2024-0241 Senior Online Vulnerability Assess. (OVA) Anal. (CTS) BELGIUM - 5 Mar

Deadline Date:  Wednesday 5 March 2025
 
Requirement:  Senior Online Vulnerability Assessment (OVA) Analyst Support for NCSC Assess Branch
 
Location:  Mons, BELGIUM
 
Full Time On-Site:  Yes
 
Time On-Site:  100%
 
Not to Exceed:  NTE € 111,825 
 
Required Start Date:  7 April 2025 
 
Required Security Clearance:  NATO COSMIC TOP SECRET
 
Purpose:
The objective of this statement of work (SoW) is to outline the scope of work and deliverables for the Online Vulnerability Assessment (OVA) Analysis for Assess Branch. The purpose of the work package is to provide support to NATO Cyber Security Centre (NCSC) to fulfil identified Cyber Security Senior Online Vulnerability Assessment (OVA) Analyst Support activities more effectively.
 
Background:
The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. The Portfolio ranges from Programme of Work (POW) activities funded via the NATO Military Budget (MB) to Critical / Urgent Requirements (CURs/URs) and NATO Security Investment Programme (NSIP) projects funded via the Investment Budget (IB). In some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span multiple years and are governed by various frameworks, including the Common Funded Capability Development Governance Framework (CFCDGM).
 
Scope of Work:
The aim of this SOW is to support NCSC with technical expertise specifically related to the operation and maintenance of Senior Online Vulnerability Assessment (OVA) Analyst Support with a deliverable-based contract to be executed in 2025.
This task includes data analysis and reporting of data reported by the Senior Online Vulnerability Assessment (OVA) Analyst Support. For the provision of consistent support and the execution of the task, NCIA will get subject matter expertise from the industry with a service (deliverable based/completion type) based AAS framework contract in the delivery of requested capability.
The Cyber Online Vulnerability Assessment (OVA) Support gives visibility and insight on the networks in NATO environment, which in turn is critical to effective management, strong security and compliance, and efficient migrations and consolidations.
More broadly, NATO needs to be able to monitor the configuration of its domain controllers in order to prevent exploitation by malicious threat actors.
Under the direction / guidance of the NCSC Point of Contact, a contractor will be the part of the NCSC Team supporting the following activities:
 
Monitoring and Reporting :

• Proactively review logs and alerts to identify any technical issues, errors, or failures in the monitoring process,
• Produce and distribute reports related to system health, monitoring activities, and compliance status (e.g., audit logs, system performance metrics).

• Document configuration and changes: Keep up-to-date documentation of all configurations, integration steps, troubleshooting procedures, and system maintenance tasks,
• Maintain an inventory: Keep track of all integrated identity sources, IAM systems, and external tools.

• Improve system efficiency: Identify areas where automation could reduce manual intervention and improve operational efficiency.

• Daily: Verify that the Continuous Vulnerability scans are configured correctly and that information collected is accurate & complete.
• Daily: Identify possible scan gaps, authentication failures and engage with relevant service provider to remove those gaps and eliminate reasons for authentication failure.
• Daily: Review existing scan policies, fine tune and improve them at the same time.

• Weekly: Upon completion of scheduled scans, deliver a comprehensive vulnerability report to each stakeholder under you area of responsibility taking into account all vulnerabilities posing a security risk, remediation actions recommended to the system/application owners and the status of the recommended actions.

• No weekly report is due if that week does not include any working day (for instance: long official holidays such as Christmas break).

• Monthly: deliver vulnerability report to stakeholders, with an overview of the critical/high vulnerabilities identified, the status of the recommended actions to show in a graphic way the trend of the security posture of CIS assets. The monthly report is expected to be delivered in the week of Microsoft patch Tuesday (second Tuesday of the month).

• Quality of work reached NATO standards
• Tasks are completed within the assigned time
• Performances are as defined by the line manager

• Quality of work is low
• Tasks are not completed within the assigned time
• Performances are not as defined by the line manager
• A replacement will be requested if the contractor cannot fulfil the tasks as explained in rejection criteria.
• Payment will not be done if the sprint is not completed.

• It is mandatory to have the candidate be in possession of a COSMIC TOP SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.

• Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience
• 3+ years of experience in IT security, with a focus on System Administration, Security Tools Management in large organisations.
• Strong understanding of security best practices and experience with Tenable products especially with Tenable Security Center.
• IP switching and routing in a wired and wireless environment.
• Virtual Infrastructure management based on VMWare technologies.
• Systems administration, ideally both with Windows and Linux.
• Good engineering skills including programming and/or scripting knowledge (python, shell scripting, PowerShell).
• Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours.
• Comprehensive understanding of principles of Computer and Communication Security, networking, and vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience.
• Strong analytical and problem-solving skills.
• Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.
• Experience with threat intelligence, incident response and remediation a plus.
• Knowledge of python (pyTenable) and PowerShell. Experience working with Tenable.SC and Nessus Manager APIs is a plus.
• Knowledge of NATO organization and its IT infrastructure is a plus.
• Experience with Service Management, monitoring and reporting tools, ideally Solarwinds is a plus.
• ITIL Service Management certifications is a plus.
• Experience with system instrumentation solutions such as Ansible is a plus.
• Certifications such as CISSP, CISM, or CISA is a plus.
• Previous experience working for Cyber Security related organisations (CERTs, security offices) is a plus.
• Previous experience working in an international environment comprising both military and civilian elements is a plus.

• Experience in working with NATO.
• Experience of working with NATO Communications and Information Agency.
• Experience of working with national Defence or Government entities.