2025-0133 NISP Linux Engineering Services (NS) NETHERLANDS - 2 Jun

2025-0133 NISP Linux Engineering Services (NS) NETHERLANDS - 2 Jun

Contract Type:

Contractor

Location:

The Hague - The Hague, Netherlands

Industry:

NATO

Contact Name:

Tim Lane

Contact Email:

tim@plr.ltd

Contact Phone:

Tim Lane

Date Published:

21-May-2025

Deadline Date:  Monday 2 June 2025
 
Requirement:   NISP Linux Engineering Services
 
Location:  The Hague, NETHERLANDS
 
Time On-Site:  100%
 
Not to Exceed:  2025 BASED 46,935 EUR, 2026 to 2028 Options 
 
Period of Performance:  2025 BASE: 1 September 2025 
 
Required Security Clearance:  NATO SECRET
 
Introduction:

  • To strengthen the Alliance through connecting its forces, the NCIA delivers secure, coherent, cost effective and interoperable communications and information systems in support of consultation, command & control and enabling intelligence, surveillance and reconnaissance capabilities, for NATO, where and when required. It includes IT support to the Alliances’ business processes (to include provision of IT shared services) to the NATO HQ, the Command Structure and NATO Agencies.
  • The Air Command and Control Centre (AirC2 Centre), as part of the NCI Agency, ensures the harmonised planning, implementation, deployment, evolution and support of the Air Command and Control (AirC2) programmes as well as other assigned programmes, in a way that satisfies the operational requirements and minimizes the military risk, taking into account the NATO political, economic and schedule requirements and using the most suitable industrial and technological solutions. The Centre is the procurement and implementation body of the NCI Agency, charged with the effective planning, execution, delivery into service, evolution and through-life logistic support of NATO’s and assigned national AirC2 systems.
  • In the light of these activities, AirC2 Centre is looking for Oracle Linux or Red Hat Linux software engineers with in-depth knowledge of the topics related to the NISP (NATO integrated Secured Platform) work packages described below.
Scope of Work:
The expert contractor’s personnel(s) shall carry out the specific tasks and provide the specific deliverables, as described in the Work Package table(s) below:  
  • Work Package WP1:  Port latest released NISP (Oracle Linux) to latest released Oracle Linux 9 NISP_OL is comprised of software and documentation, which allow the end user to install a secured Oracle Linux 8 onto bare metal, or update an existing installation. Several machine profiles are supported, such as AD member server, standalone server
Deliverable D1: Bootable ISO image (compatible with boot from USB keys and BluRay) which allows to install NISP_OL with Oracle Linux 9 following the same or very similar procedures as NISP_OL with Oracle Linux 8.
Deliverable D2: Automatic build procedure to build the bootable ISO image from D1.
Deliverable D3: Standalone server fresh installation and configuration as Active Directory Member Server.
Deliverable D4: Updated documentation and procedures for NISP_OL with Oracle Linux 9 in the following documents: Software Installation Plan, System Administration Manual
Deliverable D5: Updated information on supported hardware and virtualization environments in the Hardware Guide
Constraint C1: Secure Boot shall be supported for installation from media and network.
Constraint C2: Provided procedures must provide the service in an offline environment (no Internet connectivity).
Constraint C3: Documentation source is in DocBook, however oXygen is available for near WYSIWYG editing.
Constraint C4: Revision control used in NISP project is git with gitlab. All source is to be revision controlled.
Acceptance Criteria A1: Deliverables shall pass the full NISP Regression Test Suite, any test case redlines must be approved by test director and leading engineer.
Acceptance Criteria A2: Any provided code or code changes must pass SonarQube quality evaluation (same settings as rest of NISP project).
Additional Notes:
Note 1: The automatic build of the NISP_OL installation ISO and all associated procedures are available and tested for Oracle Linux 8. The contractor’ personnels may build upon those procedures and code.
Note 2: We expect familiarity with revision control in general and git in particular.
Note 3: We expect the contractor’s personnels to be specialists with in-depth expertise in the area related to this work-package; we further expect the contractor’s personnel to be able to provide the service unsupervised.
Note 4: NISP Team will provide support and information related to local specificities, such as the NISP build environment, access to required files and folders, access to test machines, access to offices and work-environment; NISP Team can further provide details on “what” to implement related to this service package; however, NISP Team cannot provide technical expertise related to the “how” of implementing this work package.
Note 5: Deliverables can be grouped and each group accepted separately.
  • Work Package WP2:  Application of OpenScap Security Rules on NISP Oracle and Redhat Linux 9 NISP_OL is comprised of software and documentation, which allow the end user to install a secured Oracle Linux 8 onto bare metal, or update an existing installation. Several machine profiles are supported, such as AD member server, standalone server.
Deliverable D1: Successful application (remediation) of selected security rules NISP Oracle/RedHat Linux 9.
Deliverable D2: Successful auditing of selected of security rules to NISP Oracle/RedHat Linux 9.
Deliverable D3: Documentation of changes to security rules required for successful remediation and rationale for change.
Deliverable D4: Documentation of changes to security rules required for successful auditing and rationale for change.
Deliverable D5: Adaptation of security rules to different machine profiles (standalone server, member server).
Constraint C1: Security Rules from Oracle Linux 8 DISA STIG or Oracle/RedHat Linux 9 SCAP Security Guide.
Constraint C2: Provided procedures must provide the service in an offline environment (no Internet connectivity).
Constraint C3: Application and auditing of security rules using oscap commands.
Constraint C4: Revision control used in NISP project is git with gitlab.
Constraint C5: Changes to security rules shall be traced in revision control tool.
Acceptance Criteria A1: Machine shall pass the full NISP Regression Test Suite after application of security settings, any test case redlines must be approved by test director and leading engineer.
Acceptance Criteria A2: Security settings shall be applied successfully according to documented procedure
Acceptance Criteria A3: Any provided code or code changes must pass SonarQube quality evaluation (same settings as rest of NISP project).
Additional Notes:
Note 1: The automatic build of the NISP_OL installation ISO and all associated procedures are available and tested for Oracle Linux 8. The contractor’s personnel may build upon those procedures and code.
Note 2: We expect familiarity with revision control in general and git in particular.
Note 3: We expect the contractor’s personnel to be specialists with in-depth expertise in the area related to this work-package; we further expect the contractor’s personnel to be able to provide the service unsupervised.
Note 4: NISP Team will provide support and information related to local specificities, such as the NISP build environment, access to required files and folders, access to test machines, access to offices and work-environment; NISP Team can further provide details on “what” to implement related to this service package; however, NISP Team cannot provide technical expertise related to the “how” of implementing this work package.
Note 5: Deliverables can be grouped
  
Roles and Responsibilities:
The service shall be conducted in close collaboration between the Contractor’s personnel and NCI Agency AirC2 Centre, as described below:
  • NCIA Agency AirC2 Centre: Service Area Lead Interface Products, Project Manager, Test Director, Lead Engineer
  • Contractor’s personnel: To provide deliverables identified above.
Coordination & Reporting:
  • The contractor’s personnel shall follow all general rules, terms and conditions as applicable for providing the service in the NCIA, The Hague Offices.
  • The contractor’s personnel shall report to the Project Manager and provide update on the progress of work on weekly basis
  • The contractor’s personnel shall provide the service mostly unsupervised.
  • The contractor’s personnel shall consult the NISP Lead Engineer on any technical matters needing more details or clarification.
  • The contractor’s personnel shall hand-over a deliverable in a scheduled meeting with at least the NISP leading engineer, one additional NISP engineer, and at least one representative from NISP test team.
  • The NISP Lead Engineer shall decide on the complete or partial acceptance of a delivery and/or rework/refinement as may be necessary before recommending for payment.
  • The contractor’s personnel shall hand-over a deliverable in a scheduled meeting with at least the NISP leading engineer, one additional NISP engineer, and at least one representative from NISP test team.
Practical Arrangements:
Location:
  • The Contractor’s personnel will be required to provide the service 100% on site at NCI
  • Agency The Hague.
  • Normal working hours and procedures of NCIA, The Hague are applicable
  • Expected Travel:
  • No travel expected
  • For extraordinary travel, the expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive. They will be invoiced separately to the purchaser by the service provider, in accordance with the terms and conditions of the framework agreement. These additional travel costs are considered an extra charge to the overall bid price
  • Whilst it is up to the bidder to propose the size of the team that executes the work and produces the deliverables in the time line allocated, it is estimated and preferred that the deliverables are completed by one individual full time.
Security and Non-Disclosure Agreement:
  • Any proposed resource providing services under this SOW must be in possession of a valid security clearance NATO SECRET.
  • The signature of a Non-Disclosure Agreement between any Service Provider’s individuals contributing to this task and NCIA will be required prior to execution.
Required Qualifications:
Contractor’s personnel – MANDATORY Requirements:
  • Hold a valid NATO SECRET Security Clearance.
  • Have 3 years expertise relevant to the implementation of that work-package
  • Have thorough knowledge of English, both written and spoken
  • Have 3 years experience with distributed revision control tools (i.e Git and GitLab)
  • Must have passed RHCSA examination or possess equivalent knowledge
Contractor’s personnel – DESIRED Requirements:
  • Prior experience of working in an international environment comprising both military and civilian elements.
  • Practical experience in defining and applying security profiles (auditing and remediation) with OpenSCAP on RHEL/OL 9
  • Practical experience in creating RPM packages on RHEL/OL 9
  • Practical experience creating SELinux policies to confine system services RHEL/OL 9
  • Practical experience configuring the bootloader on RHEL/OL9 9
APPLY NOW

Share this job

Interested in this job?
Save Job
CREATE AS ALERT

Similar Jobs

SCHEMA MARKUP ( This text will only show on the editor. )