Deadline Date:
Wednesday 6 March 2025 Requirement:
Cyber Security Tools Engineering (OVA/OCF) AOM Support for NCSC Assess Branch Location:
Mons, BE Full Time On-Site:
Yes Time On-Site:
100% Period of Performance:
As soon as possible but not later than 7 April 2025 until 31 December 2025, with the possibility to exercise the following options: 2026 Option: 1st January until 31st December 2026 2027 Option: 1st January until 31st December 2027 2028 Option: 1st January until 31st December 2028 Required Security Clearance:
NATO COSIC TOP SECRET 1. PURPOSE The objective of this statement of work (SoW) is to outline the scope of work and deliverables for the Cyber Security Tools Engineering (OVA/OCF) AOM Support for Assess Branch. The purpose of the work package is to provide support to NATO Cyber Security Centre (NCSC) to fulfil identified Cyber Security Tools Engineering (OVA/OCF) AOM Support activities more effectively. 2. BACKGROUND The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange. The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. The Portfolio ranges from Programme of Work (POW) activities funded via the NATO Military Budget (MB) to Critical / Urgent Requirements (CURs/URs) and NATO Security Investment Programme (NSIP) projects funded via the Investment Budget (IB). In some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span multiple years and are governed by various frameworks, including the Common Funded Capability Development Governance Framework (CFCDGM). In order to execute this work, the NCI Agency is seeking additional support through contracted resources (or consulting) to support the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and cyberspace operations. This Statement of Work (SoW) specifies the required skillset and experience. To support NCSC for the execution of tasks identified in the subject work package of the project, the NCIA is looking for subject matter expertise in the delivery of complex, foundational and novel Cybersecurity capability. This contract is to provide consistent support on a deliverable-based (completion-type) contract, to NCSC contributing to its mission based on the deliverables that are described in the scope of work below. 3. SCOPE OF WORK The aim of this SoW is to support NCSC with technical expertise specifically related to the operation and maintenance of Cyber Security Tools Engineering (OVA/OCF) AOM Support with a deliverable-based contract to be executed in 2025. This task includes data analysis and reporting of data reported by the Cyber Security Tools Engineering (OVA/OCF) AOM. For the provision of consistent support and the execution of the task, NCIA will get subject matter expertise from the industry with a service (deliverable based/completion type) based AAS framework contract in the delivery of requested capability. The Cyber Security Tools Engineering (OVA/OCF) AOM gives visibility and insight on the networks in NATO environment, which in turn is critical to effective management, strong security and compliance, and efficient migrations and consolidations. More broadly, NATO needs to be able to monitor the configuration of its domain controllers in order to prevent exploitation by malicious threat actors. Under the direction / guidance of the NCSC Point of Contact, a contractor will be part of the NCSC Team supporting the following activities: Monitoring and Reporting:
Proactively review logs and alerts to identify any technical issues, errors, or failures in the monitoring process. Produce and distribute reports related to system health, monitoring activities, and compliance status (e.g., audit logs, system performance metrics).
System Documentation:
Document configuration and changes: Keep up-to-date documentation of all configurations, integration steps, troubleshooting procedures, and system maintenance tasks. Maintain an inventory: Keep track of all integrated identity sources, IAM systems, and external tools.
Automation and Scripting:
Improve system efficiency: Identify areas where automation could reduce manual intervention and improve operational efficiency.
4. DELIVERABLES AND PAYMENT MILESTONES The following deliverables are expected from the work on this SoW in 2025: Deliverable: 35 sprints to support NCSC Assess Branch with Cyber Security Tools Engineering (OVA/OCF) AOM as per described in Para 4 Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor. The NCIA reserves the possibility to exercise a number of options in the year 2025, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements. The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number. Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and the project authority. Each deliverable shall meet the following requirements: Language: the product shall be written in English, meeting or exceeding the NATO STANAG 6001 Level 3 “Professional Proficiency”. Intended Audience: the product shall be intended for Cyber Security Professional, Senior Military personnel and decision makers in the field of Cyber Security and Cyberspace Operations. Accuracy: the product shall accurately reflect what was discussed, decided, and action items assigned during the meeting. Clarity and Conciseness: Information shall be presented clearly and concisely, avoiding unnecessary jargon or complex language. Objectivity: the content shall be impartial and objective, presenting information without bias or personal interpretation. Structure: the product shall follow a logical structure, typically including sections such as agenda, attendees, discussions, decisions, action items, and any other relevant information, further directed by the IKM SG. Timeliness: the product shall be prepared and distributed promptly after the meeting, ensuring that information is fresh and actionable. It is expected a maximum of two times the length of the meeting for the time required to prepare and share the product to the meeting audience for initial review. Formatting: Consistent formatting shall be used throughout the document, including font style, size, headings, and spacing further directed by the IKM SG. Confidentiality: Sensitive information discussed prior, during and after meetings shall be handled in accordance with the NATO policy on Information Management. 5. COORDINATION AND REPORTING The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via digital means using conference call capabilities, according to the manager’s / team leader’s instructions. For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in writing within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Service Delivery Manager mentioning briefly the work held and the development achievements during the sprint. At the end of the project, the Contractor shall provide a Project Closure Report that summarizes the activities during the period of performance at a high level. 6. ACCEPTANCE AND REJECTION CRITERIA a) Acceptance Criteria Quality of work reached NATO standards Tasks are completed within the assigned time Performances are as defined by the line manager b) Rejection Criteria Quality of work is low Tasks are not completed within the assigned time Performances are not as defined by the line manager c) A replacement will be requested if the contractor cannot fulfil the tasks as explained in rejection criteria. d) Payment will not be done if the sprint is not completed. 7. PENALTY AND REJECTION PROCESS If the contractor does not meet the work expectation based on the CV presented, the assigned tasks are not performed as expected based on NATO standards or the finalization of the assigned tasks are not done within the given time, the sprint will not be accepted and the service will not be paid. If any of the above mentioned issues persist, the outsourcing partner will be asked to provide a replacement. 8. SCHEDULE This task order will be active immediately after signing of the contract by both parties. The period of performance is as soon as possible but not later than 07 April 2025 and will end no later than 31 December 2025. 9. CONSTRAINTS All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact. All documentation etc. will be stored under configuration management and/or in the provided NCIA tools. 10. REQUIRED PROFILE The contractor that is going to perform the identified tasks as an Operation and Maintenance Expert of Active Directory Security Assessment Tool must have demonstrated skills, knowledge and experience as listed below. Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience 3+ years of experience in IT security, with a focus on System Administration, Security Tools Management in large organisations. Strong understanding of security best practices and experience with Tenable products especially with Tenable Security Center. IP switching and routing in a wired and wireless environment. Virtual Infrastructure management based on VMWare technologies. Systems administration, ideally both with Windows and Linux. Good engineering skills including programming and/or scripting knowledge (python, shell scripting, PowerShell). Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours. Comprehensive understanding of principles of Computer and Communication Security, networking, and vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience. Strong analytical and problem-solving skills. Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams. Experience with threat intelligence, incident response and remediation a plus. Knowledge of python (pyTenable) and PowerShell. Experience working with Tenable.SC and Nessus Manager APIs is a plus. Knowledge of NATO organization and its IT infrastructure is a plus. Experience with Service Management, monitoring and reporting tools, ideally Solarwinds is a plus. ITIL Service Management certifications is a plus. Experience with system instrumentation solutions such as Ansible is a plus. Certifications such as CISSP, CISM, or CISA is a plus. Previous experience working for Cyber Security related organisations (CERTs, security offices) is a plus. Previous experience working in an international environment comprising both military and civilian elements is a plus.
#J-18808-Ljbffr