Deadline Date:
Friday 17 October 2025
Requirement:
NATO Restricted (NR) Business Network (REACH) Accreditation
Location:
Mons, BELGIUM
Full Time On-Site:
Yes
Time On-Site:
100%
Not to Exceed:
€ 18,630(6 weeks at € 3,105 NTE / week)
2026 OPTION
Period of Performance:
2025 BASE: 17 November 2025
Required Security Clearance:
NATO SECRET
Please do NOT
apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.
Purpose:
- The objective of Statement of Work (SoW) is to support NR Business Network (REACH) Accreditation process.
- The support will be given to NATO Cyber Security Centre (NCSC) to fulfil the identified REACH accreditation activities effectively.
- REACH refers to the mobile workspace services including the NR client devices, underlying infrastructure, LAN and service desk services.
- To support NATO Cyber Security Centre (NCSC) for the execution of tasks identified in the Statement of Work (SoW), the NCIA is looking for a subject matter expertise in the delivery of complex, foundational and novel accreditation support capability.
- This contract is to provide consistent support to NCSC with a deliverable-based (completion- type) contract contributing to the deliverables that are described in the scope of the work below.
Identified activities will be performed under the direction / guidance of the NCSC Point of Contact (PoC), and the contractor will be a member of the NCSC Team.
The breakdown of requested activities is the following:
General
- Support Communication Information Systems (CIS) Security assurance of all REACH services,
- Contribute to the enforcement of NATO Policy, Agency Directives and Standard Operating Procedures (SOPs),
- Liaise with all stakeholders to provide operational CIS security support to all REACH services,
- Provide subject matter expert knowledge to assist REACH accreditation process,
- Support information security processes for REACH CIS within the Agency, both for internal operations and for Agency's customer-funded networks,
- Contribute to the resolution of security requirement conflicts and collaborate with Project Managers (PM), Service Delivery Managers (SDM) and engineers to appropriately convert customer requirements into secure services,
- Coordinate with systems administrators in support of security architecture requirements,
- Identify cyber security-related Key Performance Indicators (KPI) and generate reports to ensure full visibility of all REACH CIS,
- In coordination with NCSC Accreditation Support Office, support all phases of security accreditation processes required to maintain operation status.
- Communicate security risks and issues to business managers and others,
- Perform basic risk assessments for large scale enterprise information systems,
- Contribute to the identification of risks that arise from potential technical solution architectures,
- Suggest alternate solutions or countermeasures to mitigate risks,
- Support investigation of suspected attacks and security breaches.
- Follow standard approaches for the technical assessment of information systems against information assurance policies and business objectives.
- Recognise decisions that are beyond their scope and responsibility level and escalates according.
- Review and performs risk assessments and risk treatment plans.
- Identify typical risk indicators and explains prevention measures.
- Execute Vulnerability Management duties, based on the Security findings reported from the assessment campaigns. This includes: Validating the severity of discovered vulnerabilities; Contextualising the vulnerabilities in the light of NATO policies and best practices; Determining possible remediation and mitigation measures; Defining / Assigning priorities; Contacting and liaising with relevant system owners and proposing a remediation plan; Track and trace all remediation actions and report to the relevant stakeholders;
- Collect and consolidate the vulnerabilities discovered with the assessment services.
- Support NCIA CIS Support Units and other NATO entities and customers in the process of vulnerability remediation.
- Compile draft, review, develop, and provide input on all relevant aspects relating to vulnerability management and mitigation process in NATO CIS.
- Brief at both executive and technical levels on Vulnerability Management reports and mitigations status, including at flag officer level.
- Provide security consultancy and advice to projects, plans and teams.
Constraints:
- All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact.
- All documentation etc. will be stored under configuration management and/or in the provided NCIA tools.
Security and non-disclosure agreement:
- It is mandatory to have the candidate be in possession of a NATO SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.
- The signature of a Non-Disclosure Agreement between the contractor contributing to this task and NCIA will be required prior to execution.
Practical Arrangements:
The contractor will be required to work 100% onsite at NCIA Headquarters in Braine L'Alleud, Belgium as part of this engagement. Working hours to be adjusted accordingly. Incident resolution activities may be requested during the out of business hours as part of deliverable-based sprints.
Travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of the AAS+ Framework Contract and within the limits of the NCIA Travel Directive.
This work must be accomplished by one contractor for the entire performance period.
The Purchaser will provide the contractor with the following Purchaser-Furnished Equipment (PFE):
- Access to NATO sites, as required, for the purpose of executing this SOW.
- Workspace (needed business IT for both on- and off-site work, hot-desk at NCSC facility).
- NCIA "REACH" laptop to be used by the contractor for the execution of the contract.
- It is mandatory to have the candidate be in possession of a NATO SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.
The contractor who is going to deliver the identified services as an SME of REACH Accreditation Support must have demonstrated skills, knowledge and experience listed below.
Education, Experience and Training (Essential):
- A minimum requirement of a bachelor's degree at a nationally recognised/certified University in a related discipline and 2 years post-related experience,
- Or exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCIA, that is, at least 6 years extensive and progressive expertise in duties related to the function of the post.
- Several years of experience (at least two years) with system security, security architecture, network security engineering, and security governance including policy alignment, risk management, performance management and value delivery,
- Minimum 5 years proven experience in CIS Security,
- Minimum 5 years proven experience in modern CIS secure deployment and configuration troubleshooting,
- Minimum 2 years of extensive experience in the contextual interpretation of Vulnerability Assessments results,
- Comprehensive understanding of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience,
- Proven minimum 5 years professional experience and knowledge in at least three of the following:
- Implementation and integration of Information Assurance protective measures,
- Security mechanisms and administration of LAN and WAN in the large enterprise environment,
- Private and public cloud security,
- Enterprise system administration experience of Windows Active Directory concepts and architecture.
- Enterprise system administration experience of VMWare vSphere environment and architecture, with emphasis on security concepts design and implementation.
- AWS Certified Cloud Practitioner, Certificate of Cloud Security Knowledge, or other cloud/cloud security certifications,
- ISSACA CISM, and/or ISC2 CISSP, CCSP Certification,
- Good knowledge of containerized micro services and applications, Kubernetes, Docker, etc.,
- Good knowledge of main public cloud ecosystems,
- Good knowledge and exposure to cloud standards, architecture, and models,
- Knowledge of industry standard DevSecOps tools and frameworks,
- Knowledge of cloud networking architecture, cloud operations, security, automation, and orchestration,
- Excellent knowledge of, and experience using, common security tools Tenable Nessus, NMAP, Tanium endpoint management, Microsoft Defender, Trelix ePO etc.,
- Knowledge of common MS and Linux updating and patching systems,
- Knowledge of common IT security frameworks and governance models,
- Knowledge of CVSS V2 and V3,
- Knowledge of NATO responsibilities and organization to include NATO Security Policy and supporting directives,
- Understanding of Cyber issues within NATO or NATO member nation environment,
- Prior experience of working in an international environment comprising both military and civilian elements;
- Knowledge of NATO responsibilities and organization, including ACO and ACT,
- Knowledge about risk management related to Artificial Intelligence tools and developments and its impact on cyber security.
- Proficiency in automation to create workflows and automate repetitive processes with minimum 2 year experience,
- Ability to identify and implement automation opportunities to enhance efficiency.
- Excellent verbal and written communication skills,
- Full proficiency in English,
- Ability to communicate technical information to non-technical users in a clear and concise manner,
- Ability to communicate effectively orally, using tact and diplomacy, and in writing with effective briefing skills.
- Strong customer service focus with a commitment to user satisfaction,
- Patience and empathy when dealing with user issues and concerns.
- Ability to manage and to prioritize tasks effectively,
- Attention to detail in documenting support activities and maintaining accurate records.
- Ability to work effectively as part of a team and share knowledge and resources,
- Willingness to collaborate with colleagues to solve complex issues.
- The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure,
- The candidate must have the nationality of one of the NATO nations.
The candidate should also ideally have knowledge and experience in the following areas:
- Experience in working with NATO,
- Experience of working with NATO Communications and Information Agency,
- Experience of working with national Defence or Government entities.