2025-0342 Academy Learning Environment Cyber Security Eng. () PORTUGAL - 4 Nov

2025-0342 Academy Learning Environment Cyber Security Eng. () PORTUGAL - 4 Nov

Contract Type:

Contractor

Location:

Oeiras - Oeiras, Portugal

Industry:

NATO

Contact Name:

Tim Lane

Contact Email:

tim@plr.ltd

Contact Phone:

01618042014

Date Published:

24-Oct-2025

Deadline Date:  04 November 2025
 
Requirement Title:  Academy Learning Environment Cyber  Security  Engineer and System Accreditation Support
 
Location of Performance:  On-Site in Oeiras, PORTUGAL
The role requires on-site presence; remote work is not an option.
 
Cost Not to Exceed:
2026 BASE: 93,564 NTE EUR (46* weeks at 2,034 EUR NTE/ week)
2027 - 2029
 
Period of performance:  2026 BASE: 1 January 2025
 
Evaluation Methodology:  Lowest Priced Technically Compliant
 
Required  Security   Clearance NATO Secret
 
Special Terms and Conditions:  Due to the multinational aspect of  NATO , part of the services in this SoW shall be delivered during national public holidays at the respective locations of performance.
 

Please do  NOT  apply for any NATO contract positions unless you meet ALL the following criteria:
  1. Current National or NATO SECRET clearance
  2. Nationality of one of the NATO member countries
  3. Current work visa for the specific location if applying for an in-country position
Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.

Introduction:
  • The NATO Communications and Information Academy (NCI Academy) offers training on both static and deployed NATO communication and information systems (CIS). This includes Consultation, Command, Control, Communications and Intelligence, Surveillance and Reconnaissance (C4ISR), as well as cyber security and cyber defence. Moreover, the NCI Academy plays an instrumental role in designing, developing and rolling out new learning solutions. This is achieved through comprehensive analysis of training requirements and by leveraging cutting-edge learning technologies.

  • The NCI Academy also provides a range of education and training services through its Academy Learning Environment (ALE). The ALE governs and strategically coordinates the systems and infrastructure that deliver training, including the Training Management System (TMS), Learning Management System (LMS), Academy Training Network (ATN), and future components such as the Adaptive Learning Platform. These systems support multiple delivery methods, such as classroom training, mobile training, Virtual Instructor-Led Training (VILT), and self-paced training. The ALE relies on technological elements like cloud-hosted services (TMS, LMS), virtual environments via the ATN, local networks, and a Virtual Desktop Infrastructure (VDI) that enables remote access.
  • To ensure these systems remain secure and compliant, the NCI Academy is outsourcingk Cyber Security Engineering and System Accreditation Support for the ALE. The Contractor shall work in close coordination with, and report to, the Academy Technical Capability (TeC) Team.
Objectives:
Provide expert cyber security engineering support to prepare, maintain, and evidence all documentation required to achieve and sustain accreditation/Authorisation to Operate for all ALE systems in operation. This includes supporting secure design, risk assessments, control implementation traceability, security testing and evaluation evidence, and risk treatment records, in compliance with NATO/NCI Agency security policies and standards. In addition, the Contractor shall support the Academy Technical Capability (TeC) Team by delivering the
following outcomes:
  • Solution Architecture (Secure by Design): Design secure architectures for ALE systems (on-premises and cloud), evaluating alternatives and trade-offs (cost, performance, scalability), documenting architectural decisions, and preparing security design inputs and technical plans aligned with enterprise/solution architecture standards. Ensure alignment with enterprise security standards and support change initiatives with technical plans.
  • Information Security (Controls & Risk): Apply physical, procedural, and technical controls. Conduct risk and business impact analysis, identify vulnerabilities, and design countermeasures. Support security incident investigations and lessons learnt, support response coordination and track remediation to closure.
  • Information Assurance & Accreditation: Lead technical assessments of ALE systems. Define accreditation requirements, gather evidence, and coordinate with stakeholders throughout the accreditation lifecycle. Ensure traceability of controls and contribute to assurance processes.
  • System Hardening & Compliance Support: Collaborate with system and network administrators, as well as developers, to implement hardening measures across systems and applications, ensuring compliance with security best practices and organizational standards.
  • Security Documentation: Develop and maintain SOPs/SECOPs, Security Test & Evaluation plans and reports, and user guides. Contribute to the ALE knowledge base with security-focused content.
Scope of Work:
The Contractor shall deliver services in an agile and iterative manner, organised into weekly sprints. The scope and content of each sprint will be agreed during sprint-planning meetings with the Academy Technical Capability (TeC) Team. Deliverables will be reviewed and formally accepted through a Delivery Acceptance Sheet (DAS).
 
Each sprint is planned for a duration of 1 week and main activities are as follows:
  • The Contractor shall develop and maintain the system descriptions for ALE systems, capturing the technical description, connections (physical and logical), physical locations, and hardware/software inventories. This shall be formalised in a document titled "CIS Description" and maintained under version control.
  • The Contractor shall define the accreditation strategy and plan for ALE systems, describing the steps required to achieve security accreditation for operation at the NCI Academy. This shall be formalised in a document titled "Security Accreditation Plan (SAP)" and maintained under version control.
  • The Contractor shall perform a high-level security risk assessment to inform early design, including identifying assets, threats, vulnerabilities, likelihood/impact, and initial risk ratings. This shall be formalised in a document titled "High-Level Security Risk Assessment (SRA)" and maintained under version control.
  • The Contractor shall define system-specific security requirements and control coverage by tailoring the security control baseline, mapping requirements to applicable standards and policies, and identifying coverage gaps with corresponding actions. This shall be formalised in a document titled "System-specific Security Requirement Statement (SSRS)" and maintained under version control.
  • The Contractor shall develop and maintain Security Operating Procedures (SecOPs) to enable secure day-to-day operations. This includes:
  • For Administrators: account/privilege management, backups, patching, baseline configurations, logging/monitoring, incident and change handling, and continuity steps.
  • For End Users: acceptable use, data handling, access/MFA, reporting suspicious activity, and secure usage guidance. These shall be formalised in a document titled "Security Operating Procedures (SecOPs)"
    and maintained under version control.
  • The Contractor shall define security test and verification activities to evidence control effectiveness. This shall be formalised in a document titled "Security Test and Verification Plan (STVP)" and maintained under version control.
Coordination and Reporting:
  • The Contractor shall report to the Academy Technical Capability (TeC) Team to ensure alignment on priorities.
    Weekly sprint-planning and review meetings will define scope and validate progress.
  • Monthly progress reports shall summarise tasks completed, deliverables produced, and issues encountered.
  • The Contractor shall immediately inform the TeC Team Lead of any risks, delays, or constraints that may affect the timely delivery of agreed tasks.
  • All formal communications, deliverables, and reports shall be submitted in writing in English.
Practical Arrangements:
Work Location: All work shall be conducted at the NCI Academy premises in Oeiras, Portugal. No remote work is permitted.

Facilities and Equipment: The NCI Academy will provide office space, workstation access, and the necessary IT equipment required for the execution of services.

Access and Security: The Contractor will be issued the required building passes, network accounts, and access permissions to perform the assigned tasks, subject to valid NATO Secret security clearance and Agency approval.

Working Hours: Services shall be delivered in alignment with NCI Academy working hours (07:00-17:00). Flexibility may be required to meet operational needs, as agreed with the Academy Technical Capability (TeC) Team Lead.

Travel: No travel outside Oeiras is foreseen under this contract.
 
Qualification:
Essential Qualifications and Experience:
The Contractor staff proposed for this service must meet the following minimum qualifications:
  • NATO Security Clearance valid for the duration of the contract, issued by the respective National Security Authority.
  • Cyber Security Engineer Experience:
    • Minimum 5 years of experience in designing secure, scalable solution architectures aligned with enterprise standards, or complex environments.
    • Minimum 5 years of experience in applying and overseeing physical, procedural, and technical security controls, conducting risk assessments, and leading incident response efforts.
    • Minimum 5 years of experience in system and application hardening, collaborating across technical teams to enforce best practices and compliance
  • Accreditation Process: Demonstrated success in managing accreditation processes, defining assurance requirements, and coordinating with stakeholders is essential.
  • Communication Skills: Excellent written and verbal communication in English, with the ability to explain technical information clearly and in a user-friendly manner.
  • Collaboration: Demonstrated ability to work effectively in a team environment and coordinate with multiple stakeholders.
  • Documentation: Strong documentation capabilities including SOPs, technical manuals, and security guidelines are required to support operational readiness and knowledge sharing.
  • Analytical Skills: Strong problem-solving and troubleshooting ability, with the capacity to quickly identify issues and determine the most efficient resolution..
Desirable qualifications and experience:
  • Knowledge and experience of working with the NCI Agency and/or NATO organisations
  • Knowledge of ISO27001 or equivalent standards.
  • Familiarity with Agency tools for configuration, risk, and documentation management.
  • Experience supporting audits.
  • Understanding of Agile delivery practices.
Language Proficiency:
Level 3 English language skills according to NATO STANAG 6001: Listening (3); Speaking (2); Reading (3); and Writing (2) or according to Common European Framework of Reference for Language level B2-C1/Upper Intermediate-Advanced level).

APPLY NOW

Share this job

Interested in this job?
Save Job
CREATE AS ALERT

Similar Jobs

SCHEMA MARKUP ( This text will only show on the editor. )