2022-0121 DevSecOps Engineer (NS) - THU 6 Jan OFF-SITE
The Hague, South Holland, Netherlands - Remote
Deadline Date: Friday 6 January 2023
Requirement: DevSecOps Engineer
Location: Off-Site
Full time on-site: No
NATO Grade: A/96,580 EUR (Each sprint 4,390 EUR)
Required Start Date: 30 January 2023
End Contract Date: 30 December 2023
Required Security Clearance: NATO SECRET
Duties & Role:
1 INTRODUCTION
The NATO Communications and Information Agency (NCI Agency) has moved towards short-cyclic capability development via NATO Software Factory (NSF) services. NSF is a development and testing DevSecOps Platform hosted in Microsoft Azure Cloud, designed to enable the use of standardized secure software engineering processes and common tooling shared by Alliance Federation, Industry, Academia and Nations. NCI Agency is looking for a DevSecOps engineer with a strong background on containerization technology (compliancy and security assessment, implementing and maintaining base layers, and assist with complex containerized deployments and infrastructure as code (Terraform & Ansible) to support the NSF team.
2 OBJECTIVES
NCI Agency is building a NATO Trusted Container service, enabling future container-based FAS secure lifecycle management. In addition, a new Integration Testing service is being established in the NSF, replacing legacy on-prem labs and test environments. The main objective of this statement of work is to support the NST team building these two new services within the NSF.
3 SCOPE OF WORK
Under the direction / guidance of the NCIA Point of Contact or delegated staff, the DevSecOps engineer will support building the NATO Trusted Container service and Integration Testing service.
This includes the following activities:
- Develop / update Jenkins and Azure DevOps pipelines
- Implement security scanning for containers
- Implement compliancy scanning for containers
- Develop and maintain secure common base layers for containers, including applying required hardening settings
- Develop / maintain infrastructure as code for deployment and configuration of infrastructure (VMs, Disks), core services (AD, CA, Exchange etc.), and applications (NATO and Commercial Application)
- Define standard for infrastructure as code
- Create pipelines and self-service solutions for deploying test environments using infrastructure as code
The contractor will be part of a team and will give the service using an Agile and iterative approach during multiple sprints. Each sprint is planned for a duration of 1 week. The content and scope of each sprint will be agreed during the sprint-planning meeting.
4 DELIVERABLES AND PAYMENT MILESTONES
The following deliverables are expected from the service on this statement of work:
Deliverable 01: 22 sprints of software development.
NTE Sprint Cost: 4,390 EUR
Number of Sprints: 22
NTE Total Cost: 96,580 EUR
Payment Milestones: Upon completion of each fourth sprint and at the end of the service.
The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements
5 COORDINATION AND REPORTING
The contractor shall participate in daily status update meetings, sprint planning, sprint retrospectives and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to Service Delivery Manager’s instructions.
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her service during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the service held and the development achievements during the sprint.
6 SCHEDULE
This task order will be active immediately after signing of the contract by both parties. It is expected the initial service starts on 30th January 2023 and will end no later than 31 December 2023.
7 CONSTRAINTS
All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the point of contact. All work, artefacts, scripts, documentation, etc. will be stored under configuration management and/or in the provided NCI Agency tools.
All the deliverables of this project will be considered NATO UNCLASSIFIED
Part of the service may involve handling sensitive data, therefore, a security clearance at the right level is expected for the contractor(s) undertaking this service.
8 PRACTICAL ARRANGEMENTS
The contractor will be required to provide the service off site. Access to the NCI Agency NSF platform will be provided in coordination with the NCIA Point of Contact or delegated staff.
The contractor may be required occasionally to travel to NCI Agency sites within NATO for completing these tasks. Travel expenses will be reimbursed to the individual directly (outside this contract) under NATO rules.
This service must be accomplished by ONE contractor.
Requirements
9 QUALIFICATIONS
The consultancy support for this service requires a software developer with the
following qualifications:
- The candidate must have a currently active NATO SECRET security clearance
- The candidate has relevant and recent experience in building and securing containers.
- The candidate has relevant and recent experience in developing infrastructure as code
- The candidate has a strong track record in DevSecOps and has strong problem solving skills.
- The candidate has extensive and recent experience with and knowledge of Continuous integration and delivery, including the following tools and technologies and concepts:
- Git (mandatory),
- Ansible (mandatory),
- Docker (mandatory),
- Jenkins (mandatory),
- Terraform (mandatory),
- Infrastructure as Code such as ARM,
- Designing and implementing build/deploy pipelines,
- Application security/code quality testing tools such as SonarQube, Checkmarx or OWASP Dependency Check,
- Shift left/right testing using test automation tools such Junit/NUnit, Selenium, Protractor, Cucumber
- The candidate has extensive and recent experience with and knowledge of Continuous Operations, including the following tools and technologies and concepts:
- Kubernetes (mandatory),
- Telemetry/Monitoring solutions such as Application Insights, Azure Monitor or Prometheus,
- Helm,
- Container Registry,
- Container vulnerability scanning tools such as Trivy and Anchore,
- The candidate has experience with and knowledge of Java and NodeJS/JavaScript
- The candidate has relevant and recent experience in using development tools (e.g. Maven, Jira, GitLab, Zephyr) and the Scrum methodology.
- The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
- The candidate is able to speak and write fluent English since the service is conducted in English.
- The candidate must have the nationality of one of the NATO nations.
Tags: Agile Ansible Application security Automation Azure Checkmarx Clearance Cloud DevOps DevSecOps Docker Helm Java JavaScript Jira Kubernetes Monitoring NATO Node.js OWASP Prometheus Scrum Security assessment Security Clearance SonarQube Terraform
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs