[5254] Security Configuration Auditor

Customer: EU Institution
Contract length: 12  months initial duration
Security Clearance: EU Secret
Location: Prague

Role Overview:
The Security Configuration Auditor is responsible for ensuring that system configurations adhere to best market practices (hardening), meet security requirements, and comply with technical documentation across large and complex systems in the space domain. The auditor’s primary mission is to ensure system configuration is robust, secure, and aligned with industry standards such as CIS Benchmarks or equivalent.

Key Responsibilities:
• Ensure system configuration follows best practices and security requirements, and is compliant with technical documentation.
• Develop audit plans based on a predefined scope (including operating systems, network appliances, middleware, and applications). This includes defining assessment cases, setting guidelines, and estimating duration and workload.
• Execute audits on-site at client premises across Europe, collaborating with system administrators and operators.
• Document findings and recommendations in comprehensive audit reports.
• Conduct audits typically over four weeks, covering planning, execution, and reporting phases.
• React quickly and autonomously to unexpected situations such as scope changes or unfamiliar systems.
• Apply system hardening best practices, including patch management, removal of unnecessary services, secure configuration of firewalls, and regular vulnerability assessments.
• Communicate clearly and effectively with technical and non-technical stakeholders, translating complex technical findings into actionable recommendations.

Profile Requirements
• Minimum 7 years of proven experience as a cybersecurity engineer (CISSP certification is a plus).
• Demonstrated experience as an auditor (CISA certification is a plus).
• Strong oral and written communication skills in English.
• Ability to maintain a high-level (helicopter view) perspective while managing detailed technical tasks.
• Resilient under stress and able to work independently.
• Willingness and ability to travel abroad for up to three weeks at a time.
• Deep technical background, ideally with hands-on experience as a system and network administrator.
• Excellent knowledge of system hardening standards and practices, especially CIS Benchmarks or similar frameworks.