2025-0193 Network Engineering Security Support Services (NS) - FRI 11 Jul

Bidding Instructions - Technical Proposal:

CV and attestation of the assigned resource for the project. Each CV shall contain accurate contact details for reference person for each of the listed professional experiences relevant to this Statement of Work.

Deadline Date: Friday 11 July 2025

Requirement: Network Engineering Security Support Services

Location: Mons BE

Full Time On-Site: Yes

Time On-Site: 100%

Period of Performance: BASE period: As soon as possible but not later than 18 Aug 2025 31st December 2025

2026 Option: 1st January 2026 until 31st December 2026

2027 Option: 1st January 2027 until 31st December 2027

2028 Option: 1st January 2028 until 31st December 2028

Required Security Clearance: NATO SECRET

1 INTRODUCTION

The NCIA is looking for Network Engineering Security Support Services On Site delivered in SHAPE Mons Belgium.

The NCIA provides advanced technological solutions and support to NATO and its member nations. Its mission is to ensure effective and secure communication and information systems for the alliance enabling operations and decision-making. The agency plays a critical role in maintaining NATOs technological edge and operational readiness through innovation collaboration and the implementation of cutting-edge technologies.

The NATO Infrastructure Service Centre (NISC) provides generic domain independent technical capabilities that enable and facilitate the operation and use of Information Technology resources. NISC services (including: subject matter expertise; acquisition; project management operations and maintenance; and disposal) are provided in the following technical domains: network services (to include routing switching and transmission services) infrastructure hosting storage and processing infrastructure networking hardware and software management databases and web platform services as well as identity management. These services cover the entire lifecycle for both internal and external customers in static and deployable environments.

The NISC Network as a Service (NaaS) Area of Responsibility (AoR) spans all network infrastructure hardware Network Function Virtualization (NFV) elements as well as software services management and licensing components enabling the provisioning deployment network management maintenance lifecycle and vendor management of the on-premises cloud and multi-cloud network infrastructure services and connectivity.

The NISC CIS Security AoR include coordination with NaaS for implementation of secure configurations for the infrastructure elements in accordance with the CIS Security accreditation documentation approved software and hardware configuration baselines (hardening guides) and security assessment reports recommendations.

2 OBJECTIVE

The objective of this Statement of Work (SOW) is to provide Network Engineering Security Support Services on site for the NCIA managed networks.

3 SCOPE OF WORK

Network Engineering Security Support applies specialist skills to configure troubleshoot and optimize routers switches firewalls and other hardware/software networking elements to enhance network performance and ensure data and the CIS are secured in accordance with NATO Security Policy and Directives requirements. This activity requires communication with the end-user proactive service monitoring and taking actions to resolve incidents and recover the impacted services. This service is provided on-site in SHAPE Mons Belgium.

This SOW covers Network Engineering Security Support for multiple NCIA-managed networks across multiple security domains as described in Annex B.

All services provided by NCIA regardless of whether they are end-user services or supporting services are under the responsibility of Service Delivery Managers (SDM).

Services will be delivered in multiple sprints each sprint being planned for a duration of one (1) week.

The content scope of each sprint and their related acceptance criteria are to be peer reviewed within the sprint cycle and communicated in writing to the contractor before beginning of each sprint. Input and guidance will be provided by NCIA in written from or/and during the targeted review meetings.

Under the direction / guidance of the NISC CIS Security Risk Management Section Head Network Engineering Security Support will conduct the following activities:

1) Operations:

a) Follow NISC change management process for implementing the required changes;

b) Document the changes that impact the CIS security posture into the CIS Security accreditation document set;

c) Ensure only authorized configuration baselines are deployed on all managed systems with specific authorized deviations applied in a systemic manner using configuration rules per categories of software applications;

d) Monitor continuously the security and operational dashboards logs and alerts identify misconfigurations; engage with the appropriate stakeholders and contribute to the remediation of the findings by implementing configurations and updates in coordination with NaaS Subject Matter Experts (SME);

e) Ensure security-by-design and minimality principles are applied in all configuration changes;

2) Inventory:

a) Maintain the CMDB updated with the Configuration Items used by the services/systems listed in Annex B;

b) Perform all operation support and maintenance activities on the platforms described in Annex B.

3) Incident Logging Tracking Dispatching:

a) Log and track incidents work orders and change requests using the incident ticketing system (ITSM);

b) Investigate and resolve network security related issues directly assigned by end- users/requesters within the staff competences and administrator permissions;

c) Maintain communication with end-users when needed;

d) Ensure all tickets are updated with accurate and detailed information and resolved (or assigned to appropriate stakeholders) within the agreed service levels;

4) Escalation:

a) Escalate complex issues to NaaS SME support or appropriate teams when necessary;

b) Follow up on escalated issues to ensure timely resolution and user satisfaction.

5) Knowledge Base Management:

a) Contribute to the creation and maintenance of a knowledge base documenting common issues and solutions;

b) Share knowledge and best practices with team members to improve overall service quality.

6) Performance Monitoring:

a) Monitor support metrics and KPIs to ensure high-quality service delivery;

b) Participate in regular reviews to identify areas for improvement and implement corrective actions.

7) Automation and Efficiency:

a) Develop and implement automation scripts to streamline routine support tasks such as software installations updates system checks and notifications;

b) Utilize automation to create workflows for repetitive tasks improve service efficiency and proactively implement solutions;

c) Leverage Infrastructure as Code (IaC).

8) Communication and Collaboration:

a) Communicate effectively with internal user community to understand their issues and provide clear instructions;

b) Collaborate with IT teams to resolve issues and improve service delivery.

4 DELIVERABLES AND PAYMENT MILESTONES

4.1 Payment Schedule will be monthly for the completed and accepted sprints within the month.

4.2 The NCIA team reserves the possibility to exercise a number of options based on the same scrum deliverable timeframe at a later time depending on the project priorities and requirements.

4.3 The payment shall be dependent upon successful acceptance of the sprint report and the Delivery Acceptance Sheet (DAS) (Annex A).

4.4 Invoices shall be accompanied with a Delivery Acceptance Sheet (DAS) (Annex A) signed by the Contractor and the NCIA POC.

4.5 The following deliverables are expected for the all platforms that are explained in Section 3 on this statement of work:

2025 BASE: 18 August 2025 (tentative) to 31 December 2025

Deliverable: Up to 16 sprints Network Engineering Security Support (Number of sprints is estimated and will be adjusted based on actual starting date.)

Payment Milestones: Monthly payment for the completed and accepted sprints within the month. Completion of each sprint shall be accompanied documented in Delivery Acceptance Sheet (DAS) (Annex A) signed for acceptance by the Purchasers authorized point of contact and the Contractor.

2026 OPTION: 01 January 2026 to 31 December 2026

Deliverable: Up to 50 sprints Network Engineering Security Support

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO115786 AAS Special Provisions article 6.5.

Payment Milestones: Monthly payment for the completed and accepted sprints within the month. Completion of each sprint shall be accompanied documented in Delivery Acceptance Sheet (DAS) (Annex A) signed for acceptance by the Purchasers authorized point of contact and the Contractor.

2027 OPTION: 01 January 2027 to 31 December 2027

Deliverable: Up to 50 sprints Network Engineering Security Support

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO115786 AAS Special Provisions article 6.5.

Payment Milestones: Monthly payment for the completed and accepted sprints within the month. Completion of each sprint shall be accompanied documented in Delivery Acceptance Sheet (DAS) (Annex A) signed for acceptance by the Purchasers authorized point of contact and the Contractor.

2028 OPTION: 01 January 2028 to 31 December 2028

Deliverable: Up to 50 sprints Network Engineering Security Support

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO115786 AAS Special Provisions article 6.5.

Payment Milestones: Monthly payment for the completed and accepted sprints within the month. Completion of each sprint shall be accompanied documented in Delivery Acceptance Sheet (DAS) (Annex A) signed for acceptance by the Purchasers authorized point of contact and the Contractor.

5 COORDINATION AND REPORTING

5.1 The contractor shall report to the NISC CIS Security Risk Management Section Head.

5.2 The contractor shall participate in daily status update meetings activity planning and other meetings as instructed physically in the office or in person via electronic means using Conference Call capabilities according to the CIS Security Risk Management Section Head instructions.

5.3 For each sprint to be considered as complete and payable the contractor must report the outcome of their service during the sprint first verbally during the retrospective meeting and then in writing within three (3) days after the sprints end date. The format of this report shall be added into Delivery Acceptance Sheet (DAS) (Annex A) mentioning briefly the Service held and the development achievements during the sprint.

6 SCHEDULE

6.1 The base period of performance is 18 August (tentative) 2025 through 31st December 2025.

6.2 If the 2026 option is exercised the period of performance is 1st January 2026 to 31st December 2026.

6.3 If the 2027 option is exercised the period of performance is 1st January 2027 to 31st December 2027.

6.4 If the 2028 option is exercised the period of performance is 1st January 2028 to 31st December 2028.

7 CONSTRAINTS

7.1 All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact.

7.2 All code scripts documentation etc. will be stored under configuration management and/or in the provided NCIA tools.

8 SECURITY

8.1 The duties of the contractor require a valid NATO SECRET (NS) security clearance for the entire duration of the contract.

9 PRACTICAL ARRANGEMENTS

9.1 This is a deliverables-based contract.

9.2 The contractor shall provide services 100% On-site NCIA Headquarters in SHAPE Mons Belgium. Exceptional off-site activities to support service delivery can also be arranged with the line managers coordination and approval.

9.3 There may be requirements to travel to other sites within NATO for completing these tasks.

9.4 Travel will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive. They will be invoiced separately to the purchaser by the service provider in accordance with the terms and conditions of the framework agreement.

9.5 The services under this SOW are expected to be carried by ONE contractor for the entire performance period.

9.6 The service shall be delivered during core working hours (0and 1300 - 1730). Providing service out-side business hours is an exceptional situation (historically in the last years there were no such situations). If this occurs sprints price remains unchanged.

9.7 The contractor will be required to obtain working permission for provide on-site service in Belgium.

10 QUALIFICATIONS

See Requirements

ANNEX B: DESCRIPTION OF THE INFRASTRUCTURE ENVIRONMENT

1. The Infrastructure environment operates at the following classification levels: NATO UNCLASSIFIED (NU) NATO RESTRICTED (NR) NATO SECRET (NS) and MISSION SECRET (MS).

2. The managed environment contains network devices from various vendors running on physical and virtual appliances.

3. The environment contains more than 2500 network devices.

4. The management of the network devices is done centrally from dedicated management networks.

5. The response and resolution times for ITSM tickets are defined in accordance with assigned priority in NCIA Incident Management Standard Operating Procedure (SOP) 06.04.01.

6. The Contractor shall take the description above as an indication on the size and composition of the systems in scope

8 SECURITY

• The duties of the contractor require a valid NATO SECRET (NS) security clearance for the entire duration of the contract.

10 QUALIFICATIONS

Services under this SOW are to be provided by ONE resource.

10.1 The following qualifications and expertise are required:

1) Technical Proficiency:

The support for this service requires the following technical proficiencies with minimum 3 years experiences in the following domains:

• Knowledge and experience with design implementation and operation of the core network architecture for large organizations;
• Knowledge and experience with configuration troubleshooting and optimization of routers switches firewalls and other hardware/software networking elements;
• Knowledge and experience with CCNP Routing and Switching;
• Services and Technology Professional Certification (e.g. ITIL CCIE SRA JNCIE or Devnet Professional or equivalent experience);
• Knowledge and experience with Networks specification design and testing with an emphasis on IP networks including IPv6 QoS MPLS MP-BGP;
• Knowledge and experience of Network Functions Virtualization (NFV)/Software Defined (SDx) (e.g. SDN SD-WAN SDDC or SASE);
• Experience with managing Windows Linux operating systems;
• Knowledge and experience with implementing security configurations in enterprise networks.

2) Tasks:

The support for this service requires performing the following tasks:

a. Installation Configuration Management Security

b. Monitoring Upgrade Patching

3) Problem-Solving Skills:

• Strong troubleshooting skills to diagnose and resolve hardware software and network issues.
• Ability to guide users through problem-solving steps effectively.

4) Automation Skills:

• Shell scripting to automate routine support tasks.
• Create automated workflows and automate repetitive processes.
• Ability to identify and implement automation opportunities to enhance efficiency.

5) Communication and Interpersonal Skills:

• Excellent verbal and written communication skills.
• Full proficiency in English.
• Ability to communicate technical information to non-technical users in a clear and concise manner.

6) Customer Service Orientation:

• Strong customer service focus with a commitment to user satisfaction.
• Patience and empathy when dealing with user issues and concerns.

7) Organizational Skills:

• Ability to manage multiple support tickets and prioritize tasks effectively.
• Attention to detail in documenting support activities and maintaining accurate records.

8) Team Collaboration:

• Ability to work effectively as part of a team and share knowledge and resources.
• Willingness to collaborate with colleagues to solve complex issues.

9) Others:

• The candidate has strong customer relationship skills including negotiating complex and sensitive situations under pressure.
• Full proficiency in the English language.
• The candidate must have the nationality of one of the NATO nations