2025-0266 Service Support Specialist (NS) UNITED KINGDOM - 28 Aug

Please do  NOT  apply for any NATO contract positions unless you meet ALL the following criteria:

Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.

Introduction:

NATO Communications and Information Agency (NCIA) CIS Support Unit (CSU), located in NORTHWOOD, United Kingdom (GBR) enables end-to-end Communication and Information Systems (CIS) services via the installation, operation, maintenance and support of the full range of CIS capabilities to their operational partner, Allied Maritime Command (MARCOM).

Scope of Work:

CSU Northwood is looking to resource the Service Support Specialist function which is providing the PLT012
Maritime Command and Control Platform (MAR C2P) Service1 to the Allied Maritime Command users.
 
The resource will be part of the wider CSU Northwood support team and will provide the service using an
agile and iterative approach during multiple sprints.

In support of MARCOM's mission, the Service Support Specialist is responsible for providing comprehensive
cybersecurity support for PLT012 services, including the development and maintenance of Security Accreditation documentation in accordance with applicable standards and frameworks. This effort includes conducting technical testing to support risk assessments and security verification activities, ensuring accurate identification of vulnerabilities and validation of security controls. Additionally, the contractor will monitor, track, and coordinate the mitigation of identified vulnerabilities, both from audits and recurring assessment reports, to promote timely remediation and strengthen the overall security posture of deployable CIS assets.

Each sprint is planned for a duration of 1 calendar month and each sprint will consists of 3 deliverables:

• Develop, update, and maintain comprehensive Security Accreditation documentation in support of PLT012 services, ensuring compliance with applicable security standards, policies, and accreditation frameworks.
• Conduct technical testing activities in support of Security Risk Assessments and Security Testing and Verification processes, ensuring identification of vulnerabilities, validation of security controls, and alignment with organizational security requirements.
• Monitor, track, and coordinate the mitigation of vulnerabilities identified during the most recent technical security audit of deployable CIS assets, as well as those reported in weekly Online Vulnerability Assessment Reports and Detailed Cyber Security Hygiene Indicator Reports, ensuring timely remediation and continuous improvement of the system's security posture. The content and scope of each sprint will be agreed during the sprint-planning meeting, in writing, based on the activities mentioned above.

Coordination and Reporting:
The resource shall participate in status update meetings, sprint planning, and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to line manager's instructions.

For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint's end date. The format of this report will be aligned with the line manager's requirements, providing a concise overview of the work completed and the development achievements during the sprint. Acceptance of each sprint completion will be documented in Annex A - Delivery Acceptance Sheet.
 
Qualifications:
This work requires a resource the following qualifications and experience:

• The candidate has a security clearance, provided by the national security organization valid at the time of submission of the bid and covering the period of the contract.
• Minimum 2 years of experience with vulnerability scanning tools (e.g. Tenable/Nessus, Qualys, OpenVAS).
• Strong understanding of security accreditation and certification processes (e.g. NIST RMF, ISO 27001, DoD RMF).
• At least one of the following industry level certifications or equivalents: CISSP, CISM, CRISC, CAP.
• ITIL v4 Foundation level or higher certification.
• Higher Secondary education and completed higher vocational training leading to a formal technical or professional certification with 3 years cyber security or information assurance experience, or a Secondary education and completed advanced vocational training leading to a professional qualification or professional accreditation with 5 years cyber security or information assurance experience.
• Ability to interpret and implement security policies, standards, and control frameworks.
• Ability to work independently and manage multiple tasks simultaneously.
• Demonstrated ability to work collaboratively in a team environment and interact positively with multiple departments
• Excellent written and verbal communication skills, capable of conveying complex technical information in a user-friendly manner
• Demonstrated ability to handle stressful situations with calmness, ensuring the user feels supported throughout their interaction. Empathetic and patient, understanding the frustrations users may feel and aiming to alleviate them. Positive attitude and a genuine desire to assist and educate users.
• Strong analytical skills, capable of quickly identifying issues and determining the most efficient resolution.
• Willingness and ability to periodically deploy aboard NATO vessels under variable and physically demanding conditions, including the capability to lift and carry equipment weighing up to 20 kilograms.

Desirable qualifications and experience:

• Knowledge and experience of working with NCI Agency.
• Knowledge and experience of working within policy, procedures, and organization of NATO CIS.
• Knowledge and experience with agile implementation methodology.
• Familiarity with deployable CIS (Communications and Information Systems) environments