2025-0115 Cyber Security Firewall Support (CTS) BELGIUM - 26 Jun RELAUNCH

Deadline Date:  Thursday 26 June 2025
 
Requirement:   Cyber Security Firewall Support
 
Location:  Mons, BELGIUM
 
Time On-Site:  100%
 
Not to Exceed:  2025 Base: NTE 49,086 EUR (18 sprints at 2,727 EUR/sprint NTE) Options: 2026 – 2027 - 2028
 
Period of Performance:  2025 BASE: 04 August 2025
 
Required Security Clearance:  NATO COSMIC TOP SECRET
 
Introduction:

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services.

In order to execute this service, the NCI Agency is seeking additional manpower through contracted resources to support the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and cyberspace operations.

The Gateway Security Services (GSS) Section facilitates and accounts for all lifecycle aspects of Boundary Protection Components deployed within and on the edge of NATO networks in order to protect key NATO information while allowing NATO staff to work securely and process their information.
 
NCI Agency is looking for subject matter expertise for the delivery of this complex and critical cybersecurity capability.

This contract is to provide consistent support on a deliverable-based contract to NCSC based on the deliverables that are described in the scope of work below.
 
Purpose:
The Cyber Security SECURE Branch delivers a wide suite of enabling services in specific areas of Technical Services and CIS protection.
Gateway Security Services operate (amongst others) various technologies such as data diodes, secure guard components and firewalls to support the secure cross-domain data exchange.
This Statement of Work (SOW) outlines the services to be provided by the Supplier to NCIA Cyber Security Centre Secure Branch to fulfil identified CYBER SECURITY FIREWALL Support more effectively.
 
Objectives:
The main objective of the statement of work is to underline the Cyber Security needs of the NCSC and to look for support to Gateway Security Service. The ‘Level 2/3 Cyber Security Firewall support should be manned by the contractor’s personnel on a daily basis to ensure service objectives are met continuously.

The aim of this SOW is to support NCSC with technical expertise specifically related to the operation and maintenance of CYBER SECURITY FIREWALL Support with a deliverable based (completion-type) contract to be executed in 2025.

The contractor’s personnel will be required to deliver a daily activities schedule, mainly operating the firewalls and supporting on the BAU (Business As Usual) activities, like request fulfilment (ITSM work) and system patching, as well as represent NCSC business unit on an Enterprise Level where required.

Tasks performed by a contractor’s personnel include:

• Build, implement, maintain, and support Next-Generation Firewalls (NGFW) (System Administration).
• Configure, maintain and review security policies on Next-Generation Firewalls (System Configuration)

• All the documentation provided under this statement of work will be based on NCIA templates or agreed with project point of contact.
• All support, maintenance, documentation and required code will be stored under configuration management and/or in the provided NCIA tools.
• All developed solutions, tools and code under this project will be property of the NCIA.

• The services performed under this SOW require that the assigned personnel have a valid NATO COSMIC TOP SECRET security clearance.
• It is acceptable for personnel to have a valid NATO SECRET security clearance prior to the start of the engagement and obtain COSMIC TOP SECRET during the first year of the execution of deliverables under this SoW
• The signature of a Non-Disclosure Agreement between any Service Provider’s individuals contributing to this task and NCIA will be required prior to execution.
  

• The contractor’s personnel will be required to provide the service 100% on-site at NCIA Mons, Belgium. Exceptional teleworking activities to support service delivery can also be arranged with the line manager’s coordination and approval.

• NCIA IT equipment will be provided (one REACH laptop will be provided). This equipment can be used by one person only and associated to that individual.
• NCI Agency will provide access to relevant networks and resources as required by the project. The service depicted in this sow is expected to be carried by a single resource.

• There may be limited travel required (max.3 times/per year, each travel up to 3 working days), specifically to Brussels, Belgium, The Hague, Netherlands or Brunsum, Netherlands.
• Travel expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive. They will be invoiced separately to the purchaser (NCIA) by the service provider, in accordance with the terms and conditions of the framework agreement. These additional travel costs are considered an extra charge to the overall bid price.

• Provide necessary access to systems and information required for all services
• Tools and equipment (laptop) will be provided for remote service provisioning. Access to the
  following tools that are used to execute daily tasks will be provided.
  •  BMC remedy (NCIA Enterprise)
  • Visio;
  • MS Office Suite;
  • SharePoint;
• Designate primary points of contact for escalations and decision-making
• Early Definition
  • Establish criteria at the beginning of the project or sprint
  • Refine criteria as needed throughout the development process
• Prioritization
  • Identify must-have criteria vs. nice-to-have features
  • Align prioritization with project / service goals and constraints
• Consider Edge Cases
  • Include criteria for handling unexpected inputs or scenarios
  • Address potential failure modes and error handling

• Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience.
• Minimum qualifications required is a firewall certification (such as PCNSA or similar)
• Strong understanding of security best practices
• Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours.
• At least 6 months of experience in the following areas:
  • Palo Alto Networks Firewalls and Palo Alto Networks Panorama for Enterprise level deployments
  • Firewall installation and management of other vendors
  • System monitoring and troubleshooting
  • LAN/WAN networking including protocol network architecture
  • TCP/IP protocols and services
• Profound communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.

• Working experience in the following areas:
  • Experience with network protocols and traffic analysis
  • Ability to troubleshoot complex network security issues
  • Scripting/Automation (Bash, Python, Ansible)
• Official Network Management certification (such as Network+)
• Official Service Management certification (such as ITIL Foundation)
• Understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
• Possession of Industry leading certification in the area of Cybersecurity such as CISSP, CISM, CISA, GSNA, SANS GIAC
• In addition to the above, it is desirable for the contracted individual to have working experienc and knowledge in the following areas:
  • Experience in working with NATO.
  • Previous work in an international environment comprising both military and civilian elements