Crypto Custodian

Vacancy details

Contract Agent GSA/2019/552
FGIII Saint-Germain-en-Laye / France
06.09.2019 11:59 AM (GMT+2)
3 yes
As soon as possible 31.12.2020
GSMC GSMC COMSEC Officer
SECRET UE / EU SECRET

[1] The place of employment is subject to changes in the interest of the service and always under due consideration of the Staff Member’s interests.

[2] Possibility of renewal for a fixed period and a further renewal for an indefinite period on the conditions set out in the Staff Regulations and in the Conditions of Employment for Other Servants

[3] The organisational department and the hierarchical reporting line may change in line with the developments of the GSA and department’s organisation.

[4] The successful candidate must hold a valid personnel security clearance at the above defined EU level or be able and willing to apply for a security clearance immediately after the contract award. The procedure for obtaining a personnel security clearance shall be initiated on request of the employer only, and not by the individual candidate.

1. GALILEO AND GALILEO SECURITY MONITORING CENTRE

Galileo

Galileo is the European Union’s future autonomous Global Navigation Satellite System (GNSS) which will be interoperable with other existing GNSS systems, in particular the United States’ Global Positioning System (GPS).

The main services that have already been specified for Galileo are the following:

  • Open Service (OS) shall provide position and timing signals, free of user charge. Performance will be competitive with, but complementary to GPS to enable dual constellation usage.
  • Public Regulated Service (PRS) provides position and timing to specific government-designated users requiring a high continuity of service. Access to this service will be controlled with encryption of the space signals and usage of approved receivers that have the signal decryption keys.
  • Search and Rescue Services (SAR). Galileo will improve the time to detection and the accuracy of location of distress beacons over the current Search and Rescue services provided by COSPAS-SARSAT. It will also provide an acknowledgement to the user of receipt of the distress message.

GSMC

The GSMC is an operational centre of the GSA. It contributes to the fulfilment of the GSA mission by ensuring that sensitive information relating to the use of Public Regulated Services is suitably managed and protected and not exposed to Galileo Control Centres. The GSMC also allows the GSA to continuously monitor the security-related status and performance of the elements of EGNOS and Galileo and of the operation of the PRS.

The GSMC is an integral part of the Galileo infrastructure. It undertakes the following tasks:

  • Galileo security and system status monitoring: monitor and take action regarding security threats, security alerts and operational status regarding systems components
  • Management of PRS access: the GSMC shall be an interface with governmental entities (through computerised ‘Point of Contact Platforms’) for request of cryptographic keys and with Galileo core components to manage the content of security messages broadcast by Galileo satellites
  • Support to the European External Action Service in the field of the Implementation of Council Decision 496: support in an event of threat to the security of the European Union or of a Member State arising from the deployment, operation or use of the European Global Navigation Satellite System
  • Provide PRS and Galileo security expertise and analyses on request

The GSMC is composed of four teams working under the leadership of the GSMC Head of Department: Operations, Engineering, Technical and Security.

The Crypto Custodian will be part of the Security team which is composed of four staff members. Its primary missions are (1) to ensure the Communications Security for the Public Regulated Service (PRS); and (2) to ensure appropriate local security operating measures and document exchanges are implemented in the centre.

Location

The GSMC building facilities and Galileo-related information technology equipment are located at two sites.

GSMC Master Site: the main site of GSMC Operations is located in Saint-Germain-en-Laye, France. The GSMC has a dedicated building and area. The site itself is situated within the military base of ‘Camp des Loges”.

GSMC Backup Site: located in San Martin de la Vage (Community of Madrid), Spain. The GSMC has a dedicated building and area. The site itself is situated within the Ministry of Defence INTA campus La Maranõsa.

2. TASKS AND RESPONSIBILITIES

The Crypto Custodian is responsible for all measures necessary to ensure the physical security, setup and operations of all COMSEC items within his/her account, as well as for supporting the PRS operators of the Operational team in crypto procedures in view of providing PRS to Competent PRS Authorities (CPAs). The Crypto Custodian reports to the GSMC COMSEC Officer (as Team Leader) and to the GSMC Head of department when relevant for operations.

The jobholder will have the following non-exhaustive list of tasks:

Management of Crypto Account(s):

  • Manage (safeguard and control) all accountable crypto material in his/her custody and registry
  • Keep the inventory of the COMSEC items received, for his/her custody and further distribution, whilst verifying and assuring the integrity of the seals of the envelopes and parcels
  • Ensure that all movements of COMSEC items arriving/departing from the GSMC site(s) are properly performed, recorded and packed in accordance with the transportation plans
  • Verify the implementation of the minimum security measures in accordance with the relevant security requirements needed for the safe custody of the COMSEC items for which he/she is responsible, in order to prevent compromise
  • Perform periodic inventories of the COMSEC items he/she has under his/her responsibility, as per the GSMC COMSEC policy
  • Report immediately to the COMSEC Officer any security breach, compromise or potential compromise of the COMSEC items he/she has under his/her responsibility
  • Distribute the COMSEC items to internal users or external stakeholders according to the GSMC COMSEC Policy, the transportation plans and the GSMC standard operating procedures (SOPs)
  • Update and maintain the GSMC crypto account SOP

Management and performance of the COMSEC related operational tasks:

  • Manage (generate, renew as required, distribute, delete and destroy) local and inter-site protection keys in accordance with the GSMC concept of operations (CONOPS) and standard operating procedures
  • Maintain and perform the crypto operations procedures in accordance with the GSMC COMSEC Key Management Plan
  • Operate IT and COMSEC equipment for key material management to make equipment ready for use by the Operations team
  • Manage (generate, account for, renew and distribute as required) the smart cards related to the GSMC communications networks
  • Perform crypto-material-related operational tasks assigned to the GSMC by the Galileo Crypto Distribution Authority
  • Perform the regular maintenance operations of the GSMC COMSEC items

Performance of other relevant tasks as required such as:

  • Contribute to monthly reports on his/her past and planned activities
  • Report and contribute to handling breaches of security and compromise of sensitive or classified information
  • Contribute to business continuity plans of the GSMC in areas related to his/her responsibilities and in areas related to staff emergency evacuation or relocation (to the other GSMC site)
  • Participate in working groups related to the post duties
  • Contribute to Risk management activities
  • Keep himself/herself informed of the technology developments in the field of cryptography
  • Other related tasks as requested by the management

Language use: The above tasks and responsibilities will be conducted in the English language.

The Crypto Custodian shall be available for regular on-call duties outside normal working hours (availability by phone with ability to come back to the site within predefined elapsed times that will be established to meet operational external requirements). The duties associated with such ‘on-call’ shall be of a nature similar to those of the main duties of the post, but will also include a wider set of activities aimed at ensuring the security and technical availability of the site focussing on feared events and their related initial reaction procedures.

The jobholder may be required to obtain and maintain a certification for the related duties.

Place of employment:

The current vacant post foresees place of employment Saint-Germain-en-Laye (France). However, the reserve list might be used also for posts in San Martin de la Vage (Spain). Nevertheless, the job holder may be requested to go on frequent missions and have temporary relocation to other GSA premises to perform similar tasks (including backup type of duties).

3. ELIGIBILITY CRITERIA

The selection procedure is open to applicants who satisfy the following eligibility criteria, on the closing date for application:

  1. Have a level of education which corresponds to:
  • post-secondary education 5 attested by a diploma, or
  • secondary education attested by a diploma giving access to post-secondary education and appropriate professional experienceof three years
  1. Be a national of a Member State of the European Union 
  2. Be entitled to his or her full rights as citizen
  3. Have fulfilled any obligations imposed by the applicable laws concerning military service
  4. Meet the character requirements for the duties involved7
  5. Have a thorough knowledge of one of the languages of the European Unionand a satisfactory knowledge of another language of the European Union to the extent necessary for the performance of his/her duties
  6. Be physically fit to perform the duties linked to the post9

[5] Only study titles that have been awarded in EU Member States or that are subject to the equivalence certificates issued by the authorities in the said Member States shall be taken into consideration.
[6] Only appropriate professional experience acquired after achieving the minimum qualification stated in point.1 shall be considered. Where additional periods of training and study are accompanied by periods of professional activity, only the latter shall be considered as professional experience. Compulsory military service or equivalent civilian service accomplished after achieving the minimum qualification stated in point.1 shall be taken into consideration. Internships will be taken into consideration, if they are paid. Professional activities pursued part-time shall be calculated pro rata, on the basis of the percentage of full-time hours worked. A given period may be counted only once.
[7] Prior to the appointment, the successful candidate will be asked to provide a Police certificate confirming the absence of any criminal record.
[8] The languages of the EU are: Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, Irish, German, Greek, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovene, Spanish, Swedish.
[9] Before a successful candidate can be appointed, s/he will be medically examined by a selected medical service so that the Agency will be satisfied that s/he fulfils the requirement of Article 28(e) of the Staff Regulation of Officials of the European Communities.

4. SELECTION CRITERIA

All eligible applications, according to the afore-mentioned criteria, will be assessed against the requirements listed below. 

The Selection Board responsible for this selection will determine the criteria to be assessed in the various phases of the selection procedure (assessment of the application forms, interview and written test) prior to being granted access to the names of the applicants. All essential criteria will be assessed during the applications evaluation phase.

Non-compliance with any of the Essential criteria may result in the exclusion of the candidate from the selection process. Advantageous criteria constitute additional assets and will not result in exclusion, if not fulfilled.

When filling the online application, candidates are expected to include elements that demonstrate that their profile matches the requirements below.

Essential criteria

  1. Proven experience in management of Crypto Account(s)
  2. Extensive experience in management and performance of COMSEC related operational tasks (e.g. crypto keys generation and distribution)
  3. Proven experience in developing and/or applying COMSEC rules and procedures, preferably as crypto custodian in a national governmental agency or an international organisation
  4. Excellent command of both written and spoken English

Advantageous criteria

  1. Recent experience in operating the key lifecycle of one or more of: 1) Windows servers and clients PKI keys and certificates; 2) SINA encryption devices; 3) Sectra Phones; or 4) Thales hardware security modules
  2. Previous experience in handling classified material, including issues related to EU or national security and preferably holding a valid Personnel Security Clearance Certificate at or above the EU SECRET level and COMSEC authorisation, if issued by the NSA
  3. Completion of a Crypto custodian training in a national governmental agency or an international organisation
  4. Knowledge (by training or experience) of the Galileo System or PRS design

Behavioural competences

  1. Motivation
  2. Excellent communication skills
  3. Working with others
  4. Ability to work under pressure and prioritise tasks in a fast-paced environment

5. SELECTION PROCEDURE

The current vacancy is for one post and establishment of a reserve list.

The selection procedure includes the following steps:

  • Applications must be complete and successfully submitted via the e-recruitment tool within the deadline set for the vacancy notice.
  • For each selection procedure, the Appointing Authority of the Agency appoints a Selection Board. The Board’s deliberations are confidential and applicants are strictly forbidden to contact its members.
  • An automatic screening of all valid applications will be carried out by means of the e-recruitment tool in order to verify their compliance with the eligibility criteria. The eligibility screening will be verified and endorsed by the Selection Board responsible for the procedure.
  • All eligible applications will be then evaluated by the Board based on the selection criteria defined in this vacancy notice.
  • The candidates whose applications rank among the best-qualified in accordance with the selection criteria, may be contacted in order to verify (through an oral or written test) their studies, professional experience and/or other knowledge and competencies as indicated in their application. This contact would be an intermediate step in pre-selecting the most suitable candidates. It does not, however, entitle candidates to be invited for an interview.
  • The best-qualified candidates, those who obtained the highest scoring within the evaluation, will be short-listed for an interview and a written test. The minimum threshold is 65% of the total points.
  • Prior to the day of the interview candidates will be requested to send photocopies of all the supporting documents for their educational qualifications and employment necessary to prove that they meet the eligibility criteria. GSA has the right to disqualify applicants who fail to submit all the required documents.
  • During the interview, the Selection Board will examine each candidate’s profile and will assess their relevancy for this post. Shortlisted candidates will be also required to undergo a computer-based written test relevant to the job content (the minimum threshold for this test is 50% of the total points allocated for it).
  • Interviews and written test will be held in English, however knowledge of another EU languages may also be tested. Mother tongue English speakers will be expected to demonstrate their knowledge of a second EU language in line with Article 28(f) of the Staff Regulations.
  • All candidates short-listed for an interview may also be requested to complete an online Business Attitude Questionnaire.
  • As a result of the interviews, the Selection Board will recommend the most suitable candidate(s) for this post to be placed on a reserve list. The minimum threshold to be placed on the reserve list is 65% of the total points.
  • The Appointing Authority will ultimately decide on the successful candidate to be appointed to the post.
  • The established reserve list may also be used for recruitment of similar posts depending on the Agency’s needs. Where a similar post becomes available, the Appointing Authority may select applicants from the list according to their profile in relation to the specific requirements of the post to be filled. However, inclusion on the reserve list does not guarantee employment.
  • The validity of the reserve list is indicated in the vacancy notice and its duration might be extended if deemed necessary.
  • Normally, the recruitment procedure can take up to 6 months from the date on which a position is first advertised to the final offer being made.
  • If, at any stage of the procedure, it is established that any of the information the candidate has provided is incorrect, the candidate in question will be disqualified.

Indicative date for the interview and written test: September. The date might be modified depending on the availability of the Selection Board members.

Candidates are strictly forbidden to make any contact with the Selection Board members, either directly or indirectly. Any infringement of this rule will lead to disqualification from the selection procedure.

6. APPLICATION PROCEDURE

In order to be considered for this position, candidates need to create an account by registering via the GSA e-recruitment tool.

Only applications submitted via the e-recruitment tool will be accepted. Applications sent via email or post will not be taken into consideration.

Multiple applications received for the same position via different accounts will lead to the exclusion of the applicant from the selection procedure.

Important: the information provided by candidates in their online application constitutes the solely basis for the assessment of the eligibility and selection criteria. Therefore, they are invited to carefully read the requirements and to provide the relevant information in such detail that would allow this assessment. Particular attention should be paid to information on the education and professional experience, in particular exact dates, description of responsibilities and duties carried out.

All sections of the application should be completed in English in order to facilitate the selection procedure.

In order to be considered, applications must be received by the closing date indicated in the vacancy notice.

Candidates are advised to submit the application well ahead of the deadline in order to avoid potential problems during the final days before the closing date of applications’ submissions. The Agency cannot be held responsible for any last-minute malfunctioning of the e-recruitment tool due to heavy traffic on the website.

Please consult the e-recruitment guideline for instructions on completing the application.

7. APPEAL PROCEDURE

If a candidate considers that he/she has been adversely affected by a particular decision, he/she can:

  • Lodge a complaint under Article 90(2) of the Staff Regulations of Officials of the European Union and Conditions of employment of other servants of the European Union, at the following address:

European GNSS Agency (GSA)
Human Resources Department
Janovského 438/2
170 00 Prague 7
Czech Republic

The complaint must be lodged within 3 months. The time limit for initiating this type of procedure starts to run from the time the candidate is notified of the action adversely affecting him/her.

  • Submit a judicial appeal under Article 270 of the Treaty on the Functioning of the EU (ex Art. 236 of the EC Treaty) and Article 91 of the Staff Regulations of Officials of the European Union to the:

European Union Civil Service Tribunal
Boulevard Konrad Adenauer
Luxembourg 2925
LUXEMBOURG

For details on how to submit an appeal, please consult the website of the European Union Civil Service Tribunal:http://curia.europa.eu/jcms/jcms/Jo1_6308/. The time limits for initiating this type of procedure (see Staff Regulations as amended by Council Regulation (EC) No 723/2004 of 22 March 2004, published in Official Journal of the European Union L 124 of 27 April 2004 - http://eur-lex.europa.eu start to run from the time you become aware of the act allegedly prejudicing your interests.
 

  • Make a complaint to the European Ombudsman:

European Ombudsman
1 avenue du Président Robert Schuman
CS 30403
67001 Strasbourg Cedex
FRANCE
http://www.ombudsman.europa.eu 

Please note that complaints made to the Ombudsman have no suspensive effect on the period laid down in Articles 90(2) and 91 of the Staff Regulations for lodging complaints or for submitting appeals to the Civil Service Tribunal under Article 270 of the Treaty on the Functioning of the EU (ex Art. 236 TEC). Please note also that, under Article 2(4) of the general conditions governing the performance of the Ombudsman's duties, any complaint lodged with the Ombudsman must be preceded by the appropriate administrative approaches to the institutions and bodies concerned.

8. SUMMARY OF CONDITIONS OF EMPLOYMENT

FINANCIAL ENTITLEMENTS

The remuneration consists of a basic salary10 and, where applicable, additional allowances11, paid on a monthly basis and reimbursements12, paid upon their evidenced occurrence.

The sum of the basic salary and the applicable additional allowances is weighted by the correction coefficient applicable for the location of the post13. The sum of usual social deductions from salary at source is subtracted from the weighted amount14. The full pay is exempted from the national income tax, but is subject to the internal income tax and the solidarity levy15.

Examples of net monthly salaries (as currently applicable for Saint-Germain-en-Laye) are presented below:

FG III 8 (less than 7 years of work experience after the relevant diploma)16
a) Minimum final net salary (without any allowances) b) Final net salary with expatriation allowance c) Final net salary with expatriation, household and 1 dependent child allowance
2,767.53 EUR 3,409.15 EUR 4,069.14 EUR

 

FG III 9 (more than 7 years of work experience after the relevant diploma)16
a) Minimum final net salary (without any allowances) b) Final net salary with expatriation allowance c) Final net salary with expatriation, household and 1 dependent child allowance
3,130.02 EUR 3,562.97 EUR 4,459.48 EUR

 

FG III 10 (more than 15 years of work experience after the relevant diploma)16
a) Minimum final net salary (without any allowances) b) Final net salary with expatriation allowance c) Final net salary with expatriation, household and 1 dependent child allowance
3,409.16 EUR 3,936.82 EUR 4,926.58 EUR

 

LEAVE ENTITLEMENTS

Staff is entitled to annual leave of two working days per each complete calendar month of service plus additional days for the grade, age, home leaves for expatriates and an average of 16 GSA public holidays per year.

Special leave is granted for certain circumstances such as marriage, moving, elections, birth or adoption of a child, serious sickness of spouse, etc.

SOCIAL SECURITY

The pension scheme provides a very competitive pension after a minimum of 10 years of service and reaching the pensionable age. Pension rights acquired in one or more national schemes before starting to work at GSA may be transferred into the EU pension system.

GSA’s benefits include an attractive Health insurance: staff is covered 24/7 and worldwide by the Joint Sickness Insurance Scheme (JSIS). Staff is insured against sickness, accident and occupational disease, and could be entitled to unemployment and to invalidity allowances.

PROFESSIONAL DEVELOPMENT AND BENEFITS CONTRIBUTING TO WORK-LIFE BALANCE

GSA aims at creating and maintaining a supportive and healthy work environment that enables staff members to have balance between work and personal responsibilities, for example through flexible working time arrangements. 

GSA also offers a wide range of training courses to develop staff members’ personal skills and keep in touch with the latest developments in their field. The training and professional development opportunities are attuned to the career plan and requirements of the departments.


[10] As per Articles 92 and 93 CEOS.
[11] Household allowance (e.g. if you have a dependent child or you are married and your spouse's income is below a defined threshold); Dependent child allowance (e.g. if you have a child under the age of 18 or between 18 and 26, if in specified training programme); Education allowances (in very specific cases) or Payment of the education fees applicable to the educational institutions GSA has an agreement with (currently more than 17 international schools in the Czech Republic, France and Spain); Expatriation allowance (16% of the sum of basic salary and other applicable allowances).
[12] If staff member is requested to change the residence in order to take up duties, s/he will be entitled to: reimbursement of the travel costs; temporary daily subsistence allowance (e.g. EUR 43.11 for up to 10 months or EUR 34.76 for 120 days, if no dependents); installation allowance (depending on personal situation, 1 or 2 months of the basic salary – paid upon successful completion of the nine-month probationary period).
[13] Currently correction coefficients for the GSA duty locations are: 83% for CZ, 116.7% for FR, 109.9% for NL, 91.7% ES. The coefficient is updated every year, with retroactive effect from 1 July.
[14] Pension (10%); health insurance (1.70%); accident cover (0.10%); unemployment insurance (0.81%).
[15] Currently: income tax: tax levied progressively at a rate of between 8% and 45% of the taxable portion of the salary; solidarity levy: 6%.
[16] Please note that the numbers in examples b) and c) are indicative and net monthly remuneration varies depending on the personal, life and social situation of the incumbent. The various components of the remuneration are updated every year, with retroactive effect from 1 July.

9. GSA COMMITMENT

Declaration of commitment to serve the public interest independently:

The jobholder will be required to make a declaration of commitment to act independently in the public interest and to make a declaration in relation to any interest that might be considered prejudicial to his/her independence.

The jobholder will be required to carry out his/her duties and conduct him/herself solely with the interests of the European Union in mind; he/she shall neither seek nor take instruction from any government, authority, organisation or person outside his/her institution. He/she shall carry out the duties assigned with objectivity, impartiality and loyalty to the European Union.

Commitment to promote equal opportunities:

The Agency is an equal opportunities employer and strongly encourages applications from all candidates who fulfil the eligibility and selection criteria without any distinction whatsoever on grounds of nationality, age, race, political, philosophical or religious conviction, gender or sexual orientation and regardless of disabilities, marital status or other family situation.

10. DATA PROTECTION

The personal information GSA requests from candidates will be processed in line with Regulation (EU) N° 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, officers and agencies and on the free movement of such data (repealing Regulation (EC) N° 45/2001 and Decision N° 1247/2002/EC).

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32018R1725&from=EN

The purpose of processing personal data which candidates submit is to manage applications in view of possible pre-selection and recruitment at GSA. All personal data collected will only be used for this purpose and will in no case be transmitted to any third party. Any data provided will be treated in the strictest confidence and with high standards of security.

Applicants’ documents will only be kept for as long as it is mandatory to fulfil the requirements of existing auditing/control procedures applicable to GSA.

Applicants have a right to access their data. They have a right to update or correct at any time their identification data. On the other hand, data demonstrating compliance with the eligibility and selection criteria may not be updated or corrected after the closing date for the respective selection procedure.

Applicants are entitled to have recourse at any time to the European Data Protection Supervisor (http://www.edps.europa.eu; EDPS@edps.europa.eu) if they consider that their rights under Regulation (EC) N° 2018/1725 have been infringed as a result of the processing of their personal data by the GSA.

https://www.gsa.europa.eu/privacy-policy