2025-0222 Adversary Emulation Tool Management Support Svc (CTS) BELGIUM - 5 Sep

2025-0222 Adversary Emulation Tool Management Support Svc (CTS) BELGIUM - 5 Sep

Contract Type:

Contractor

Location:

Mons - Mons, Belgium

Industry:

NATO

Contact Name:

Tim Lane

Contact Email:

tim@plr.ltd

Contact Phone:

Tim Lane

Date Published:

25-Aug-2025

Deadline Date:  Friday 5 September 2025
 
Requirement:  Adversary Emulation Tool Management Support for NATO Cyber Security Centre's Assess Branch
 
Location:  Mons, BELGIUM
 
Time On-Site:  100%
 
Not to Exceed:  2025 BASE NTE: € 35,145 (11 weeks at € 3,195 NTE / week)
2026, 2027, 2028 OPTION
 
Period of Performance:  13 October 2025 
 
Required Security Clearance:  NATO COSMIC TOP SECRET
 

Please do  NOT  apply for any NATO contract positions unless you meet ALL the following criteria:
  1. Current National or NATO SECRET clearance
  2. Nationality of one of the NATO member countries
  3. Current work visa for the specific location if applying for an in-country position
Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.

Introduction:
The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
 
Background:
  • The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
  • The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. NCSC's role is to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM).
  • In order to execute this service, the NCI Agency is seeking additional support through contracted resources (or consulting) to support the service undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and cyberspace operations. To support NCSC for the execution of tasks identified in the subject work package of the project, the NCIA is looking for subject matter expertise in the delivery of complex, foundational and novel Cybersecurity capability.
  • This contract is to provide consistent support on a deliverable-based (completion-type) contract, to NCSC contributing to its mission based on the deliverables that are described in the scope of work below.
 
Objectives:
  • The objective of this statement of work (SoW) is to outline the scope of service and deliverables for the Adversary Emulation Tool Management to be conducted by the selected company in order to provide support to NATO Cyber Security Centre (NCSC) to fulfil identified Tool Management operation and maintenance activities more effectively.
  • The NCSC is responsible to defend NATO networks on a 24/7 basis and to share relevant cyber information with all its stakeholders. To achieve these objectives, it requires a significant amount of coordination and decision making within and outside the boundaries of NCSC. In an effort to better capture the meeting minutes, share them efficiently with the stakeholders and track decision that are made in such meetings, the NCSC is seeking support from industry. This Statement of Work (SoW) defines the expectations for this support to materialize.
The current expectation is that there will be one to several meetings to support on a daily basis, during weekdays.
 
Scope of Work:
The aim of this SOW is to support NCSC with technical expertise specifically related to the system administration of the Adversary Emulation breach and attack simulation platform with a deliverable-based contract to be executed in 2025.
This task includes system administration, documentation, data analysis, reporting and troubleshoot of the Adversary Emulation breach and attack simulation platform. For the provision of consistent support and the execution of the task, NCIA will get subject matter expertise from the industry with a service (deliverable based/completion type) based AAS framework contract in the delivery of requested capability.
Under the direction / guidance of the NCSC Point of Contact, a contractor's personnel will be the part of the NCSC Team supporting the following activities:
 
System administration, monitoring and reporting :
  • Install, configure, update Linux operating systems,
  • Manage user accounts, permissions and security,
  • Configure network service (DNS, DHCP, NFS, SSH),
  • Proactively review logs and alerts to identify any technical issues, errors, or failures in the monitoring process,
  • Produce and distribute reports related to system health, monitoring activities, and compliance status (e.g., audit logs, system performance metrics).
  • Daily: Verify the system is healthy (Check CPU, memory, disk usage, etc.), if not resolve the issues to make system up and running.
  • Daily: Review logs for errors or anomalies.
  • Daily: Respond quickly to outages or system alerts.
  • Daily: Check ITSM and take an action for requests, changes and incidents
System Documentation:
  • Document configuration and changes: Keep up-to-date documentation of all configurations, integration steps, troubleshooting procedures, and system maintenance tasks,
  • Maintain an inventory: Keep track of all integrated identity sources, IAM systems, and external tools.
  • Weekly: Do the maintenance (Schedule and apply updates, check system resources, etc.)
  • Weekly: Periodically test backup restores to ensure data integrity.
  • Weekly: Identify and resolve performance bottlenecks or capacity issues.
Automation and Scripting:
  • Improve system efficiency: Identify areas where automation could reduce manual intervention and improve operational efficiency.
  • Monthly: Analyse trends in resource usage and plan for upgrades.
  • Monthly: Ensure service levels are met; report to stakeholders.
  • Monthly: Verify and update hardware/software inventory.
The services related to the activities above will be delivered in Sprints, and each sprint will have the duration 5 working days.
The content and scope of each sprint will be agreed during the sprint-planning meetings as covered in this section 5.
 
Coordination and Reporting:
  • The contractor's personnel shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via digital means using conference call capabilities, according to the manager's / team leader's instructions.
  • At the end of the project, the contractor's personnel shall provide a Project Closure Report that is summarizing the activities during the period of performance at high level.
Practical Arrangements:
This service must be accomplished by a SINGLE RESOURCE for the entire duration of the contract.
  • Place of Performance: The contractor's personnel will be required to provide the service onsite in SHAPE, Mons / BEL. The services will be mainly executed on premise in SHAPE, Mons Belgium.  Daily presence on SHAPE, Mons Belgium is expected to deliver according to performance goals.
  • Hours of Operation Service: The service will be conducted during normal office hours (Monday to Thursday from 08h30 until 17h30 and Friday from 08h30 until 15h30) following the Mons/BEL calendar.
  • Travel: No travel expected. The contractor's personnel will not be required to travel to other NATO locations as part of his/her role. Regular travel costs to and from main location of the service (SHAPE) are out of scope and will be borne by the contractor's personnel.
  • For exceptional travel, then it will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive. They will be invoiced separately to the purchaser by the service provider, in accordance with the terms and conditions of the framework agreement. These additional travel costs are considered an extra charge to the overall bid price.
  • NCIA Furnished Property and Services: NCIA IT equipment will be provided (Reach laptop, NCSC NROP laptop & NCSC NSOP workstation).
  • The Purchaser will provide the contractor's personnel with the following Purchaser-Furnished Equipment (PFE):
  • Access to NATO sites, as required, for the purpose of executing this SOW.
  • Workspace (needed business IT for on-site service, hot-desk at NCSC facility).
  • NCIA "REACH" laptop to be used by the contractor's personnel for the execution of the contract.
Requirements:
Security and Non-Disclousure Agreement:
  • It is mandatory to have the candidate be in possession of a COSMIC TOP SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.
Required Profile:
The contractor's personnel that is going to perform the identified tasks to support the Adversary Emulation Tool Management must have demonstrated skills, knowledge and experience as listed below.
Service Activities performed by a contractor's personnel include the lifecycle management of the Adversary Emulation software (including all tasks related to A2SL inclusion), its configuration to ensure coverage of all Adversary Emulation targets, and the regular monitoring of the availability of the capability.
They will act as tool management SME and must have strong proficiency in spoken and written English and must comply with these following requirements:
  • Bachelor's degree in Computer Science, Information Technology, or related field or at least 6 years of experience,
  • 3+ years of relevant experience in IT security, with a focus on System Administration, Security Tools Management in large organisations.
Relevant and proven experience acquired during the 3+ years time:
  • Linux Systems administration(Install/configure/maintain Linux based servers, apply system updates/patches, monitor system performance/logs, manage users/permissions/settings of the platform),
  • Docker management (maintain Docker containers, troubleshoot Docker based applications and volumes),
  • Strong understanding of security best practices,
  • IP switching and routing, experience in network troubleshooting
  • Virtual Infrastructure understanding based on VMWare technologies,
  • Good engineering skills including programming and/or scripting knowledge (python, shell scripting, PowerShell),
  • Demonstrable experience of analysing and interpreting logs in order to diagnose faults and spot abnormal behaviours,
  • Experience in Proxy management (Configure/maintain proxy, implement routing rules/access control),
In addition, the tool manager should have a good understanding of:
 
  • NATO organization and its IT infrastructure,
  • Service Management, monitoring and reporting tools, such as Solarwinds,
  • ITIL Service Management,
  • System instrumentation solutions such as Ansible,
  • Certifications such as CISSP, CISM, or CISA, or equivalent,
  • An international environment comprising both military and civilian elements.
APPLY NOW

Share this job

Interested in this job?
Save Job
CREATE AS ALERT

Similar Jobs

SCHEMA MARKUP ( This text will only show on the editor. )