3176 Security System Engineer

仕事内容

Required Security Clearance: NATO SECRET

SCOPE OF WORK

This SOW covers one medium to large NATO CIS, the security accreditation document set and the associated CIS Security assurance activities as described below.

CIS Security Accreditation

• Produce the CIS Description (CISD) documentation, addressing all NATO CIS components; coordinate with Service Delivery Managers (SDMs), network and security architects and other relevant Subject Matter Experts (SMEs) to ensure the complete and accurate description of the CIS.
• Conduct Security Risk Assessment (SRA) for the NATO CIS in scope; this includes the identification and assessment of risks in close coordination with NATO accreditation stakeholders (including technical and security authorities).
• In close coordination with the security accreditation support and the technical stakeholders, produce the Security Requirements Statements (SRSs) (System Specific and for the System Interconnections), which include evaluating the implementation of the security requirements as per the NATO security policies and directives, advise on mitigation and remediation recommendations for those security requirements partially implemented (or not implemented), and document these in the relevant accreditation documents (Security Requirements Statements (SRSs), SecOPs).
• Produce the Security Operating Procedures (SecOPs) in line with the NATO security policies and directives.
• Develop Security Tests and Verification Plans (STVP).
• Conduct Security tests in accordance with defined test plans and provide associate reporting.
• Support the development of mitigation and remediation plans, following the identification and assessment of cybersecurity risks for NISC managed CIS, specifically assessing the residual risks after the application of cybersecurity risk mitigation measures.
• Assist with complex remediation activities for the NATO CIS in scope of this SoW; conduct remediation activities in collaboration with the NCIA Service Delivery Managers.
• Ensure adequate level of systems/data protection is implemented for NISC managed CIS in accordance with NATO Security policies and directives.
  
  

Operations

• Perform all operation, support and maintenance activities described in Annex C.
• Log and track Service and Change requests using the enterprise ticketing system (ITSM).
• Ensure all tickets are updated with accurate and detailed information and resolved within the agreed service levels.
  
  

Escalation

• Escalate complex issues to appropriate teams when necessary.
• Follow up on escalated issues to ensure timely resolution and user satisfaction.
  
  

Knowledge Base Management

• Contribute to the creation and maintenance of a knowledge base, documenting common issues and solutions.
• Share knowledge and best practices with team members to improve overall service quality.
  
  

Performance Monitoring

• Monitor support metrics and KPIs to ensure high-quality service delivery.
• Participate in regular reviews to identify areas for improvement and implement corrective actions.
  
  

Automation And Efficiency

• Develop and implement automation scripts or advise on automated tools to streamline routine support tasks such as system and software checks and notifications, and the development/continuous update of the accreditation deliverables.
• Utilize automation to create workflows for repetitive tasks, improve service efficiency and proactively implement solutions.
  
  

Communication And Collaboration

• Communicate effectively with internal user community to understand their issues and provide clear instructions.
• Collaborate with IT teams to resolve security issues and improve service delivery.
  
  

Transition-In:

• The Contractor shall start the execution of the contract by implementing the transition-in Handover-Takeover (HOTO) plan.
• The Transition-in Handover-Takeover (HOTO) plan shall include at the minimum:
• Detailed HOTO schedule with GANTT chart.
• Resources and PFE required from the Purchaser for successful execution of HOTO plan.
• Risk register.
• Handover-takeover period will be divided in two parts: Shadowing and Reverse Shadowing.
• For the Transition-In HOTO, Shadowing will be the monitoring of Purchaser’s activities by the Contractor for each product listed. Reverse shadowing will the monitoring of the Contractor activities by the Purchaser for item listed.

Transition-Out:

• Whatever the cause or the triggering event of the contract coming to an end, the Contractor shall end the execution of the contract by implementing the transition-out Handover-Takeover (HOTO) plan.
• The transition-out Handover-Takeover plan to be executed for contract closure or contract termination shall include at the minimum:
• Detailed HOTO schedule with GANTT chart.
• Transition to The Purchaser of any tools, procedures, training and documentation used by The Contractor to execute this SOW.
• Resources and PFE required from the Purchaser for successful execution of HOTO plan.
• Risk register.
• Handover-takeover period will be divided two parts; Shadowing and Reverse Shadowing.
• For the Transition-Out HOTO, Shadowing will be the monitoring of the Contractor activities by The Purchaser for each item listed. Reverse shadowing will be the monitoring of the Purchaser activities by The Contractor for the second instance for each product listed.
  

Description Of The NATO CIS Environment

• The NATO CIS operates at the NATO UNCLASSIFIED (NU) and NATO RESTRICTED (NR) classification levels.
• The NATO CIS is composed mainly of Infrastructure Edge Devices and services, supporting NATO Command Structure, and elements of the NATO Force Structure. It is installed in two locations.
• The CIS environment contains predominantly proxy and gateway tools, as well as a management component based on Microsoft Windows Server and Linux Operating systems, running on physical and virtual servers.
• The following documents need to be produced part of the accreditation documents set for the NATO CIS (~8, depending on the approach on the system interconnections):
• Security Accreditation Plan.
• CIS Description.
• Security Risk Assessment.
• Security Requirements Statements (System-Specific, respectively for System Interconnections).
• Security Operating Procedures.
• Security Testing and Verification Plan.
• Security Testing and Verification Report.
• Additionally, on demand, Remediation Actions status Report following the Security Audits might need to be produced and submitted to the relevant Cyber/CIS Security and security accreditation authorities.
• The response and resolution times for ITSM tickets are defined, in accordance with assigned priority, in NCIA Incident Management Standard Operating Procedure (SOP) 06.04.01.
• The Contractor shall take the description above as an indication on the composition and complexity of the system in scope, as well as of the required accreditation deliverables in scope of this contract. The actual number of deliverables in scope of this contract will stay within a margin of +/- 25% of the provided numbers. Any changes to the number of deliverables will not entitle the Contractor to any price adjustments. However, should the numbers move outside this margin, upwards or downwards, this could be ground for an equitable price adjustment to be applied at the next turn of the year.

SKILL, KNOWLEDGE & EXPERIENCE

The consultancy support for this work requires a systems engineer with the following qualifications:

Technical Proficiency

• The support for this work requires technical proficiencies as the development and execution of the following accreditation deliverables: NATO CIS Security accreditation process; CIS Security Risk Assessments (SRA); CIS Security Tests and Verifications (STV); CIS Security Assessments (SA) remediation.
• A minimum of 2 years of experience with the security accreditation process are required, including development of security accreditation documents as listed above.
  
  

Problem-Solving Skills:

• Strong troubleshooting skills to diagnose and resolve hardware, software, and network security issues.
• Ability to guide users through problem-solving steps effectively.
  
  

Automation Skills

• Proficiency in automation to create workflows and automate repetitive processes.
• Ability to identify and implement automation opportunities to enhance efficiency.
  
  

Communication And Interpersonal Skills

• Excellent verbal and written communication skills.
• Full proficiency in English.
• Ability to communicate technical information to non-technical users in a clear and concise manner.
• A minimum of 2 years of work experience in an international environment are required.
  
  

Customer Service Orientation

• Strong customer service focus with a commitment to user satisfaction.
• Patience and empathy when dealing with user issues and concerns.
  
  

Organizational Skills

• Ability to manage multiple support tickets and prioritize tasks effectively.
• Attention to detail in documenting support activities and maintaining accurate records.
  
  

Team Collaboration

• Ability to work effectively as part of a team and share knowledge and resources.
• Willingness to collaborate with colleagues to solve complex issues.
  
  

Others

• The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
• The candidate must have the nationality of one of the NATO nations.
  
  

This is a condensed version of the job description. A full, detailed job description will be provided during the application process.