2025-0075 Network Security O&M Support Services (NS) BELGIUM - 27 Jun

Deadline Date:  Friday 27 June 2025
 
Requirement:  Network Security O&M Support Services
 
Location:  Brussels, BELGIUM
 
Full Time On-Site:  Yes
 
Time On-Site:  100%
 
Not to Exceed:  2025 BASE: NTE/ sprint 2,092 EUR (26 sprints, total NTE 54,405 EUR) 2026 and 2027 Options
 
Period of Performance:  2025 BASE: 04 August 2025
 
Required Security Clearance:  NATO SECRET
 
Introduction:
 
NCIA – CSU BRU
Within the Agency CIS Support Unit (CSU) Brussels provides consistent, reliable and cost-effective ICT service delivery to all NATO customers located in the NATO compound in Brussels, including understanding and managing the interface with the Secretary General and Deputy Director General International Military Staff (DG IMS), through his/her delegated representatives ICTM/EXCO IMS, who act in the role of Intelligent Customer.
 
NCIA – CSU BRU – Cyber Security Section
The Cyber Security Section (CSS) performs a broad range of cyber security activities as delegated by the Cyber Security Service Line and under the direct command and control of the CSU commander. These activities include advise to the CSU Commander about cyber security policies and risk assessments, acting as the integration point of contact for implementation of cyber security new capability fielding initiatives, provision of Level One cyber security expertise and lifecycle support as required, verification of the implementation of security settings and change management controls at the local level, assessing and re-distributing cyber security alerts to CSU users and leadership, administering endpoint security services. Furthermore the CSS supports the incident management process, provides on-site support, reports in direct coordination with the Cyber Security Service Line and implements remediation measures.
 
NCIA – CSU BRU – Cyber Security Section – Gateway Security Services team
The Gateway Security Services team is responsible for Operations & Maintenance (O&M) support for all the Cyber Security gateway systems (firewalls, proxies, email gateway, VPN, network DLP, IPS/IDS, cross-domain gateways, etc.). Ensuring operational efficiency and resilience while providing qualitative support.
 
Objectives:
The main objectives of this statement of work can be summarized as follows:

• The Network Security O&M (Operations & Maintenance) Support service provides dedicated assistance to the Gateway Security Service team, ensuring the smooth operations and maintenance, enhancing operational resilience and ensuring continuity of the Cyber Security gateway systems. This service focusses on providing level 2 support with co-ordinated assistance to L3 support, as required. This is done through execution of SOPs, following up on raised incident tickets, execution of requests and provide project support.

• Handling incidents tickets raised by functional/technical/business users;
• Handling alerts raised by the monitoring system (ZABBIX and SCOM);
• Doing general technical troubleshooting and give consultation to other teams inside and outside the CSU;
• Handling of requests to implement security policies on security gateways;
• Handling of requests to implement operational changes on security gateways;
• Collaborate with NATO Cyber Security Centre (NCSC) and NHQ incident response teams to investigate and remediate security incidents;
• Conduct security policy reviews and optimizations to ensure efficiency and compliance, in accordance with enterprise, NCSC policies and best practices;
• Generate compliance reports for stakeholders, highlighting key security metrics and risks;
• Follow patch management cycle for all security gateways (battleshort, critical, high, medium and low cycles), installing and implementing necessary patches and updates in the required time period, ensuring all security gateways are properly patches and upgraded in according with latest baselines.
• Conduct lessons learned and post-mortem analyses after incidents to improve security posture and operation resilience;
• Interfacing with 3th vendors for technical support;
• Update and create documentation and SOPs (Standard Operation Procedures) related to the provided services as requested;
• Follow up on life cycle of the security gateway systems and assist in the asset replacement projects to replace the system that are end of life;
• Performs other duties as may be required.

• The contractor shall participate in weekly status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via electronic means using Conference Call capabilities, according to the Team Leaders instructions.
• For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her service during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the service held and the development achievements during the sprint.

• The performance of these services require a valid NATO SECRET security clearance.
• Some of the expected classification level of the deliverables is NATO SECRET.
• The execution of the services may require the consultants to access information, as well as CIS systems, classified up to NATO SECRET.

• The contractor will be required to provide the service 100% on-site at NCIA, NATO Head Quarter – Brussels - Belgium. Exceptional off-site activities to support service delivery can also be arranged with the line manager’s coordination and approval. There is a possibility to work 1 day per week teleworking from Belgium, providing services during NATO HQ working hours.
• Travel duties are not foreseen for this service.
• This service must be accomplished by ONE contractor.
• This individual providing services under this SOW will be part of the Gateway Security Services team, inside the Cyber Security section.

• University Degree and 3 years function related experience or Higher Secondary Education and completed advanced vocational training leading to a professional qualification or professional accreditation with 4 years post related experience.
• Extensive experience in working with firewalls (Palo Alto, Fortinet and Juniper)
• Experience in managing web proxies (FortiProxy), email gateways (Proofpoint) and VPN gateways (Cisco Firepowers)
• Experience of cyber security activities in large, complex and possibly classified ICT environments with 2.000+ end-user devices
• Strong technical engineering skills, adaptive to customer needs and being able to work in a team.

• Previous work experience in international organizations, such as NATO, or specialized Defence Industry
• Knowledge of NATO CIS Security Policy, Directive and Guidance
• ITIL Certification
• Possession of at least one security certification (i.e., ISC, EC-Council, SANS) highly desirable