JOB DETAILS

2025-0035 Active Directory Security Assessment Data Anal (CTS) BELGIUM - 4 Mar

2025-0035 Active Directory Security Assessment Data Anal (CTS) BELGIUM - 4 Mar

Contract Type:

Contractor

Location:

Mons - Mons, Belgium

Industry:

NATO

Contact Name:

Tim Lane

Contact Email:

tim@plr.ltd

Contact Phone:

Tim Lane

Date Published:

22-Feb-2025

Deadline Date: 04 March 2025
 
Requirement:  Active Directory Security Assessment Data Analysis and Reporting
 
Location:  Mons, BELGIUM
 
Time On-Site:  100%
 
Not to Exceed:  NTE 118,260

Required Start Date:  14 April 2025 
 
Required Security Clearance:  NATO COSIC TOP SECRET
 
Purpose:
The objective of this statement of work (SoW) is to outline the scope of work and deliverables  for the data analysis and reporting of data reported by Active Directory Security Assessment  Tool to be conducted by the selected company.  
The purpose of the work package is to provide support to NATO Cyber Security Centre (NCSC) to fulfil identified Active Directory Security Assessment Tool data analysis and reporting activities more effectively.
 
Background:
The Office of the CIO (OCIO) Enterprise Cyber Security Posture Improvement project focuses on acquisition and implementation of state-of-art tools to enhance Enterprise-wide cybersecurity capabilities considering the key cybersecurity functions.  
NCIA initiated a project and procured Active Directory Security Assessment Tool (Tenable  Identity Exposure) providing identity unification and risk scoring, real time attack detection and continually assessing directory services security in real time, eliminate attack paths that lead to domain domination, and investigate and inform. 
To support NCSC for the execution of tasks identified in the subject work package of the project,  the NCIA is looking for subject matter expertise in the delivery of complex, foundational and novel Cybersecurity capability.  
This contract is to provide consistent support on a deliverable-based (completion-type) contract,  to NCSC contributing to its POW based on the deliverables that are described in the scope of  work below. 
 
Scope of Work:
The aim of this SOW is to support NCSC with technical expertise specifically related to the  operation and maintenance of Active Directory Security Assessment Tool with a deliverable based contract to be executed in 2025. 
This task includes data analysis and reporting of data reported by the Active Directory Security  Assessment Tool. For the provision of consistent support and the execution of the task, NCIA  will get subject matter expertise from the industry with a service (deliverable based/completion type) based AAS framework contract in the delivery of requested capability. 
Active Directory data analysis and reporting give visibility and insight on the networks into Active  Directory environment, which in turn is critical to effective Active Directory management, strong security and compliance, and efficient migrations and consolidations. Effective Active Directory 
data analysis and reporting will also ensure NATO to monitor Active Directory users and groups including permission levels, inactive users/accounts and group policy settings, user entitlements, user activities, event trends, suspicious patterns, etc. 
More broadly, NATO needs to be able to monitor the configuration of its domain controllers in  order to prevent exploitation by malicious threat actors. 
Under the direction / guidance of the NCSC Point of Contact, a contractor will be the part of the  NCSC Team supporting the following activities: 
 
Ensuring data accuracy and up-to-date data for Active Directory (AD) Security issues: 

  • Ensure accurate and up-to-date AD data is collected from the different Domains in  scope, 
  • Security baselines are configured based on industry best practice and NATO policies,
  • Review existing policies, fine tune and improve them at the same time, 
  • Report to the Tool Managers any technical issues, such as connectivity problems  between Tenable Identity Exposure and other integrated systems or errors in scans or  reports, 
  • Follow up the new releasing of the security solutions to consider the implementation of  new features or capabilities 
Monitoring, analysing the collected data, prioritizing based on risk assessment for Active  Directory (AD) Security issues: 
  • Monitor the solution daily 
  • Identify the potential security issues 
  • Ensure that the collected data is analysed 
  • Prioritize the remediation actions based on the previous point 
Reporting Active Directory (AD) Security issues: 
  • Critical vulnerabilities will be reported within 4 hours since identified b) High vulnerabilities will be reported within 8 hours since identified 
  • Deliver a comprehensive vulnerability report to each stakeholder under you area of  responsibility taking into account all vulnerabilities posing a security risk, remediation  actions recommended to the system/application owners and the status of the  recommended actions. The weekly report is expected to be delivered each  Wednesday/Thursday before Close of Business. 
  • Ensure that the reported information is also available via PowerBI dashboard (or similar) 
  • Report to the corresponding AD management teams the prioritized remediation actions  based on the analysis done on point 2.c/2.d) 
  • Record the defined KPIs to follow up the trend of AD Security issues
Remediation actions for Active Directory (AD) Security issues: 
  • Follow up and verify that the reported security issues have been remediated. b) Follow the escalation process in case the reported security issues have not been fixed. 5) Documentation:  
  • Document configuration and changes: Keep up-to-date documentation of all  configurations, baselines, troubleshooting procedures, 
  • Keep a lessons learnt document 
User access Management: 
  • Review the list of users with access to the security solution, 
  • Verify that only the required users have access to the solution, 
  • Coordinate with the Tool Managers any issue with the User access management 7) Automation and Scripting 
  • Improve processes efficiency: Identify areas where automation could reduce manual  intervention and improve operational efficiency. 
The measurement of execution for this work is sprints, with each sprint planned for a duration  of 1 week. 
 
Coordination and Reporting:
The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via digital means using conference call capabilities, according to the manager’s / team leader’s instructions. 
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Project Manager mentioning briefly the work held and the development achievements during the sprint.  
At the end of the project, the Contractor shall provide a Project Closure Report that is summarizing the activities during the period of performance at high level. 
 
Acceptance and Rejection Criteria:
 Acceptance Criteria  
  • Quality of work reached NATO standards, 
  • Tasks are completed within the assigned time, 
  • Performances are as defined by the line manager. 
Rejection Criteria  
Quality of work is low, 
Tasks are not completed within the assigned time, 
Performances are not as defined by the line manager.
 
Required Profile:
The contractor(s) that is going to perform the identified tasks as an Operation and Maintenance  Expert of Active Directory Security Assessment Tool must have demonstrated skills, knowledge and experience as listed below. 
Activities performed by a contractor include the lifecycle management of the Tenable Identity  Exposure software (including all tasks related to A2SL inclusion), its configuration to ensure coverage of all in-scope Active Directory servers, and the regular monitoring of the availability of the capability. 
  • Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience. 
  • 3+ years of experience in IT security, with a focus on Active Directory security, System  Administration, and hands-on on Security Assessment Tools in large organisations. 
  • Experience with Active Directory Management. 
  • Strong understanding of security best practices and experience with Tenable products especially with Tenable Identity Exposure. 
  • Comprehensive experience and hands-on on administering Microsoft Windows Domain  based networks 
  • Systems administration, ideally both with Windows and Linux. 
  • Good engineering skills including programming and/or scripting knowledge (python,  shell scripting, PowerShell). 
  • Demonstrable experience of analysing, prioritizing and reporting in the field of  vulnerabilities assessment. 
  • Strong analytical and problem-solving skills. 
  • Excellent communication abilities, both written and verbal, with the ability to clearly  and successfully articulate complex issues to a variety of audiences and teams. 
  • Database management skills, preferably MS SQL. 
Desirable Profile:
The candidate should also ideally have knowledge and experience in the following areas:
  • Experience in working with NATO. 
  • Experience working with NATO Communications and Information Agency.
  • Experience working with national Defence or Government entities.

Share this job

Interested in this job?
Save Job
CREATE AS ALERT

Similar Jobs

SCHEMA MARKUP ( This text will only show on the editor. )
Share by: