For our client – agency at EC we are looking for Enterprise Architect
1. DESCRIPTION OF THE TASKS
The consultant requested will participate in IT architecture evolution initiatives, security programmes, and activities supporting the implementation of the Agile and DevSecOps transformations (including CDCO and Shared Services’ solution), and will be expected to (non-exhaustive list):
•CI reference
•Management of projects and report on their status;
•Management of the project team (and/or supervising the subcontractors’ project team), the project plan and all the project management procedures.
•Manage and follow up multiple projects in some or all their life cycle phases (inception, elaboration, construction and transition); during the software development phase of the plan, to manage and follow up some or all activities (architecture, specifications, development, tests – including tests with Member States or other partners14, etc.), including DSO and Agile methodology;
•Set up and enforce the respect of organisation, procedures and project office tasks, raising warnings in case of non-respect of these;
•Coordinate the projects’ various stakeholders (DG TAXUD business and IT teams, subcontractors’ teams, COTS providers, Member States’ representatives, etc.); ensure the necessary consensus and participation;
•Enforce the delivery of the project(s) according to the agreed schedule, with the expected quality and with the resources provided;
•Structure the information in ways that are appropriate to the target audience; ensure that activities are communicated in due time and that key information are understood
•Understand the technological aspects of the project, including the risks and the success factors. Work with the help of solution architects/IT analysts only on complex matters;
•Report on the project status (tasks progress, plan, actions, risks, issues, decisions, changes, etc.) within DG TAXUD and/or with Member States or other partners;
•Escalate issues, in particular the ones with potential impacts on time or resources;
•Produce and/or review documents; follow-up document revision with an eye on project schedule and deadlines;
•Provide suggestions for service or methodology improvements;
•Investigate and recommend solutions (including cost benefit analyses, assessment of implementation’s duration), and/or evaluate technical solutions proposed by DG TAXUD contractors;
•Understand, apply and suggest improvements of EC and TAXUD methodologies (e.g. TEMPO, RUP@EC, CoRA), security policies, tools, best practices, etc.;
•Ensure that the systems’, components’ and/or services’ design is consistent with DG TAXUD architecture (e.g. consistency with a DG TAXUD framework);
•Analyse the integration of different information systems and ensure their interoperability;
•Provide advice and consultancy;
•Participate in brainstorming, meetings and workshops with DG TAXUD, contractors, MS and/or other partners;
•Follow up technology and services evolution in the relevant areas;
•Structure the information in ways that are appropriate to the target audience;
•Produce, review and evaluate technical documents. It includes reviewing technical offers from TAXUD contractors;
•Study (or supervise the study of) adequacy and impact of new technology or new versions of COTS/OSS on TAXUD systems;
•Support into making proposals for architecture governance and/or evaluate technical offers from DG TAXUD contractors.
•Report to the designated TAXUD official(s);
•In more particular related to the scope (TAXUD DevSecOps and TAXUD Digital Shared Services):
oSupport DevSecOps and Containers’ implementation/maintenance/improvements/evolution following DG TAXUD DevSecOps and Containers approach;
oSupport ALMTAXUD operations/implementation/maintenance/improvements/evolution following DG TAXUD DevSecOps and Containers approach;
oAdminister the ALM Platform (currently composed of Atlassian (Crowd, Jira, Confluence, etc..)/non Atlassian Tools (Jenkins, Nexus, SonarQube, etc..) and provide support;
oPlan, implement, maintain and upgrade secure DevSecOps pipelines;
oFacilitate the continuous delivery and automated testing of information systems, by using application lifecycle management and automation tools;
oPromote the usage of DevSecOps methodologies for the DG TAXUD IT landscape;
oContribute to the delivery and release processes for container based (Kubernetes, VMWare Tanzu, etc..) and Cloud based pipelines (AWS, etc..);
oSupport and advise development teams in on boarding DevSecOps practices around continuous deployment, automated testing and release pipelines;
oSupport and advise development teams around the integration of various tools into the DevSecOps pipelines, such as Jenkins, JIRA, Git, Nexus, PKS, AWS EKS, etc.. ;
oDefine, design, coordinate, and review DevSecOps related architecture and procedural strategic documentation, especially integrating Security into CI/CD pipelines;
oParticipation in technical working groups, progress meetings and meetings with business stakeholders and Member States/National Administrations (or any other needed stakeholder);
oManagement of one or more projects and report on its status;
oEscalate issues, in particular the ones with potential impacts on time or resources;
oProduce and/or review documents; follow-up document revision with an eye on project schedule and deadlines;
oProvide suggestions for service or methodology improvements
oAssists DG TAXUD in monitoring and coordinating information security and IT security issues,acting as a facilitator to align all efforts towards project objectives;
oTranslates security requirements into technical requirements and architecture design;
oVerifies compliance of DG TAXUD’s information and information systems with the Commission’s security policy;
oAssesses the performance of the contractors in the implementation of DG TAXUD’s security requirements;
oReviews the quality and conformance of the technical deliverables (specification, software, documentation, security plans) and services with a focus on security and continuity;
oMonitors the operations and advises on business continuity and disaster recovery;
oAssists DG TAXUD in the definition of its Information Systems Security Management (ISSM);
oClarifies security issues and prevent potential security incidents;
oConducts security assessments and vulnerability scans to identify and mitigate risks;
oPerforms technical security assessments and studies;
oEnsures compliance with industry standards and regulations (e.g., GDPR, HIPAA);
oCollaborates with development and operations teams to integrate security into the DevSecOps pipeline, including its design, maintenance and operations;
oAble to respond to security incidents and provide recommendations for improvements;
oEnsures the necessary security requirements are complied with from the perspective of data sovereignty, cybersecurity, availability, confidentiality, integrity, etc..;
oIdentifies and proposes mitigation actions to avoid security incidents;
oEnsures technical aspects of the design, implementation, and operations are aligned with security principles, requirements, and expectations
oSupports procurement and contract management activities from a security perspective;
oReports on the status, risks, and mitigation actions in this respect;
oSpecifically for Cloud:
▪Develops and implements security strategies to protect cloud-based systems and data;
▪Follows up and coordinates all efforts on design, implementation, and operations of a cloud solution from a security perspective;
oProposes technical solutions in security-related areas (i.e. privileged identity management, firewalls, vulnerability management);
oSupport DG TAXUD Information Systems’ DevSecOps and Containers’ implementation following DG TAXUD DevSecOps and Containers approach.
•In more particular related to the scope TAXUD Digital Shared Services is composed of the following Information Systems
-SSV-eArchiving (implementation of f the Connecting Europe Foundation (CEF) E-ARK project (2014 – 2017) and the eArchiving Building Block (2018-2021) for legal archiving purposes)
-SSV-Kafka-Confluent (for real-time data streaming built upon Apache Kafka and services delivered by Confluent)
-SSV-ES-APM (implementation of the Elastic Stack for logging/monitoring)
-SSV-Tanzu (for Containerization)
-SSV-Jenkins-Nexus (DevSecOps Tool)
-SSV-Bitbucket (DevSecOps Tool)
2. KNOWLEDGE AND SKILLS
Following skills and knowledge are required for the performance of the above listed tasks:
•Very good knowledge of DG TAXUD key technologies
•Fluent in English, spoken and written;
•Willingness to use the project management tool and methodologies as specified by DG TAXUD;
•Experience in large scale systems integration projects, preferably within IT and/or taxation, excise and customs environment is an asset;
•Technical knowledge of the European Commission (DIGIT, DG TAXUD, etc… ) standard IT products and technologies is an asset;
•Knowledge of ITIL, COBIT or other IT organisational related frameworks, and knowledge of basic IT processes in particular Service Management and Operations;
•Ability to present and to animate discussions, rapid self-starting capability and ability to work autonomously are mandatory;
•Strong organisational and coordination skills; ability to lead discussion, resolve or mitigate conflicts, reach a consensus and adhere to common goals;
•Ability to produce minutes, notes, business cases, vision documents, service level agreements, terms of collaboration, planning schedules, etc.;
•Knowledge of ITC technologies, such as networking, virtualisation, operating systems, database, middleware;
•Experience in international/multicultural environment is a definite asset;
•Experience in a public administration is an asset.
3. Specific Expertise
•Minimum 10 years’ experience in IT, including recent 5 years’ experience as an IT security expert and including recent 3 years’ experience in DevSecOps practices (including Containers) designing/maintaining/operating systems to integrate security into CI/CD pipelines (from Development phase up until Production and maintenance/evolution) and S-SDLC principles;
•Good knowledge of the current state-of-the-art technical evolution in security management and related products;
•IT security audits experience;
•Experience in Software Development (e.g. Java is an asset);
•Ability to review technical and security documents;
•Experience with security assessment of information systems;
•Experience with security standards, methodologies, risk management & audits (such as ISO2700X, NIST, COSO, CobIT);
•Experience with cryptography, network security, data protection, identity and access management (IAM), key management systems, tools and products for security assessments and audits;
•Experience with security tools for operations;
•Knowledge of Commission legislation and policies on Infosec/IT security and risk management, including GDPR. Proficiency in compliance with industry standards and regulations (e.g. HIPAA) is an asset;
•Experience in software development, experience in implementation and enforcement of Service Level Agreements (SLA), experience as a technical writer;
•Strong experience with security assessments, vulnerability scanning, and penetration testing;
•Experience with Apache Kafka/Confuent services is an asset;
•Experience with Connecting Europe Foundation (CEF) E-ARK project (2014 – 2017) and the eArchiving Building Block (2018-2021) is an asset;
•Experience with Elastic Stack is an asset;
•Experience with Tanzu and/or Nutanix is an asset;
•Experience with security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption;
•Extensive knowledge of TCP/IP and network protocols;
•Experience with incident response and risk management;
•Ability to Administer IT Systems (as System Administrator, including Linux) is required;
•Ability to build/run/maintain scripts (e.g. Groovy scripting) is required;
•Ability and Expertise to create/maintain/operate CI/CD pipelines (e.g. DevSecOps pipeline on Jenkins, Gitlab, etc..) is required;
•Ability and Expertise to create/maintain/operate monitoring systems’ solutions (e.g. Dynatrace, Splunk, Elastic Stack, etc.. );
•Ability to create/maintain endpoints (e.g. REST endpoint(s)) is required;
•Expertise in SAST (e.g. Fortify) is required;
•Expertise in SCA (e.g. Sonatype Lifecycle) is required;
•Expertise in Agile Projects is an asset;
•Expertise in Lean SDLC is an asset;
•Expertise in DevSecOps (including Security) is required;
•Expertise in S-SDLC is required;
•Expertise in Containers and Kubernetes (e.g. Tanzu, Nutanix) is required;
•Expertise in the Cloud is required (AWS is required);
•Expertise in the use of Confluence (or similar tool) to produce high quality concise documentation is required;
•Expertise in creating/developing/maintaining/operating Security Strategy/Policies/Control is required;
4. Certification and Standards
•Any ITIL Certification is an asset;
•Any Agile Certification is an asset;
•TOGAF Certification is an asset;
•Any PM² Certification is an asset;
•Any below Security Certification is an asset
oCertified Information Systems Security Professional (CISSP)
oCertified Cloud Security Professional (CCSP)
oAWS Certified Security – Specialty
oCertified Information Security Manager (CISM)
oCompTIA Security+
oCertified Information Systems Auditor (CISA)
oCertified Ethical Hacker (CEH)
5. Service Delivery
• The services shall be performed remotely in Near-Site location allowing to reach the Commission
premises in Brussels within 2 hours.
Laptop will be provided by the Commission.
The external service provider may be requested to participate in the meetings with the Commission’s
services in Brussels (and exceptionally in other locations).