Home
Jobs
EMW
2025-0138 Cyberspace Operations Admin and Coord Support (NS) - THU 8 May

2025-0138 Cyberspace Operations Admin and Coord Support (NS) - THU 8 May

On site

Mons, Belgium

Freelance

24-04-2025

Share this job:

Score my CV Apply

Job Specifications

Deadline Date: Thursday 8 May 2025

Requirement: Cyberspace Operations Administrative and Coordination Support to Threat Hunting

Location: Mons, BE

Full Time On-Site: Yes

Time On-Site: 100%

Period of Performance: 2025 BASE: 30 JUN 2025 to 31 DEC 2025, with possibility to exercise following options:

2026 option: 01 JAN 2026 to 31 DEC 2026

2027 option: 01 JAN 2027 to 31 DEC 2027

2028 option: 01 JAN 2028 to 31 DEC 2028

Required Security Clearance: NATO Secret

BACKGROUND

The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.

INTRODUCTION

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC's role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. The Portfolio ranges from Programme of Work (POW) activities funded via the NATO Military Budget (MB) to Critical / Urgent Requirements (CURs/URs) and NATO Security Investment Programme (NSIP) projects funded via the Investment Budget (IB). In some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span multiple years and are governed by various frameworks, including the Common Funded Capability Development Governance Framework (CFCDGM).

In order to execute this work, the NCI Agency is seeking additional labour through contracted resources (or consulting) to support the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and cyberspace operations. This Statement of Work (SoW) specifies the required skillset and experience.

PURPOSE

The NCSC is responsible to defend NATO networks on a 24/7 basis and to proactively look for signs of malicious activities by performing threat hunting. The Threat Hunting activities encompass threat intelligence hypotheses based searches on existing security logs sources, anomaly detection and more generally compromise assessment.

OBJECTIVES

This Statement of Work (SoW) outlines the services to be provided by the Supplier to NCSC for providing support to Cyber Operations Threat Hunting.

DELIVERABLES

The service is executed in sprints; each sprint is planned for a duration of 1 week.

The Contractor's personnel shall deliver the following functions:

D1. Based on directions from the Service Delivery Manager (SDM) and deputy SDM:

organise meetings (both in-person but virtual using NATO videoconferencing infrastructure), open service requests, change requests and work orders within NCIA and NCSC ticketing and tasking systems, pro-active follow-up of existing requests in various systems on a periodic basis.

D1 Outcome: The JIRA issue (task) has been handled (if assigned to the person) or created (if it needs to be dispatched within the team).

D1 Acceptance Criteria: The issue has been handled appropriately, using professional judgment and the outcome is clearly indicated in the appropriate field.

The issue has been addressed before or at the target date

D2. Based on directions from the Service Delivery Manager (SDM) and deputy SDM:

write emails to stakeholders of the service, write and review SoW, contracts and license agreements, resource planning, writing, editing and creation of SOP/SOI in the NCSC wiki, presentation slides preparation.

D2 Outcome: List of documents produced and emails sent to support the threat hunting service.

D2 Acceptance Criteria: The list contains the title of documents or subject of emails, the stakeholders informed and the link to issues in Jira (TASK #)

The format expected is an Excel document with the following columns: Title/Subject, Stakeholders, Link to Issue.

This deliverable is expected at the end of each week.

Rejection criteria:

The client may reject deliverables if they do not meet the specified acceptance criteria or if they contain critical errors.

A rejected deliverable must be corrected and resubmitted within 1 (one) business day.

Further, the Contractor's personnel must conduct the following reviews:

A bi-weekly ‘touch point' between NCSC - Threat Hunting Service Delivery Manager, or any other NCSC personnel designated by NCSC.

Structure and formatting of the deliverables:

In addition to their specific acceptance criteria, each deliverable shall meet the following requirements:

Language: the product shall be written in English, meeting the NATO STANAG 6001 Level 3 "Professional Proficiency".

Intended Audience: the product shall be intended for Cyber Security Professional, Senior Military personnel and decision makers in the field of Cyber Security and Cyberspace Operations.

Accuracy: the product shall accurately reflect what was done.

Clarity and Conciseness: Information shall be presented clearly and concisely, avoiding unnecessary jargon or complex language.

Objectivity: the content shall be impartial and objective, presenting information without bias or personal interpretation.

Structure: the product shall follow a logical structure such as template when available.

Timeliness: the product shall be prepared and distributed promptly after the assignment, ensuring that information is fresh and actionable.

Formatting: Consistent formatting shall be used throughout the document, including font style, size, headings, and spacing further directed by the Information and Knowledge Management Steering Group.

Confidentiality: Information processed by analysing threat intelligence reports or acquired during threat hunting campaigns shall be handled in accordance with the NATO policy on Information Management.

PENALTIES

The penalties defined below will apply to the payment amount based on the performance results measured through R1 - Monthly Service Performance (Annex A)

Each deliverable will be assessed by a supervisor or team member on a scale of 1 to 5 based on the criteria defined above. If the score is below 4/5, a justification is provided by the assessor. This score is used for the monthly KPI reported in R1 (Annex A) which is the sum of all the deliverables scores divided by the number of deliverables and transformed into percentage, an overall score below 80% introduce financial penalty.

This score is computed in the "sprint review" phase detailed in Section 7.

The grade are to be understood as follows:

1 (20%) Unsatisfactory: The deliverable is completely off-target

2 (40%) Lacking: The deliverable doesn't meet 1 or more acceptance cr...

About the Company

EMW was founded in 1995 by engineers and managers who formerly held senior positions in well known telecommunications and information technology companies to pursue their vision for this new company. Our core business is providing information and communication technology services in the areas of planning, engineering and implementation; project and program management; systems integration; operations and maintenance; and training. Our competencies range over all aspects of inside and outside plant; feeder, access and inter-o... Know more

Related Jobs

Company Name: Chase IT Global
Job Title: IT Support and Network Support Engineer or Technician
Job Description: The ideal candidate will be responsible for maintaining and intermittently improving our current network configuration and infrastructure. You will design our revamped network infrastructure with the goal of maximizing our network performance. You will also provide troubleshooting and configuration support by using your strong technical skills in Linux and Windows environments and IP networking. Responsibilities Maintain, implement, and troubleshoot networks Design and support our network systems and infrastructure Configure and operate routers and switches Monitor network performance and make recommendations based on performance analysis Qualifications Bachelor's degree in computer science or related area 2 - 4 years of experience with network administration in a Linux or Windows environment Knowledge of IP networking fundamentals

Company Name: Hays
Job Title: Support Engineer
Job Description: HAYS IT is assisting one of their clients, a global leader in logistics and transportation, in their search for a skilled Junior Digital Workspace Support Engineer. The ideal candidate will have a passion for providing IT support and optimizing digital workspace tools while working onsite at their European Head Office in Diegem. This role is an excellent opportunity for recent graduates or junior professionals to develop their skills in a dynamic and customer-focused environment. The position is part of a global organization’s commitment to innovation and customer service excellence, with a focus on maintaining and improving end-user devices and support processes. The role is Diegem-based, requiring full-time presence at the service desk. Must-haves: Strong enthusiasm for delivering IT support. Fluent Dutch speaker with excellent English communication skills. Well-organized, proactive, and customer-oriented approach. Analytical skills to address customer needs effectively. Ability to explain technical solutions to non-technical users clearly. Requirements that the ideal candidate will have: A completed Bachelor’s degree in IT or equivalent experience. Some experience in the IT sector (entry-level candidates are welcome). Familiarity with enterprise service desk tools (e.g., ServiceNow) is advantageous. Commitment to continuous professional development and innovation. This is a long-term contract starting at the beginning of May 2025 and running until the end of the year, with the possibility of extension. If you are interested, you can always contact Sabrina via sabrina.vanpeer@hays.com or on +32 (0)3 202 79 86.

Company Name: Barco
Job Title: Software developer for automated testing
Job Description: Function Within our Business Unit Cinema we bring the experience of Movie Goers to the next level. We develop world leading laser based projectors, including state of the art media servers. Product development is thriving in Barco, so we are looking to expand our team in Kortrijk with a Test Engineer. Key Responsibilities Support our automatic testing framework by adding and maintaining tests, but also by maintaining the framework itself. Help to maximize the quality of the projectors by analyzing, automation, scripting and programming Be part of our R&D team Competencies A strong affinity for technology and technology transitions Hands-on, ‘can-do’ attitude Consistency lies at the heart of the created work. A team player and good communication skills in English. Willing to travel worldwide (occasionally) Qualification We are looking for a Barco colleague who Has a bachelor or master degree in Engineering, ICT or equivalent in any relevant field Is familiar with software programming Programming skills (python, C/C++,...) Design, implement, and maintain CI/CD pipelines using Jenkins. Experience with version control systems (e.g., Git). Has basic knowledge of Linux systems, network communication (TCP/UDP…) Has strong analytical skills Can obtain insight in software system architectures Our offer A permanent contract A competitive salary package The opportunity to work for an international market leader where innovation really matters. Internal training in our Barco University A modern and state-of-the-art working environment

Company Name: Contact One Communications, Inc.
Job Title: 2793 Cyber Security and Guard Support
Job Description: SCOPE OF WORK The main objective of the statement of work is to underline the Cyber Security needs of the NCSC and to look for support to Gateway Security Services, the ‘Level 3 Cyber Security and Guard that should be manned by the service supplier on a daily basis to ensure service objectives are met continuously. The aim of this SOW is to support NCSC with technical expertise specifically related to the operation and maintenance of CYBER SECURITY AND GUARD Support with a deliverable based (completion-type) contract to be executed in 2025. Required The service provider will be required to deliver a daily activities schedule, orchestrate NCIA processes as well as represent NCSC business unit on an Enterprise Level where required. Tasks performed by a contractor include: Build, implement, maintain, and support systems within existing cross-domain gateways (System Administration). Configure, maintain, review and update configuration settings and policies on guard components and data diodes (System Configuration) Under the direction / guidance of the NCSC Point of Contact, a contractor will be the part of the NCSC Team supporting the following activities: Central system administration of Guards and Data Diodes to ensure continuing functionality and availability. Hardware and software systems installation and configuration User and access management Back up and restore systems data Monitor system performance and availability Log forwarding towards archiving and/or forensic systems Analyze, troubleshoot and resolve application issues Development of automation scripts to meet day to day system administration tasks Central configuration of Guards and Data Diodes Implementation and verification of guards and data diode configuration to meet customer cross-domain data exchange requirements Adaptation of release markings Adaptation of email attachment types Configuration of additional cross-domain flows Back up and restore configuration data Updating of Guard and Data Diode software/patches Monitor patch releases Test new software and patches Support A2SL process for approval of software updates Installation and configuration of software and patch updates Documentation of Guards and Data Diode systems Development of SOPs and other documentation for repetitive activities Produce and maintain comprehensive documentation for all implemented systems Review and update security documentation Education/training/familiarization of other teams Support of Guards and Data Diodes Technical support in troubleshooting infrastructure and operational issues Collaborate with other teams for a successful resolution; Provide technical support and guidance by answering end-user requests to identify issues in secure cross-domain data exchange COORDINATION AND REPORTING The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, via electronic means using Conference Call capabilities, according to the Operation Managers / Team Leaders instructions. Due to the AGILE approach of this project, there is a need to define a set of specific arrangements between the NCIA and the contractor that specifically defines the deliverables to be provided for each sprint as well as their associated acceptance criteria. This includes sprint planning, execution and review processes. SCHEDULE It is expected the service starts as soon as possible but no later than 18 May 2025 and ending no later than 31st December 2025. if the 2026 option is exercised, the period of performance is 01st January 2026 to 31st December 2026 if the 2027 option is exercised, the period of performance is 01st January 2027 to 31st December 2027 The work will be conducted during normal office hours following the NCIA Brussels calendar, as well as outside office hours and on weekends, if necessary. SECURITY AND NON-DISCLOSURE AGREEMENT Any proposed resource providing services under this SOW must be in possession of a security clearance NATO SECRET or above to facilitate follow-on engagements and coordination at NATO venues. The signature of a Non-Disclosure Agreement between any Service Provider’s individuals contributing to this task and NCIA will be required prior to execution. PRACTICAL ARRANGEMENTS The contractor will be required to provide the service 100% on-site at NCIA Mons, Belgium. Exceptional off-site activities to support service delivery can also be arranged with the line manager’s coordination and approval. NCI Agency will provide access to relevant networks and resources as required by the project. There might be requirements to perform out-of-hours work to support planned maintenance activities or delivery of critical services as well as to provide on-call support outside regular business hours. TRAVEL There may be limited travel required (max.3 times/per year, each travel up to 3 working days), specifically to Brussels, Belgium, The Hague, Netherlands or Brunsum, Netherlands. No additional cost for travel (including accommodation, per diem, travel expenses, etc.,) will be claimed separately. All travel arrangements are the responsibility of the contractor. Required Profile The contractor that is going to perform the identified tasks as an operation and maintenance expert of CYBER SECURITY AND GUARD must have demonstrated skills, knowledge and experience as listed below. Activities performed by the contractor include facilitation of all lifecycle aspects of Boundary Protection Components deployed within and on the edge of NATO networks Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience. 5+ years of experience in IT security, with a focus on Security Tools Management in large organisations. Strong understanding of security best practices Good engineering skills including programming Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours. Experience with system instrumentation solutions such as below: Linux System Administration (preferred RedHat Enterprise Linux) Scripting/Automation (Bash, Python, Ansible) Other Boundaries Protections Devices such as firewalls System security, including hardening and SELinux System monitoring and troubleshooting Experience with network protocols and traffic analysis Ability to troubleshoot complex network security issues LAN/WAN networking including protocol network architecture TCP/IP protocols and services Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams Official Linux certification (such as RHCSA, GCUX,) Official Network Management certification (such as Network+) Official Service Management certification (such as ITIL Foundation ) In addition to the above, it is desirable for the contracted individual to have working experience and knowledge i...