Requirement: MISP Data, Engineering and DevOps Support
Location: 100% onsite in Mons, BELGIUM
Full Time On-Site: Yes
Time On-Site: 100%
Cost Not to Exceed: (2026 BASE) €212,850
Period of Performance: 2026 BASE: As soon as possible but not later than 1 August 2026 until 31 December 2026.
Required Security Clearance: NATO SECRET
Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Introduction:
- The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defense functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
- The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC's role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the center executes a portfolio of programs and projects around 219 MEUR per year, in order to uplift and enhance critical cyber security services. The Portfolio ranges from Program of Work (POW) activities funded via the NATO Military Budget (MB) to Critical/Urgent Requirements (CURs/URs) and NATO Security Investment Program (NSIP) projects funded via the Investment Budget (IB). In some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span multiple years and are governed by various frameworks, including the Common Funded Capability Development Governance Framework (CFCDGM).
- The Cyber Security Information Sharing Service (CSISS) facilitates the sharing of timely and accurate information from and to a wide range of Cyber stakeholders (NATO bodies, NATO Allies and Partner Nations, Industry and Partners organizations). This is essential to maintain
the cyber security strength of the organization, as a proven way forward to increase/maintain security posture, respond to Cyber Incidents and support Defensive Cyber Operations (DCO). - The Cyber Defence Information Sharing (CDIS) flavor of this service, is an extended service from the multiple managed MISP communities, covering Cyber Defence-relevant information (e.g. indicators of compromise, threat actors infrastructure and tactics, techniques and procedures (TTPs), vulnerabilities, ...) and enabling sharing among NATO, Nations and industries - compliant with NATO STANAG 5660 - Cyber Security Information Sharing.
The Contractor shall deliver Cyber Security Information Sharing Service (CSISS), Cyber Defence Information Sharing (CDIS) flavor outcomes, including:
- System administration and maintenance of MISP infrastructure
- MISP community management (organization and user provisioning, user support, ...)
- Maintenance of existing MISP integration scripts
- Functional testing of the MISP platform and integrations
- (MISP) data curation and dissemination
- The Contractor retains full responsibility for how capacity is organized to achieve these outcomes.
It is up to the bidding company to propose and size the team that will be working to fulfilling these deliverables. Nevertheless, the expected level of service (24/7), the number of processes to document and the amount of data to be managed is likely requiring the equivalent of 3 staff.
Minimum required skillset to support the service. The minimum mandatory skillset below is per individual.
- 5 years demonstrated experience in functional software testing.
- 5 years demonstrated experience as sysadmin with LAMP servers - Linux, Apache, MySQL/MariaDB, PHP.
- 3 years experience with RedHat.
- 3 years of python scripting experience.
- 3 years experience in MVC software development and code review of web applications mostly in PHP language and with SQL.
- 3 years experience in data analysis.
- 3 years experience defining and documenting business processes.
- Very good technical understanding of the cyber threats to web-based products.
- Good understanding of cyber security principles, best practices, concepts and technology.
- Ability to work independently and in teams to achieve the desired goals, including the ability to monitor and support a team.
- Ability to support high-intensity military exercises for multiple weeks.
- Excellent organizing and communication skills.
- Good communications and writing skills in English.
- Experience as sysadmin of a MISP Threat Sharing platform.
- Prior experience in developing code (python, PHP) for MISP.
- Prior experience in multinational cyber exercises like Locked Shields, Crossed Swords, Cyber Coalition, etc.
- Experience with CakePHP.
- Prior experience in a cyber threat intelligence team.
- Prior experience in incident response.
- Prior experience in threat detection engineering.
The resources will be primarily located at SHAPE, Mons, Belgium. Alternate locations are Brussels region, Belgium and Braine-l'Alleud, Belgium.
