Deadline Date:
Wednesday 6 March 2025
Requirement:
Cyber Security Tools Engineering (OVA/OCF) AOM Support for NCSC Assess Branch
Location:
Mons, BELGIUM
Full-Time On-Site:
Yes
Time On-Site:
100%
Not to Exceed:
NTE € 111,825
Required Start Date:
1 April 2025
Required Security Clearance:
NATO COSIC TOP SECRET
Purpose:
The objective of this statement of work (SoW) is to outline the scope of work and deliverables for the Cyber Security Tools Engineering (OVA/OCF) AOM Support for Assess Branch.
The purpose of the work package is to provide support to NATO Cyber Security Centre (NCSC) to fulfil identified Cyber Security Tools Engineering (OVA/OCF) AOM Support activities more effectively.
Background:
The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. The Portfolio ranges from Programme of Work (POW) activities funded via the NATO Military Budget (MB) to Critical / Urgent Requirements (CURs/URs) and NATO Security Investment Programme (NSIP) projects funded via the Investment Budget (IB). In some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span multiple years and are governed by various frameworks, including the Common Funded Capability Development Governance Framework (CFCDGM).
Scope of Work:
The aim of this SOW is to support NCSC with technical expertise specifically related to the operation and maintenance of Cyber Security Tools Engineering (OVA/OCF) AOM Support with a deliverable-based contract to be executed in 2025.
This task includes data analysis and reporting of data reported by the Cyber Security Tools Engineering (OVA/OCF) AOM. For the provision of consistent support and the execution of the task, NCIA will get subject matter expertise from the industry with a service (deliverable based/completion type) based AAS framework contract in the delivery of requested capability.
The Cyber Security Tools Engineering (OVA/OCF) AOM gives visibility and insight on the networks in NATO environment, which in turn is critical to effective management, strong security and compliance, and efficient migrations and consolidations.
More broadly, NATO needs to be able to monitor the configuration of its domain controllers in order to prevent exploitation by malicious threat actors.
Under the direction / guidance of the NCSC Point of Contact, a contractor will be the part of the NCSC Team supporting the following activities:
Monitoring and Reporting :
- Proactively review logs and alerts to identify any technical issues, errors, or failures in the monitoring process,
- Produce and distribute reports related to system health, monitoring activities, and compliance status (e.g., audit logs, system performance metrics).
- Document configuration and changes: Keep up-to-date documentation of all configurations, integration steps, troubleshooting procedures, and system maintenance tasks,
- Maintain an inventory: Keep track of all integrated identity sources, IAM systems, and external tools.
- Improve system efficiency: Identify areas where automation could reduce manual intervention and improve operational efficiency.
- Daily: Verify that the Continuous Vulnerability scans are configured correctly and that information collected is accurate & complete.
- Daily: Identify possible scan gaps, authentication failures and engage with relevant service provider to remove those gaps and eliminate reasons for authentication failure.
- Daily: Review existing scan policies, fine tune and improve them at the same time.
- Weekly: Upon completion of scheduled scans, deliver a comprehensive vulnerability report to each stakeholder under you area of responsibility taking into account all vulnerabilities posing a security risk, remediation actions recommended to the system/application owners and the status of the recommended actions.
- No weekly report is due if that week does not include any working day (for instance: long official holidays such as Christmas break).
- Monthly: deliver vulnerability report to stakeholders, with an overview of the critical/high vulnerabilities identified, the status of the recommended actions to show in a graphic way the trend of the security posture of CIS assets. The monthly report is expected to be delivered in the week of Microsoft patch Tuesday (second Tuesday of the month).
Coordination And Reporting:
The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via digital means using conference call capabilities, according to the manager’s / team leader’s instructions.
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Service Delivery Manager Manager mentioning briefly the work held and the development achievements during the sprint.
At the end of the project, the Contractor shall provide a Project Closure Report that is summarizing the activities during the period of performance at high level.
Acceptance and Rejection Criteria:
Acceptance Criteria:
- Quality of work reached NATO standards
- Tasks are completed within the assigned time
- Performances are as defined by the line manager
- Quality of work is low
- Tasks are not completed within the assigned time
- Performances are not as defined by the line manager
- A replacement will be requested if the contractor cannot fulfil the tasks as explained in rejection criteria.
- Payment will not be done if the sprint is not completed.
If the contractor does not meet the work expectation based on the CV presented, the assigned tasks are not performed as expected based on NATO standards or the finalization of the assigned tasks are not done within the given time, the sprint will not be accepted and the service will not be paid.
If any of the above mentioned issues persist, the outsourcing partner will be asked to provide a replacement.
Constraints:
All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact.
All documentation etc. will be stored under configuration management and/or in the provided NCIA tools.
.
Practical Arrangements:
This work must be accomplished by one contractor.
The contractor will be required to work onsite in Mons / BEL as part of this engagement. The NCSC Team is located in Mons / BEL, with working hours to be adjusted accordingly.
The services will be mainly executed on premise in SHAPE, Mons Belgium. NCIA IT equipment will be provided (NCSC NROP laptop & NCSC NSOP workstation).
Results of the work will be provided on a weekly basis to the assigned Point of Contact (Annex B – weekly action tracking report).
The contractor will be required to work following the rules and regulations applicable for the operations of NATO CIS.
Travel expenses for missions to other NATO/NCIA locations: No travel is expected. Daily presence at SHAPE, Mons, Belgium, is required to meet performance goals.
If exceptionally travel will be required, travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive.
The Purchaser will provide the contractor with the following Purchaser-Furnished Equipment (PFE):
• Access to NATO sites, as required, for the purpose of executing this SOW.
• Workspace (needed business IT for both on- and off-site work, hot-desk at NCSC facility).
• NCIA “REACH” laptop to be used by the contractor for the execution of the contract.
Requirements:
Security and Non-Disclosure Agreement
It is mandatory to have the candidate be in possession of a NATO COSMIC TOP SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.
Required Profile:
The contractor that is going to perform the identified tasks as an Operation and Maintenance Expert of Active Directory Security Assessment Tool must have demonstrated skills, knowledge and experience as listed below.
Activities performed by a contractor include the lifecycle management of the Tenable Identity Exposure software (including all tasks related to A2SL inclusion), its configuration to ensure coverage of all in-scope Active Directory servers, and the regular monitoring of the availability of the capability.
- Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience
- 3+ years of experience in IT security, with a focus on System Administration, Security Tools Management in large organisations.
- Strong understanding of security best practices and experience with Tenable products especially with Tenable Security Center.
- IP switching and routing in a wired and wireless environment.
- Virtual Infrastructure management based on VMWare technologies.
- Systems administration, ideally both with Windows and Linux.
- Good engineering skills including programming and/or scripting knowledge (python, shell scripting, PowerShell).
- Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours.
- Comprehensive understanding of principles of Computer and Communication Security, networking, and vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience.
- Strong analytical and problem-solving skills.
- Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.
- Experience with threat intelligence, incident response and remediation a plus.
- Knowledge of python (pyTenable) and PowerShell. Experience working with Tenable.SC and Nessus Manager APIs is a plus.
- Knowledge of NATO organization and its IT infrastructure is a plus.
- Experience with Service Management, monitoring and reporting tools, ideally Solarwinds is a plus.
- ITIL Service Management certifications is a plus.
- Experience with system instrumentation solutions such as Ansible is a plus.
- Certifications such as CISSP, CISM, or CISA is a plus.
- Previous experience working for Cyber Security related organisations (CERTs, security offices) is a plus.
- Previous experience working in an international environment comprising both military and civilian elements is a plus.