2024-0240 IT Analysis - Ext. Attack Surf. Mg (cloud based) (CTS) BELGIUM - 5 Mar

Deadline Date:  Wednesday 5 March 2025
 
Requirement: IT Analysis - External Attack Surface Management (cloud based)
 
Location:  Onsite in S.H.A.P.E. Mons, BELGIUM
 
Full Time On-Site:  Yes
 
Time On-Site:  100%
 
Not to Exceed:  NTE € 112,140
 
Required Start Date:  7 April 2025 

Required Security Clearance: COSMIC TOP SECRET
 
Special Terms and Conditions:  Non-disclosure agreement must be signed
 
Purpose:
The objective of this statement of work (SoW) is to outline the scope of work and deliverables  for the IT Analyst- External Attack Surface Management (cloud based) Support for Assess Branch. 
The purpose of the work package is to provide support to NATO Cyber Security Centre (NCSC) to fulfil identified Cyber Security IT Analysis - External Attack Surface Management (cloud based) Support activities more effectively.
 
Background:
The NCI Agency has been established with a view to meeting the collective requirements of  some or all NATO nations in the fields of capability delivery and service provision related to  Consultation, Command & Control as well as Communications, Information and Cyber Defence  functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance,  Target Acquisition functions and their associated information exchange. 
The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and  protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO  Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of  programmes and projects around 219 MEUR euros per year, in order to uplift and enhance  critical cyber security services. The Portfolio ranges from Programme of Work (POW) activities  funded via the NATO Military Budget (MB) to Critical / Urgent Requirements (CURs/URs) and  NATO Security Investment Programme (NSIP) projects funded via the Investment Budget (IB). In  some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span  multiple years and are governed by various frameworks, including the Common Funded  Capability Development Governance Framework (CFCDGM).
 
Scope of Work:
The aim of this SOW is to support NCSC with technical expertise specifically related to the  operation and maintenance of IT Analysis - External Attack Surface Management (cloud  based)Support with a deliverable-based contract to be executed in 2025.  
This task includes data analysis and reporting of data reported by the Senior Online Vulnerability  Assessment (OVA) Analyst Support. For the provision of consistent support and the execution of  the task, NCIA will get subject matter expertise from the industry with a service (deliverable  based/completion type) based AAS framework contract in the delivery of requested capability. 
The Cyber Security External Attack Surface Management (cloud based) Support gives visibility  and insight on the networks in NATO environment, which in turn is critical to effective  management, strong security and compliance, and efficient migrations and consolidations.  
More broadly, NATO needs to be able to monitor the configuration of its domain controllers in  order to prevent exploitation by malicious threat actors.  
 
Coordination of Reporting:
The contractor shall participate in daily status update meetings, activity planning and other  meetings as instructed, physically in the office, or in person via digital means using conference  call capabilities, according to the manager’s / team leader’s instructions. 
For each sprint to be considered as complete and payable, the contractor must report the  outcome of his/her work during the sprint, first verbally during the retrospective meeting and  then in written within three (3) days after the sprint’s end date. The format of this report shall  be a short email to the NCIA Service Delivery Manager Manager mentioning briefly the work  held and the development achievements during the sprint.  
At the end of the project, the Contractor shall provide a Project Closure Report that is  summarizing the activities during the period of performance at high level. 
 
Acceptance and Rejection  Criteria:
Acceptance Criteria: 

• Quality of work reached NATO standards 
• Tasks are completed within the assigned time 
• Performances are as defined by the line manager 

• Quality of work is low
• Tasks are not completed within the assigned time 
• Performances are not as defined by the line manager 
• replacement will be requested if the contractor cannot fulfil the tasks as explained in  rejection criteria. 
• Payment will not be done if the sprint is not completed. 

• Bachelor's degree in Computer Science, Information Technology, or related field Or  equivalent experience  
• 3+ years of experience in IT security, with a focus on Security Audit and / or Security  Assessment of large organisation 
• Strong understanding of security best practices and experience with cloud-based  infrastructure 
• Strong understanding of the assessment of internet–facing assets for vulnerabilities and  anomalies 
• Knowledge of relevant NATO standards and regulations 
• Strong analytical and problem-solving skills 
• Excellent communication and collaboration skills 
• The incumbent shall be able to understand and interpret the outcomes of security audit  reports (NATO high side network). 
• Experience with threat intelligence, incident response and remediation a plus
• Knowledge of NATO organization and its IT infrastructure is a plus
• Certifications such as CISSP, CISM, or CISA is a plus

• Experience in working with NATO. 
• Experience of working with NATO Communications and Information Agency.
• Experience of working with national Defence or Government entities.