2025-0172 Engineering Service Support for NATO NISC CISS (NS) BELGIUM - 10 Jun

Deadline Date:  Tuesday 10 June 2025
 
Requirement:   Engineering Service Support for NATO NISC CISS
 
Location:  Mons, BELGIUM
 
Time On-Site:  100%
 
Not to Exceed:  2025 BASE: 6 sprints, NTE € 17,280 / sprint, total NTE € 103,680, 2026 , 2027 and 2028 OPTION
 
Period of Performance:  14 July 2025
 
Required Security Clearance:  NATO SECRET
 
Introduction:

• NATO Communication and Information Agency (NCIA) provides end-user services to customersthroughout NATO. The NISC CIS Security (CISS) Office is responsible for the security oversightand assurance for all NISC services including on premise, edge and cloud services. This includesthe security assurance, accreditation, implementation, operation and continual service improvementof NISC services.
• The NATO Infrastructure Service Centre (NISC) Business Area Lead (BAL) is accountable for planning and executing the full lifecycle management activities (design, transition and operations)
  for the identified area of responsibility. NISC provides generic, domain independent, technical functionality that enables and facilitates the operation and use of Information Technology resources. NISC services (including: subject matter expertise; acquisition; project management, operations and maintenance; and, disposal) are provided in the following technical domains: Network Services
  (to include routing, switching and transmission services), infrastructure hosting, storage and processing, infrastructure networking, HW and SW management, databases and web platform
  services, as well as identity management. Services are provided throughout the lifecycle to both internal and external customers in both static and deployable settings.

• Drive excellence in project execution by implementing industry best practices and strategic engineering methodologies.
• Maintain a high standard of security service through continuous refinement and proactive enhancement of CIS Security operations.
• Adapt and evolve security frameworks by aligning iterative updates with dynamic business needs and emerging security challenges.

• This SOW covers the Operations and Maintenance (O&M) of on-prem Edge and Cloud CIS Services across multiple security domains (Unclassified and Restricted).
• The work shall be carried out in sprints whereby each sprint is independent. The content and scope of each sprint will be agreed with the project manager and technical staff during the sprint-planning
  meeting, in writing.

• Facilitate seamless project execution for the new DMZ infrastructure by ensuring alignment with business goals and technical requirements.
• Deliver high-quality third-level technical support for IT and application services within CISS DMZ Services.
• Support the effectiveness and efficiency of assigned services in the area of responsibility (CISS), consisting of the delivery of the NATO Enterprise Edge Services including, but not limited to, hybrid-cloud Edge services, Secure Access Service Edge (SASE) and On-Prem
  DMZ services.
• Ensure the stability and performance of newly deployed systems post-implementation, by closely monitoring operations and addressing any emerging issues in a timely manner.
• Update relevant documentation and facilitate knowledge sharing to ensure seamless handover and better preparedness for the support team.
• Actively participate and support continual service improvements for assigned services.
• Support the collaboration with stakeholders, both internal and external, as necessary, to coordinate efforts and ensure smooth execution of software support and development activities.
• Support the execution of the processes of Incident Management, Change Management and Release Management, as required, following the NCIA procedures and execute incident intervention/resolution within expected KPI`s listed under 3.1.8.1. Due to the
  AGILE approach of this project, the additional deliverables and associated acceptance criteria will be defined for each sprint between the NCI Agency and the contractor, in writing, based on the activities defined above.

• The content and scope of each sprint will be agreed with the service delivery manager during the sprint-planning meeting, in writing.
• Services need to be provided during standard working hours of NCIA.
• The contractor shall report to the Line-Manager (or deputy).

• Performance of the services described in this SOW requires a valid NATO SECRET security clearance.
• The Contractor SHALL ensure that all the Contractor personnel or anyone working under the remit of the Contractor requiring recurring access to on-site locations for the delivery of the services under this SoW, have a valid NATO Personal Security Clearance at least to the NATO SECRET level.

• All the documentation provided under this statement of work will be based on NCIA templates or agreed with project point of contact
• All scripts, documentation and required code will be stored under configuration management and/or in the provided NCIA tools.

• This is a deliverables-based sprints contract
• The contractor shall provide services On-site at Location of Performance in Mons (BE). 9.3 The work will be executed onsite at Mons, NATO premises. Remote work cannot be performed offsite
  NATO entities since the nature and classification of the work, which requires the contractor to be present at the office.
• The work depicted in this SOW is to be performed by ONE contractor.

• Practical experience in design, implementation and support scalable enterprise services leveraging on-prem and cloud technologies.
• Practical experience with the management of DDI solutions, Remote Access VPNs, SMTP Gateways, Secure Web Proxies and Load Balancers.
• Practical experience in implementing and maintaining DDOS and Web Application Firewall protection policies.
• Sound knowledge of TCP/IP based networks and related protocols;
• Strong troubleshooting skills with tools like Wireshark and SNMP. Knowledge of network monitoring concepts.
• Knowledge of network security best practices (ACLs, firewalls, VPNs, IPSec, AAA, Role Based Access Control, Public Key Infrastructure, security-hardening concepts).
• Experience integrating MFA solutions with cloud and on-premises services.
• Desirable familiarity with the products as follows:
  • F5 Big-IP
  • OPSWAT MetaDefender
  • Infoblox DDI
  • Cisco FirePower
  • Fortinet
• Practical experience in implementing and maintaining cloud services, and Secure Access Service Edge (SASE) technologies.
• Strong knowledge of IT Security frameworks and governance models.
• Strong and open communication skills.
• Autonomous, problem-solver and drives towards results.

• A thorough knowledge of one of the two NATO languages, both written and spoken, is essential and some knowledge of the other is desirable.
• NOTE: Most of the work of the NCI Agency is conducted in the English language.

• Excellent communication skills to effectively interact with users, team members and stakeholders.
• Must demonstrate the ability and self-motivation to work on his/her own but must also work well within groups as part of a team.
• Must demonstrate an ability and keen sense for problem-solving.
• Motivated, good communication skills, team player.
• Able to work independently with minimal supervision.
• Knowledge of NATO responsibilities and organization.