2025-0215 Cloud Operations and Cloud Migration (NS) NETHERLANDS - 8 Aug

Deadline Date:  Friday 8 August 2025
 
Requirement:   Cloud Operations and Cloud Migration
 
Location:  The Hague, NETHERLANDS
 
Full Time On-Site:  Yes
 
Time On-Site:  100%
 
Not to Exceed:  2025 BASE: NTE 66,555 EUR (17 * 3,915 EUR per sprint)
2026, 2027, 2028 options
 
Period of Performance:  2025 BASE: 1 September 2025 
 
Required Security Clearance:  NATO SECRET
 
Special Terms and Conditions:  A Non-disclosure Undertaking will have to be signed before the start of the service delivery
Please do  NOT  apply for any NATO contract positions unless you meet ALL the following criteria:

1. Current National or NATO SECRET clearance
2. Nationality of one of the NATO member countries
3. Current work visa for the specific location if applying for an in-country position

• NCIA is embracing cloud services by transitioning to Microsoft 365 with a security-centric design.
• This shift aims to enhance operational efficiency, collaboration, and security across the organization. We are looking for individuals with strong knowledge, a willingness to learn, and a desire to grow as part of this new challenge.
• The objective of this statement of work is to establish a support and operating model for End User Services operating in the Public Cloud, with a focus on Microsoft 365 services.

• Strong practical knowledge of M365 tenant architecture and services.
• In-depth Azure experience including RBAC, ARM, and NSGs.
• Capability to design and maintain secure hybrid environments.

• Experience managing corporate devices with Microsoft Intune.
• Configuration of policies for compliance and conditional access.
• Troubleshooting enrollment, provisioning, and policy conflicts.

• Implementation of security configurations in Defender XDR.
• Experience with identity protection and MFA enforcement.
• Familiarity with Microsoft 365 Secure Score and Zero Trust maturity.

• Hands-on experience with Microsoft Sentinel and log correlation.
• Knowledge of Kusto Query Language (KQL) for custom rules.
• Ability to respond to and triage security alerts.

• Proficiency in using Purview for sensitivity, retention, and eDiscovery.
• Familiarity with GDPR, DLP, and compliance manager.
• Integration of compliance frameworks into daily operations.

• Experience with Titus and Microsoft Sensitivity Labels.
• Label enforcement in Exchange, Teams, SharePoint, and OneDrive.
• Integration with metadata and classification engines.

• Experience implementing Cloudflare Zero Trust policies.
• Use of WARP client, Access Gateway, and posture validation.
• Policy tuning and client troubleshooting in secure environments.

• Configuration and tuning of Proofpoint threat policies.
• Knowledge of mail routing, encryption, and threat analytics.
• Understanding of SPF, DKIM, and DMARC application.

• PowerShell scripting and automation pipeline development.
• Familiarity with Git, YAML, Terraform, and Bicep.
• CI/CD lifecycle knowledge for infrastructure as code.

• Experience with data flattening, rehydration, and ingestion.
• Use of MetaDefender for sanitization and CDR operations.
• Managing large file sets and PST archives securely.

• Understanding of Azure Storage Account tiers and encryption.
• VNET peering, NSG enforcement, and firewall logging.
• Experience with private endpoints and routing policies.

• Strong communication and stakeholder management skills.
• Experience in requirement elicitation and technical validation.
• Presentation of solution architectures and recommendations.

• Skilled in technical writing for solution design and operations.
• Authoring and maintaining architectural design documents.
• Contribution to SOPs and compliance documentation.

• Familiarity with NIST SP 800-53, CIS Benchmarks, and ISO standards.
• Experience supporting NATO and governmental security requirements.
• Supporting compliance audits and accreditation processes.