System Engineer

The Battlefield Information Collection and Exploitation Systems (BICES) Group Executive (BGX) is located at NATO HQ in Brussels. Its core business is to enable sharing and exchange of intelligence- related information and intelligence between all NATO member nations, associated partner nations and the NATO organization. BICES capabilities are for national, NATO or coalition use, in peace, crisis and war. It is a dynamic and evolving capability with the ultimate goal of providing adequate support to users.

The BICES Group Executive (BGX) works as a facilitator maintaining the core network and coordinating the community-wide provision of capabilities and services operated at national/organisational level. BICES offers a number of services to support BICES users using mainly commercial off-the-shelf (COTS), open source but also an in-house developed software.

· NATO experience
· Knowledge of planning, designing, developing, testing and deploying IT infrastructure (including hardware, software and network based)
· Have the know-how to implement and test scalable and fault-tolerant software solutions and lT platforms in secure environments
· Knowledge of communication protocols (routing and routed), firewalls, encryption devices (desirable) and common network architectures that leverage these technologies
· ln-depth knowledge of internet protocols, including; SNMP, SMTP, HTTP/HTTP, SSH, LDAP and developing solutions that utilise these protocols
· University degree in Computer Science/Engineering or equivalent
· 3+ years of experience and expertise in IT requirements analysis and gathering
· 3+ years of experience in software development, content management systems, web site development and maintenance, MySQL and SQL development and support, backup and recovery operations, Information Assurance support, development and maintenance
· Excellent system administrator skills, specifically aimed at Windows and Linux
· Excellent knowledge on VMware solutions (vSphere Client, vCenter Server, ESXi, etc etc)
· Expertise in deployment of Virtual Private Network (VPN)
· Experienced on scalable and resilient database/directory design (SQL/x.500/LDAP)
· Experience of unit testing and associated software development practices
· Disciplined approach to testing and quality assurance
· Knowledge of ISO/OSI and common RFCs
· Knowledge with optimizing performance and browser compatibility
· Ability to understand, assess and solve complex technical issues
· Knowledge of standards data format
· Experienced in the development and deployment of Certificate (PKl) and Single Sign-On based platforms
· Possess a high level of tact and diplomacy

· Provide the BGX with a technical design of an Unclassified BGX Environment (target implementation), based on the analysis of the current environment and the CIS documentation in order to support the accreditation process
· Conduct discovery sessions to gather business requirements and create technical and functional documentation
· Plan the implementation of the whole service (server-client) architecture while considering security aspects
· Design, deploy and test a Virtual Private Network (VPN) for connecting and operating remotely to the implemented solution
· Development of technical and security documentation (systems, interconnections, networking topologies)
· Support the installation, integration, configuration and operation of Systems and Network related equipment and services
· Responsible for ensuring that:
ü BICES Community engineering/technical objectives are met, including the coordination of BICES National Services
ü The BICES overall architecture is consistent and in accordance with the requirements of the whole BICES Community
ü All aspects of BICES Configuration Management are effective. This includes implementing and refining BICES services and configuration management policy, and coordinating with other domains on cross-domain configuration control matters
· Provide a technical design of the Unclassified BGX Environment (target implementation) based on the analysis of the current environment and the CIS documentation, and support the accreditation process
· Provide a technical description of the proposed target implementation consisting of:
ü Documenting, proposing design enhancements and support, as required, for the implementation of the BGX Test and Development Environment, ensuring secure access from/to external networks (e.g. internet). This include:
§ Physical assets
o Physical hosts running latest VMware ESXi with container support
o NAS storage for hosting VMs
o NAS storage for backups and snapshots
o Tape back up for critical data (version controlled code)
§ Virtual Machines
o Windows DC and AD, DNS, etc
o Kubernetes nodes for deploying containers during development
o Dedicated VM based workstations for each developer
o GitLab Enterprise VM
§ Network interconnections
o Access to Test/Developement Environment from BGX laptops at developer/operators desks
o Restricted internet access from VM based developer workstations (hosted in BGX Test and Development Environment) based on a managed list of URLs (software repositories like maven, github, etc)
o Shared network drive between Test and Development environment allowing bidirectional movement of files between Test and Development
ü Improving the current way of getting updates/patches from an external network (e.g. internet), to using a specific One Way Transfer solution (i.e. Data Diode) for moving files from a lower to higher classification domain and documenting this
· Provide the following deliverables within a specific timeline, as agreed with and directed by the BGX Project Manager:
ü Design Document describing the system architecture and the key components of the proposed implementation
ü Request for Change for Approval to Operate (in order to proceed with the implementation on the Unclassified environment)
ü Standard Operating Procedures and the execution thereof (for the “hardening” of all involved components, such as Operating System, Database, IIS, Virtualized Infrastructure)
ü Security Test & Verification Plans for hardening the implemented services/software
ü Security Operations - SecOps (assuring a secure usage of the implemented tools for a continuous protection and threat prevention)
ü Execution of a Vulnerability Assessment/Penetration Test (potentially) with the outcome documented in a related report
ü Statement of Compliance
ü Execution of project-related coordination activities with all BGX Divisions/Offices, in particular with Intelligence Service Operations (ISO) and Information Assurance and Cyber Defense (IA&CD)
ü Participate with the review process with the Local Security Accreditation Authority (NATO Office of Security)