Deadline Date:
Tuesday 30 September 2025
Requirement:
Infrastructure as a Service and DevSecOps Support to Application Migration
Location:
On-site, either in The Hague, Netherlands or in Braine L'Alleud, Belgium. Final location will be determined after award.
Full Time On-Site:
Yes
Time On-Site:
100%
Not to Exceed:
Base period 2026: NTE/week 3,870 EUR (max 44 weeks, total NTE: 170,280 EUR)
2027, 2028 Options
Period of Performance:
2026 BASE: 01 January 2026
Required Security Clearance:
NATO COSMIC TOP SECRET
Please do NOT
apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.
Introduction:
- The NATO Communications and Information Agency (NCI Agency) is modernizing its hosting infrastructure and is in the process of implementing a custom DevSecOps delivery processes. As part of this work engineering support is needed to plan for and migrate existing workloads, support DevSecOps development in particular for Infrastructure as Code (IaC) and establish operation and maintenance (day 2) capabilities. The ITM RC1 Applications team is building a multi-year team of system engineers and DevSecOps engineers to support this work.
- NCI Agency is looking for support with both containerized and legacy migrations to the new infrastructure.
- NCI Agency is undertaking a major infrastructure modernization project, enabling comprehensive infrastructure lifecycle management.
- The main objective of this statement of work is to support the ITM RC1 team with planning, performing, testing, validating and documenting this body of work. Specifically, this comprises of:
- Implementing DevSecOps and automation capabilities (IaC, GitOps, Kubernetes, Terraform, Ansible)
- Planning and migrating legacy virtual machine payloads to a new virtual hosting infrastructure based on VMWare vCloud Foundation (vCF).
- Developing Day 2 operation for the new IaaS (Infrastructure as a Service) environment based on vCF.
Under the direction / guidance of the NCIA Point of Contact or delegated staff, support will be required within the ITM RC1 Application Migration team, related to the following activities:
- Developing / maintaining infrastructure as code for deployment and configuration of infrastructure (ESXi vSphere, vSAN, SDDC, Aria Operations), virtual networking based on NSX-t, infrastructure support services (DNS, AD, NTP) and Cisco network devices (zero touch provisioning of Cisco switches)
- Contributing to design and implementation of infrastructure as code and container orchestration services
- Contributing to the design and implementation of an overall DevSecOps capability, comprising of vault, repository, GitLab, Jenkins, etc.
- Planing for and Migrate Virtual Machines legacy payloads to a new vCF Infrastructure
- Implementing hardening, compliancy and security scanning
- Creating pipelines and self-service solutions for deploying test environments using infrastructure as code
- Participateing in entire lifecycle activities - including design, testing, training and documentation (infrastructure day 2 operations)
- The contractor shall participate in daily status update meetings, sprint planning, sprint retrospectives and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to project manager's instructions.
- For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint's end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the work held and the development achievements during the sprint.
- Also a Certificate of Acceptance (Annex B) will be filled in and signed by the contractor and signed for acceptance by the Project Authority.
- All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the project point of contact.
- All code, scripts, documentation, etc. will be stored under configuration management and/or in the provided NCI Agency tools.
- All the deliverables of this project will be considered at most NATO RESTRICTED
- Part of the work will involve handling classified networks with privileged access; therefore, a security clearance at NATO COSMIC TOP SECRET (CTS) level is expected for the contractor undertaking this project. If the contractor already possesses NATO Secret Clearance, they may start work prior to obtaining the appropriate clearance. In that case it should be obtained no longer than 6 months after the contract start date. Failure to have active CTS within 6 months after contract starting date, will lead to contract termination for the respective resource.
- The contractor will be required to provide services on site, either in The Hague, Netherlands or in Braine L'Alleud, Belgium. Final location will be determined after contract award.
- Access to the NCI Agency platforms will be provided in coordination with the NCIA Point of Contact or delegated staffs.
- The contractor may be required to travel to NCI Agency, Mons BE, Braine L'Alleud BE, The Hague NL and other sites within NATO for completing these tasks. Travel expenses will be reimbursed under AAS+ framework contract provisions and in accordance with NCIAs Travel Directive.
- Part of the work will involve handling classified networks with privileged access; therefore, a security clearance at NATO COSMIC TOP SECRET (CTS) level is expected for the contractor undertaking this project.
The consultancy support for the services requested under this SOW require the expertise of one resource having experience as an infrastructure engineer with the following qualifications:
- The candidate has relevant and recent experience in administrating complex applications or systems.
- The candidate has extensive (at least 3 years) and recent (in the past 1 year) experience in migration of applications on virtual infrastructures
- The candidate has a track record in DevSecOps and has strong problem solving skills.
- The candidate has extensive (at least 3 years) and recent (in the past 1 year) experience with and knowledge of Continuous integration and delivery, including the following tools and technologies and concepts: Windows Server and Linux Administration; VMWare vSphere infrastructure, vSAN storage, NSX-T, Aria Operations (vROPS); VDI environments; Git (mandatory); Ansible, Terraform/OpenTofu; Designing and implementing build/deploy pipelines; Kubernetes, Helm (optional)
- The candidate has experience (at least 2 years) with designing and maintaining Sharepoint, SQL Server, Postgres, Active Directory and Exchange solutions
- The candidate has extensive experience (at least 3 years) in using Scrum methodology.
- The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
- The candidate is able to speak and write fluent English since the work is conducted in English.
- The candidate must have the nationality of one of the NATO nations.