Работа в Ukraine

Expertise France is the public agency for designing and implementing international technical cooperation projects. The agency operates around four key priorities : - democratic, economic, and financial governance ;- peace, stability, and security ;- climate, agriculture, and sustainable development ;- health and human development ;In these areas, Expertise France conducts capacity-building initiatives and manages project implementation, leveraging technical expertise and acting as a project coordinator. This involves combining public sector expertise with private sector skills to drive impactful results.  The Cybersecurity Capacity building for Ukraine (CCBU) project aims to deliver basic and advanced cybersecurity trainings aimed at a variety of civilian staff. The training strategy devised under the project foresees a training program dedicated to two roles : Cybersecurity and SOC / CSIRT Managers (and relevant CISOs) Cybersecurity and CSIRT staff (analysts)The courses will likely be differentiated after an initial assessment and basic training phase, and will allow a cohort of staff to be trained on a number of pertinent subjects related to their precise roles. The current training plan foresees training for managers on : Incident handling (basics) and hacker tools and techniquesSOC and CSIRT management Red / Blue teamingThreat detection and monitoring And may be complemented according to the needs of the participants. For Analysts, the program is likely to cover : Incident handling (basics) and hacker tools and techniquesRed / Blue teamingIncident handling (basics) and hacker tools and techniquesSOC and CSIRT operations As basic level and other subjects to complement the training path of the trainees such as Threat detection and monitoringSecurity automation in Windows environmentsApplied AI and data science for cybersecurityThreat detection for cloud environmentsForensics OSINTShortlisted experts will be asked to prepare and deliver training according to their skills, availability and spoken language, as well as the needs of the project.For this project several trainings are intended (and requested by Ukrainian beneficiaries) to be delivered in in-person formats, hence travel to Ukraine may be required, depending on the prevailing security situation. Selected candidates are expected to :  Deliver expertise and prepare training  in relation to any of the aforementioned activitiesDeliver, develop or follow up training activities in the scope of the training strategy of the project and monitor / report on national delivery of such trainingLiaise with other trainers or training partners regarding the structure and content of trainings to be deliveredLiaise with relevant in-country actors in relation to these activities, Report on progress and delivery as well as any improvements or suggestions / evaluate  activities or trainings  delivered by the project. Content is to be delivered in English and / or Ukrainian. It is the goal of the project that all relevant actors can take part in the activities described, and language skills in both English and Ukrainian are therefore advantageous.  The Cybersecurity Capacity building for Ukraine (CCBU) project aims to support Ukraine in building better capacities in the field of cybersecurity, especially related to critical infrastructure. Within the framework of the Tallinn mechanism the Ukrainian French Maidan Project was established in order to flesh out the strategic cooperation of France with Ukraine. Under this umbrella the project “Cybersecurity Capacity Building for Ukraine” (CCBU) was conceived to assist civilian staff of Ukraianian central government entities in building capacity in relation to the many attacks since the full scale invasion of Ukraine by the Russian Federation. The objective of the action is to support the development of Ukraine’s cyber resilience and encourage  its alignment on international best practises and standards on cybersecurity. To reach this objective, specialised trainings will be conducted to build the capacities of specifically : Managers in charge of a public asset pool or the supervision and protection of these  public assets &networks.Technicians and network / system engineers in charge of a public asset pool or the supervision and protection of these public assets and networks (CSIRT / SOC / SIEM) with a focus on Security Operations / Penetration testing / Incident response, Threat Hunting and Digital Forensics.The project aims to conduct a structured set of high quality trainings in order to allow trainees to acquire relevant knowledge and experience in relation to their feld of work. Senior experts will be tasked by the project staff to conduct trainings or assist in training delivery according to the workplan and training strategy which may be implemented in cooperation with other international partners. 1 / Qualifications and skills : Selected senior experts must have in-depth experience in the following areas : - CSIRT / SOC management roles preferably related to critical infrastructure- Cybersecurity management as CISO or CSIRT / SOC manager or equivalent- Development and nature of cybersecurity training;- Dybersecurity related activities, reports or training for international organisations- Implemention of projects in the Eastern Partnership region;- General and specific professional experience in relation to cybersecurity- Training  of professional audiencesThe ideal candidate has a Masters degree in law, ICT or a cybersecurity related field. Note that experienced that has adequate and demonstrable knowledge gained in praxis, in the area of cybersecurity, may also count towards meeting these criteria. Relevant cybersecurity certifications are considered an asset. Fluency in both one of English and Ukrainian is an asset.Strong communication skills with a proven ability to understand key concepts and communicate with  trainees of different backgrounds.  Proficiency in working in a fast-paced, complex, dynamic, multicultural business environment is needed. 2 / General and specific professional experienceThe following experience is considered essential experience : - A minimum of 6 years demonstrable experience in working on cybersecurity gained in a cybersecurity related role. - 3 years experience in a management role in a CSIRT / SOC or as CISO in relation to critical infrastructure or a similar role- In-depth experience of cybersecurity management, threat detection and management of highy critical infrastructure.- Demonstrable experience in training professional audiences.- Previous experience in the particular context of countries at war or in crisis- Experience in delivering similar activities for international organisations, national governments  or extensive experience gained in relevant institutions at the national level. - Demonstrable knowledge of English and / or French - Knowledge of Ukrainian is a strong asset The following experience is considered desirable but not mandatory : Certification according to internationally recognised cybersecurity norms (GIAC / EC Council / ISO for example)Experience in setting up CSIRT or SOC infrastructure Experience with Ukraine and the local context is a strong assetExperience in working with law enforcement, CERTs and other relevant government agencies in the area of critical infrastructures is an assetExperience in drafting national cybersecurity and cybercrime strategies is an assetExperience in working on capacity building with international organisations active in this field, such as the EU, EU based implementation agencies, The Council of Europe, the World Bank, UN or alike is an asset. The following documentation is requested : A brief cover letter outlining the experts experience in accordance with these Terms of Reference, and the daily fee to be requested. A CV outlining the providers key experts experience in this area and their language proficiencyTwo examples of work done by the supplier in relation to training of professional audiences on cybersecurityThe project team reserves the right to negotiate on both price and content of the assignments during the acceptance phase. - Indicative period of delivery :   1 January 2025 – 28 February 2026- Working language :    English, French, Ukrainian- Reporting to :    Key Expert Note that the applicants that meet the current TORs will be placed on a shortlist, and that individual assignments will be allocated based on a further selection by the project team, based on the fees, experience and availability of the shortlisted experts.Specific roles, deliverables and assignments will subsequently be managed by the project team based on the qualifications and expertise of selected consultants and the requirements of the beneficiary countries. Experts may also be asked to work in teams of 2 or 3. Placement on the shortlist does not guarantee any number of working days to be assigned to the expert. This is subject to a further stage of assessment and agreement in writing. After tasks have been identified a selection of candidates on the shortlist will be made and specific deliverables will be agreed along with the associated working days.  Selected experts will be engaged in relation to the various trainings as mentioned, related to the training of Ukrainian CSIRT / SOC analysts. Depending on the project planning and the development of activities in relation with beneficiary countries, experts will be asked to deliver tasks that they will be selected for on the basis of their individual qualities.   Within the country the project has close working relationships with national level beneficiaries, and stakeholderswhich will be included in the aforementioned activities together with relevant local counterparts.  In view of the ongoing conflict, activities and training may either take place online or in a hybrid format (where there is an instructor / expert present via an online platform and trainees are together in Ukraine, in a venue to be selected). In case of hybrid training, candidates may also be asked to act as “on site” teaching assistants to experts delivering content through online platforms. In all cases where trainers do not speak Ukrainian synchronous translation will be provided.