Job Specifications
Deadline Date: Thursday 8 May 2025
Requirement: Cyberspace Operations Administrative and Coordination Support to Threat Hunting
Location: Mons, BE
Full Time On-Site: Yes
Time On-Site: 100%
Period of Performance: 2025 BASE: 30 JUN 2025 to 31 DEC 2025, with possibility to exercise following options:
2026 option: 01 JAN 2026 to 31 DEC 2026
2027 option: 01 JAN 2027 to 31 DEC 2027
2028 option: 01 JAN 2028 to 31 DEC 2028
Required Security Clearance: NATO Secret
BACKGROUND
The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
INTRODUCTION
The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC's role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. The Portfolio ranges from Programme of Work (POW) activities funded via the NATO Military Budget (MB) to Critical / Urgent Requirements (CURs/URs) and NATO Security Investment Programme (NSIP) projects funded via the Investment Budget (IB). In some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span multiple years and are governed by various frameworks, including the Common Funded Capability Development Governance Framework (CFCDGM).
In order to execute this work, the NCI Agency is seeking additional labour through contracted resources (or consulting) to support the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and cyberspace operations. This Statement of Work (SoW) specifies the required skillset and experience.
PURPOSE
The NCSC is responsible to defend NATO networks on a 24/7 basis and to proactively look for signs of malicious activities by performing threat hunting. The Threat Hunting activities encompass threat intelligence hypotheses based searches on existing security logs sources, anomaly detection and more generally compromise assessment.
OBJECTIVES
This Statement of Work (SoW) outlines the services to be provided by the Supplier to NCSC for providing support to Cyber Operations Threat Hunting.
DELIVERABLES
The service is executed in sprints; each sprint is planned for a duration of 1 week.
The Contractor's personnel shall deliver the following functions:
D1. Based on directions from the Service Delivery Manager (SDM) and deputy SDM:
organise meetings (both in-person but virtual using NATO videoconferencing infrastructure), open service requests, change requests and work orders within NCIA and NCSC ticketing and tasking systems, pro-active follow-up of existing requests in various systems on a periodic basis.
D1 Outcome: The JIRA issue (task) has been handled (if assigned to the person) or created (if it needs to be dispatched within the team).
D1 Acceptance Criteria: The issue has been handled appropriately, using professional judgment and the outcome is clearly indicated in the appropriate field.
The issue has been addressed before or at the target date
D2. Based on directions from the Service Delivery Manager (SDM) and deputy SDM:
write emails to stakeholders of the service, write and review SoW, contracts and license agreements, resource planning, writing, editing and creation of SOP/SOI in the NCSC wiki, presentation slides preparation.
D2 Outcome: List of documents produced and emails sent to support the threat hunting service.
D2 Acceptance Criteria: The list contains the title of documents or subject of emails, the stakeholders informed and the link to issues in Jira (TASK #)
The format expected is an Excel document with the following columns: Title/Subject, Stakeholders, Link to Issue.
This deliverable is expected at the end of each week.
Rejection criteria:
The client may reject deliverables if they do not meet the specified acceptance criteria or if they contain critical errors.
A rejected deliverable must be corrected and resubmitted within 1 (one) business day.
Further, the Contractor's personnel must conduct the following reviews:
A bi-weekly ‘touch point' between NCSC - Threat Hunting Service Delivery Manager, or any other NCSC personnel designated by NCSC.
Structure and formatting of the deliverables:
In addition to their specific acceptance criteria, each deliverable shall meet the following requirements:
Language: the product shall be written in English, meeting the NATO STANAG 6001 Level 3 "Professional Proficiency".
Intended Audience: the product shall be intended for Cyber Security Professional, Senior Military personnel and decision makers in the field of Cyber Security and Cyberspace Operations.
Accuracy: the product shall accurately reflect what was done.
Clarity and Conciseness: Information shall be presented clearly and concisely, avoiding unnecessary jargon or complex language.
Objectivity: the content shall be impartial and objective, presenting information without bias or personal interpretation.
Structure: the product shall follow a logical structure such as template when available.
Timeliness: the product shall be prepared and distributed promptly after the assignment, ensuring that information is fresh and actionable.
Formatting: Consistent formatting shall be used throughout the document, including font style, size, headings, and spacing further directed by the Information and Knowledge Management Steering Group.
Confidentiality: Information processed by analysing threat intelligence reports or acquired during threat hunting campaigns shall be handled in accordance with the NATO policy on Information Management.
PENALTIES
The penalties defined below will apply to the payment amount based on the performance results measured through R1 - Monthly Service Performance (Annex A)
Each deliverable will be assessed by a supervisor or team member on a scale of 1 to 5 based on the criteria defined above. If the score is below 4/5, a justification is provided by the assessor. This score is used for the monthly KPI reported in R1 (Annex A) which is the sum of all the deliverables scores divided by the number of deliverables and transformed into percentage, an overall score below 80% introduce financial penalty.
This score is computed in the "sprint review" phase detailed in Section 7.
The grade are to be understood as follows:
1 (20%) Unsatisfactory: The deliverable is completely off-target
2 (40%) Lacking: The deliverable doesn't meet 1 or more acceptance cr...
About the Company
EMW was founded in 1995 by engineers and managers who formerly held senior positions in well known telecommunications and information technology companies to pursue their vision for this new company.
Our core business is providing information and communication technology services in the areas of planning, engineering and implementation; project and program management; systems integration; operations and maintenance; and training. Our competencies range over all aspects of inside and outside plant; feeder, access and inter-o...
Know more