security assessment report drafting
- Secure System Architecture Design

Following skills and knowledge are required:

- Very good knowledge of Security assessment and Penetration testing techniques
- Ability to give business and technical presentations
- Very good communication skills with technical and non-technicalaudiences
- Analysis and problem solving skills
- Capability to write clear and structured technical documents
- Ability to participate in technical meetings and good communication skills
- Capability of integration in an international/multicultural environment, rapid self-starting capability and experience in working in team
- Ability to participate in multilingual meetings.
- Ability to work in multi-cultural environment, on multiple large projects
- Excellent Team Player
- Ability to understand, speak and write English B2 or above

**EXTRA INFORMATION**
- The services shall be performed remotely in Near-site location allowing to reach the JRC in Ispra within 2 hours.
- Requested presence at JRC: 2 to 3 days per month.
- Laptop will be provided by the Commission
- Freelance contract

Please note that, due to the sensitive nature of the data involved, this position is currently available only to individuals who meet the following criteria:

- EU Citizens
- Non-EU Citizens with a valid EU work permit

Once we receive your CV, we will take time to evaluate it carefully. Should there be a match for this or any other position at Etinars, we will be in touch with you. In case there is no match now don’t worry, we will make sure to keep your CV in consideration for future vacancies
- In Etinars we are committed to supporting Diversity and Inclusion Community. If you identify as part of it and you meet the minimum criteria for the job, you will be given the opportunity to demonstrate your abilities at an interview._