2025-0075 Network Security O&M Support Services (NS) - FRI 27 Jun

Deadline Date: Friday 27 June 2025

Requirement: Network Security O&M Support Services

Location: Brussels, BE

Full Time On-Site: Yes

Time On-Site: 100%

Period of Performance: 2025 BASE: As of 04 August – 31 December 2025 with possibility to exercise the following options:

2026 Option: 1st January 2026 until 31st December 2026

2027 Option: 1st January 2027 until 31st December 2027

Required Security Clearance: NATO SECRET

1 INTRODUCTION

NCIA – CSU BRU

Within the Agency CIS Support Unit (CSU) Brussels provides consistent, reliable and cost-effective ICT service delivery to all NATO customers located in the NATO compound in Brussels, including understanding and managing the interface with the Secretary General and Deputy Director General International Military Staff (DG IMS), through his/her delegated representatives ICTM/EXCO IMS, who act in the role of Intelligent Customer.

NCIA – CSU BRU – Cyber Security Section

The Cyber Security Section (CSS) performs a broad range of cyber security activities as delegated by the Cyber Security Service Line and under the direct command and control of the CSU commander. These activities include advise to the CSU Commander about cyber security policies and risk assessments, acting as the integration point of contact for implementation of cyber security new capability fielding initiatives, provision of Level One cyber security expertise and lifecycle support as required, verification of the implementation of security settings and change management controls at the local level, assessing and re-distributing cyber security alerts to CSU users and leadership, administering endpoint security services. Furthermore the CSS supports the incident management process, provides on-site support, reports in direct coordination with the Cyber Security Service Line and implements remediation measures.

NCIA – CSU BRU – Cyber Security Section – Gateway Security Services team

The Gateway Security Services team is responsible for Operations & Maintenance (O&M) support for all the Cyber Security gateway systems (firewalls, proxies, email gateway, VPN, network DLP, IPS/IDS, cross-domain gateways, etc.). Ensuring operational efficiency and resilience while providing qualitative support.

2 OBJECTIVES

The main objectives of this statement of work can be summarized as follows:

The Network Security O&M (Operations & Maintenance) Support service provides dedicated assistance to the Gateway Security Service team, ensuring the smooth operations and maintenance, enhancing operational resilience and ensuring continuity of the Cyber Security gateway systems. This service focusses on providing level 2 support with co-ordinated assistance to L3 support, as required. This is done through execution of SOPs, following up on raised incident tickets, execution of requests and provide project support.

3 SCOPE OF WORK

Under the direction / guidance of the Head, Cyber Security, the services provided will be supporting the following activities:

a) Handling incidents tickets raised by functional/technical/business users;

b) Handling alerts raised by the monitoring system (ZABBIX and SCOM);

c) Doing general technical troubleshooting and give consultation to other teams inside and outside the CSU;

d) Handling of requests to implement security policies on security gateways;

e) Handling of requests to implement operational changes on security gateways;

f) Collaborate with NATO Cyber Security Centre (NCSC) and NHQ incident response teams to investigate and remediate security incidents;

g) Conduct security policy reviews and optimizations to ensure efficiency and compliance, in accordance with enterprise, NCSC policies and best practices;

h) Generate compliance reports for stakeholders, highlighting key security metrics and risks;

i) Follow patch management cycle for all security gateways (battleshort, critical, high, medium and low cycles), installing and implementing necessary patches and updates in the required time period, ensuring all security gateways are properly patches and upgraded in according with latest baselines.

j) Conduct lessons learned and post-mortem analyses after incidents to improve security posture and operation resilience;

k) Interfacing with 3th vendors for technical support;

l) Update and create documentation and SOPs (Standard Operation Procedures) related to the provided services as requested;

m) Follow up on life cycle of the security gateway systems and assist in the asset replacement projects to replace the system that are end of life;

n) Performs other duties as may be required.

It is expected that ONE resource is providing the above services.

The contractor will provide the service on-site with a possibility of 1 day teleworking per week from Belgium. The contractor will provide services during NATO HQ working hours.

The measurement of execution for this service is sprints, with each sprint planned for a duration of 1 week.

The content and scope of each sprint will be agreed in writing, during the sprint-planning meeting, based on the activities mentioned above.

The following deliverables are expected from the service on this statement of work:

2025 BASE: 31 March 2025 to 31 December 2025:

Deliverable: 26 sprints of Provision of Network Security O&M Support

Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor

Number of sprints is calculated considering a starting date 31 MARCH 2025. This will be adjusted based on actual starting date.

Subject on actual requirements, contractor performance and available funding, the Purchaser reserves the right to exercise optional sprints for 2025, at a later time, within the same scope and cost.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.

Invoices shall be accompanied with a DAS, signed by the Contractor and Purchaser’s authority

2026 OPTION 1: 01 January 2026 to 30 June 2026:

Deliverable: 25 sprints of Provision of Network Security O&M Support

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor

Subject on actual requirements, contractor performance and available funding, the Purchaser reserves the right to exercise optional sprints for 2026, at a later time, within the same scope and cost.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.

Invoices shall be accompanied with a DAS, signed by the Contractor and Purchaser’s authority

2026 OPTION 2: 1 July 2026 to 31 December 2026:

Deliverable: 21 sprints of Provision of Network Security O&M Support

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor

Subject on actual requirements, contractor performance and available funding, the Purchaser reserves the right to exercise optional sprints for 2026, at a later time, within the same scope and cost.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.

Invoices shall be accompanied with a DAS, signed by the Contractor and Purchaser’s authority

2027 OPTION 1: 01 January 2027 to 30 June 2027:

Deliverable: 25 sprints of Provision of Network Security O&M Support

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor

Subject on actual requirements, contractor performance and available funding, the Purchaser reserves the right to exercise optional sprints for 2026, at a later time, within the same scope and cost.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.

Invoices shall be accompanied with a DAS, signed by the Contractor and Purchaser’s authority

2027 OPTION 2: 1 July 2027 to 31 December 2027:

Deliverable: 21 sprints of Provision of Network Security O&M Support

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor

Subject on actual requirements, contractor performance and available funding, the Purchaser reserves the right to exercise optional sprints for 2026, at a later time, within the same scope and cost.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.

Invoices shall be accompanied with a DAS, signed by the Contractor and Purchaser’s authority

5 COORDINATION AND REPORTING

The contractor shall participate in weekly status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via electronic means using Conference Call capabilities, according to the Team Leaders instructions.

For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her service during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the service held and the development achievements during the sprint.

6 SCHEDULE

This task order will be active immediately after signing of the contract by both parties.

It is expected the service starts as of 04 August2025 and ending no later than 31 st December 2025.

If the 2026 option 1 is exercised, the period of performance is 01 st January 2026 to 30 th June 2026.

If the 2026 option 2 is exercised, the period of performance is 01 st July 2026 to 31 st December 2026.

If the 2027 option 1 is exercised, the period of performance is 01 st January 2027 to 30 th June 2027.

If the 2027 option 2 is exercised, the period of performance is 01 st July 2027 to 31 st December 2027.

7 CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact.

8 SECURITY

The performance of these services require a valid NATO SECRET security clearance.

Some of the expected classification level of the deliverables is NATO SECRET.

The execution of the services may require the consultants to access information, as well as CIS systems, classified up to NATO SECRET.

9 PRACTICAL ARRANGEMENTS

The contractor will be required to provide the service 100% on-site at NCIA, NATO Head Quarter – Brussels - Belgium. Exceptional off-site activities to support service delivery can also be arranged with the line manager’s coordination and approval. There is a possibility to work 1 day per week teleworking from Belgium, providing services during NATO HQ working hours.

Travel duties are not foreseen for this service.

This service must be accomplished by ONE contractor.

This individual providing services under this SOW will be part of the Gateway Security Services team, inside the Cyber Security section.

10 QUALIFICATIONS

[See Requirements]

Requirements

8 SECURITY

The performance of these services require a valid NATO SECRET security clearance.

10 QUALIFICATIONS

The consultancy support for this service requires following qualifications:

1) Essential qualifications:

• University Degree and 3 years function related experience or Higher Secondary Education and completed advanced vocational training leading to a professional qualification or professional accreditation with 4 years post related experience.
• Extensive experience in working with firewalls (Palo Alto, Fortinet and Juniper)
• Experience in managing web proxies (FortiProxy), email gateways (Proofpoint) and VPN gateways (Cisco Firepowers)
• Experience of cyber security activities in large, complex and possibly classified ICT environments with 2.000+ end-user devices
• Strong technical engineering skills, adaptive to customer needs and being able to work in a team.

2) Desirable qualifications:

• Previous work experience in international organizations, such as NATO, or specialized Defence Industry
• Knowledge of NATO CIS Security Policy, Directive and Guidance
• ITIL Certification
• Possession of at least one security certification (i.e., ISC, EC-Council, SANS) highly desirable