Deadline Date:
Tuesday 2 September 2025
Requirement:
Continuous Vulnerability Assessment (CVA) Deployable Communication System (DCIS) Tool Management Support
Location:
Mons, BELGIUM
Full Time On-Site:
Yes
Time On-Site:
100%
Not to Exceed:
2025 BASE: 3,195 EUR/sprint (11 sprints, total NTE 35,145 EUR)
2026, 2027, 2028 OPTIONS
Period of Performance:
2025 Base period:13 October 2025
Required Security Clearance:
NATO COSMIC TOP SECRET
Please do NOT
apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.
Background:
The NATO Communications and Information Agency (NCIA) is dedicated to acquiring, deploying, and defending communication systems for NATO's political decision-makers and Commands. It operates on the frontlines against cyber-attacks, collaborating closely with governments and industry to prevent future debilitating attacks. The NCIA plays a crucial role in maintaining NATO's technological edge and ensuring the collective defence and crisis management capabilities of the Alliance. In pursuit of our mission, we require specialized advisory services to enhance our interim workforce capacity.
Introduction:
- The NCIA has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
- The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. NCSC's role is to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM).
- In order to execute this Service, NCIA is seeking additional support through contracted resources (or consulting) to support the service undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and cyberspace operations. To support NCSC for the execution of tasks identified in the subject work package of the project, the NCIA is looking for subject matter expertise in the delivery of complex, foundational and novel Cybersecurity capability.
- This contract is to provide consistent support on a deliverable-based (completion-type) contract, to NCSC contributing to its mission based on the deliverables that are described in the scope of work below.
- The objective of this statement of work (SoW) is to outsource the relevant Continuous Vulnerability Assessment (CVA) Deployable Communication System (DCIS) Tool Management function to support the NCSC which is responsible to defend NATO networks on a 24/7 basis and to share relevant cyber information with all its stakeholders.
- To achieve these objectives, it requires a significant amount of coordination and decision making within and outside the boundaries of NCSC.
- This Statement of Work (SoW) defines the expectations for this support to materialize.
The aim of this SOW is to support NCSC with technical expertise specifically related to the operation and maintenance of Cyber Security Continuous Vulnerability Assessment (CVA) Deployable Communication System (DCIS) Tool Management Operation and maintenance activities with a deliverable-based contract to be executed in 2025.
This task includes data analysis and reporting of data reported by the Cyber Security Continuous
Vulnerability Assessment (CVA) Deployable Communication System (DCIS) Tool Management. For the provision of consistent support and the execution of the task, NCIA will get subject matter expertise from the industry with a service (deliverable based/completion type) based AAS framework contract in the delivery of requested capability.
The Cyber Security Continuous Vulnerability Assessment (CVA) Deployable Communication System (DCIS) Tool Management gives visibility and insight on the networks in NATO environment, which in turn is critical to effective management, strong security and compliance, and efficient migrations and consolidations.
More broadly, NATO needs to be able to monitor the configuration of its domain controllers in order to prevent exploitation by malicious threat actors.
Under the direction / guidance of the NCSC Point of Contact, a contractor will be the part of the NCSC Team supporting the following activities. This service will include the following activities:
Activity A1: Under the direction of the NCSC Operational Tolling Management Section Head the contractor shall deliver the following:
- Daily: Verify that the Continuous Vulnerability scans are configured correctly and that information collected is accurate & complete.
- Daily: Identify possible scan gaps, authentication failures and engage with relevant service provider to remove those gaps and eliminate reasons for authentication failure.
- Daily: Review existing scan policies, fine tune and improve them at the same time.
- Weekly: Upon completion of scheduled scans, deliver a comprehensive vulnerability report to each stakeholder under you area of responsibility taking into account all vulnerabilities posing a security risk, remediation actions recommended to the system/application owners and the status of the recommended actions. The weekly report is expected to be delivered each Wednesday/Thursday before Close of Business.
- No weekly report is due if that week does not include any working day (for instance: long official holidays such as Christmas break).
- Monthly: deliver vulnerability report to stakeholders, with an overview of the critical/high vulnerabilities identified, the status of the recommended actions to show in a graphic way the trend of the security posture of CIS assets. The monthly report is expected to be delivered in the week of Microsoft patch Tuesday (second Tuesday of the month).
- Language: the product shall be written in English, meeting or exceeding the NATO STANAG 6001 Level 3 "Professional Proficiency".
- Intended Audience: the product shall be intended for Cyber Security Professional, Senior Military personnel and decision makers in the field of Cyber Security and Cyberspace Operations.
- Accuracy: the product shall accurately reflect what was discussed, decided, and action items assigned during the meeting.
- Clarity and Conciseness: Information shall be presented clearly and concisely, avoiding unnecessary jargon or complex language.
- Objectivity: the content shall be impartial and objective, presenting information without bias or personal interpretation.
- Structure: the product shall follow a logical structure, typically including sections such as agenda, attendees, discussions, decisions, action items, and any other relevant information, further directed by the IKM SG.
- Timeliness: the product shall be prepared and distributed promptly after the meeting, ensuring that information is fresh and actionable. It is expected a maximum of two times the length of the meeting for the time required to prepare and share the product to the meeting audience for initial review.
- Formatting: Consistent formatting shall be used throughout the document, including font style, size, headings, and spacing further directed by the IKM SG.
- Confidentiality: Sensitive information discussed prior, during and after meetings shall be handled in accordance with the NATO policy on Information Management.
The Contractor's Personnel shall participate in periodic status update meetings, sprint planning, sprint review and other meetings via electronic means using collaborative platforms. On rare occasions, there may be a requirement to attend in-person meetings at NATO offices in Mons, Belgium, as requested by the Project Manager.
Each sprint is planned for a duration of 1 week. The content and scope of each sprint, i.e. the deliverables, will be agreed during the sprint-planning meeting, in coordination with the NCIA and the contractor. Upon completion and validation of each sprint, the completed sprint can be submitted for payment.
Practical Arrangements:
Place of Performance: The contractor will be required to provide the service 100% onsite in Mons / BEL as part of this engagement.
Hours of Operation Service: The NCSC Team is located in Mons / BEL, with working hours will from 08:30 to 17:30 with 1 hour for lunch from Monday to Thursday. On Friday working hours will be from 08:30 to 15:30 with 1 hour for lunch.
Service Execution: Due to the nature and classification of the working environment, all services and deliverables outlined in this Statement of Work (SOW) will be performed onsite, on client's premises, at NCIA location in S.H.A.P.E. Mons, Belgium. The contractor will be physically present on location to conduct assessments, implement network solutions, and provide ongoing support as required throughout the project. The contractor will be required to provide the service following the rules and regulations applicable for the operations of NATO CIS.
NCIA Furnished Property and Services: The Purchaser will provide the Contractor with the following Purchaser-Furnished Equipment (PFE): Access to NATO sites, as required, for the purpose of executing this SOW. Workspace (needed business IT for both on- and off-site work, hot-desk at NCSC facility). NCIA "REACH" laptop, NCSC NROP laptop & NCSC NSOP workstation to be used by the contractor for the execution of the contract. NCIA IT equipment will be provided (one REACH laptop will be provided). This equipment can be used by one person only and associated to that individual.
Travel: Regular travel costs to and from the service delivery location (SHAPE) are out of scope and will be borne by the contractor. Travel costs to other NATO locations are not included in the quoted price as there is no expected travel foreseen. However, should travel be required, travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of the AAS+ Framework Contract and within the limits of the NCIA Travel Directive.
Requirements:
Qualification:
Services under current SOW are to be delivered by ONE resource that must have demonstrated skills, knowledge and experience as listed below.
- Security Classification: It is mandatory for the Contractor to be in possession of a NATO COSMIC TOP SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.
- Language Proficiency: English
To provide a high level of service quality (including the lifecycle management of the software - all tasks related to A2SL inclusion, its configuration to ensure coverage, and the regular monitoring of the availability of the capability) the contractor upporting the identified tasks shall provide and prove the following mandatory performance, education and qualifications:
- Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience
- 3+ years of experience in IT security, with a focus on System Administration, Security Tools Management in large organisations.
- Strong understanding of security best practices and experience with Tenable products especially with Tenable Security Center.
- IP switching and routing in a wired and wireless environment.
- Virtual Infrastructure management based on VMWare technologies.
- Systems administration, ideally both with Windows and Linux.
- Good engineering skills including programming and/or scripting knowledge (python, shell scripting, PowerShell).
- Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours.
- Comprehensive understanding of principles of Computer and Communication Security, networking, and vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience.
- Strong analytical and problem-solving skills.
- Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.
- Experience with threat intelligence, incident response and remediation a plus.
- Knowledge of python (pyTenable) and PowerShell. Experience working with Tenable.SC and Nessus Manager APIs is a plus.
- Knowledge of NATO organization and its IT infrastructure is a plus.
- Experience with Service Management, monitoring and reporting tools, ideally Solarwinds is a plus.
- ITIL Service Management certifications is a plus.
- Experience with system instrumentation solutions such as Ansible is a plus.
- Certifications such as CISSP, CISM, or CISA is a plus.
- Previous experience working for Cyber Security related organisations (CERTs, security offices) is a plus.
- Previous experience working in an international environment comprising both military and civilian elements is a plus.