2024-0033 Cyber Security Systems Developer (NS) - WED 3 Jan

Deadline Date:  Monday 3 January 2024

Requirement: Cyber Security Systems Developer

Location: Mons, BE

Full time on-site: Yes

Required Start Date: 1 February 2024

End Contract Date: 31 December 2024

Required Security Clearance: NATO SECRET

1. INTRODUCTION

This statement of work (SoW) describes the work to be contracted to support CyOC to fulfill new duties and increasing sustenance and collaboration with NCIA through cyber security system  development.

2. SCOPE OF WORK

• Implement and integrate system development life cycle (SDLC) methodologies.
• Analyze user needs and requirements to plan and conduct system development for CyOC tools (more specifically SPLUNK)
• Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.
• Provide guidelines and/or support with the implementation of developed cyber tools to users or other development teams
• Collaborate with other developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development.
• Incorporate cybersecurity solutions into system/tool designs.
• Develop and/or maintain Application Programming Interfaces (APIs) to fully integrate feeds and cyber tools (for instance, JIRA, MISP or MALTEGO among others).
• Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
• Assess the effectiveness of the cyber tools based on CyOC requirements, and provide continuous improvement for their development.
• Provide support for the flow of Cyber Threat Intelligence feeds within the Cyberspace tools, so that this information can be properly integrated and correlated among CyOC and NCIA systems if needed.

3. REQUIERED PROFILE

[See Requirements]

4. DELIVERABLES AND PAYMENT

The contracted individual must be able to perform effectively and efficiently with minimal supervision.

The following deliverables are required by the dates below:

D1: Activities for cyber security systems development:

a) Technical support to requirements for tools (systems) development or related with new duties from cyber projects or incidents in support of NCSC Q1.

b) Technical support to requirements for tools (systems) development or related with new duties from cyber projects or incidents in support of NCSC Q2.

c) Technical support to requirements for tools (systems) development or related with new duties from cyber projects or incidents in support of NCSC Q3.

d) Technical support to requirements for tools (systems) development or related with new duties from cyber projects or incidents in support of NCSC Q4

1 - As applicable from para.2&4 for the period + Monthly Reports/DAS

Due 31 March 2024

2 - As applicable from para.2&4 for the period + Monthly Reports/DAS

Due 30 June 2024

3 - As applicable from para.2&4 for the period + Monthly Reports/DAS

Due 30 September 2024

4 - As applicable from para.2&4 for the period + Monthly Reports/DAS

Due 31 December 2024

Payment Milestones: Payment will be done on a monthly basis based on performed deliverables and the equivalent of man hours in executing them. The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) Annex B including the EBA Receipt number.

The Contractor will provide a consolidated monthly report, in the form a completed Delivery Acceptance Sheet (DAS) (Annex B), annotating with precision the deliverables produced for the projects and activities supported.

Payment will be done on a monthly basis based on performed deliverables and the equivalent of man-hours in executing them, with a ceiling of 1672 man hours / calendar year (12-months) and upon acceptance of the Delivery Acceptance Sheet (DAS) by the Purchaser.

Invoice and DAS shall be provided to Purchaser for the payment of period of performance.

5. WORK EXECUTION

The work will be executed on-site with meetings occasionally required in support of work as per D1. The candidate shall provide a summary per milestone of the work done and report to the CyOC SA Section Head, which, together with CyOC SA Staff feedback will function as the basis for approving payments linked to deliverables as mentioned under section 3.

6. TIMELINES

The services are to be provided for the initial period starting 01 February 2024 through 31 December 2024.

7. SECURITY AND NON-DISCLOSURE AGREEMENT

The contracted individual must be in possession of a security clearance of NATO Secret or above. The signature of a Non-Disclosure Agreement between the contractors contributing to this task and NCIA will be required prior to execution.

8. PRACTICAL ARRANGEMENTS

This is a deliverable based contract.

Services will be provided 100% onsite, at SHAPE CyOC and NCSC (Mons, BE).

Occasional travel to the NATO main sites might be needed. Travel requires the prior coordination with and approval of the NCIA Project Manager.

TDY costs are not included in the NTE of this RFQ and will be claimed separately in accordance with NCIA Travel Directive

Requirements

3. REQUIERED PROFILE

The required profile is Cyber Security Systems Developer as follows

• The candidate must have knowledge and multiyear experience in organization, management and support of various (international) operations, activities, units and projects related to defense, cybersecurity, networks, digital evidence, communications and information systems, in the national and NATO environments.
• The candidate must have previous experience within NATO dealing with Communication and Information Systems and/or Cyber.
• The job requires deep knowledge and justified experience of performing highly-specialized review and evaluations of incoming cybersecurity information to determine its usefulness for intelligence at national or preferably at NATO environments.
• The job requires minimum of 5 years of experience on developing, testing and evaluating cyber tools used for analyzing threat information (from multiple sources), exploitation analysis, threat analysis and Cyber Security. The candidate must have experience in leading staff work on international headquarters.

7. SECURITY AND NON-DISCLOSURE AGREEMENT

• The contracted individual must be in possession of a security clearance of NATO Secret or above. The signature of a Non-Disclosure Agreement between the contractors contributing to this task and NCIA will be required prior to execution.