2022-0122 Cloud SOC Analyst (NS) - FRI 6 Jan OFF-SITE

Deadline Date: Friday 6 January 2023

Requirement: Cloud SOC Analyst

Location: Off-Site

Full time on-site: No

NATO Grade: A/87,230 EUR (Each sprint 3,965 EUR)

Required Start Date: 30 January 2023

End Contract Date: 30 December 2023

Required Security Clearance: NATO SECRET

Duties & Role:

1 INTRODUCTION

The NATO Communications and Information Agency (NCI Agency) has moved towards short-cyclic capability development via NATO Software Factory (NSF) services. NSF is a development and testing DevSecOps Platform hosted in Microsoft Azure Cloud, designed to enable the use of standardized secure software engineering processes and common tooling shared by Alliance Federation, Industry, Academia and Nations. NCI Agency is looking for a Cloud SOC Analyst to act as a cybersecurity first responder and execute daily security operations duties for the NSF platform and its customers.

2 OBJECTIVES

The main objective of this statement of work is in relation to the security operations activities for the NATO Software Factory.

3 SCOPE OF WORK

Under the direction / guidance of the NCIA Point of Contact or delegated staff, the Cloud SOC Analyst will run daily security operations activities:

• Monitoring
• Detection and response
• Threat Hunting
• Event and incident response
• Continuity of Operations

The Cloud SOC Analyst will also contribute and support enhancements work-packages related to the NSF platform security posture and SOC Operations on the main pillars (organizational, people, processes and technology). The contractor will be part of the NSF team and will provide the service using an Agile and iterative approach during multiple sprints. Each sprint is planned for a duration of 1 week. The content and scope of each sprint will be agreed during the sprint-planning meeting.

4 DELIVERABLES AND PAYMENT MILESTONES

The following deliverables are expected from the service on this statement of work:

Deliverable 01: 22 sprints of security operations and security enhancements activities.

NTE Sprint Cost: 3,965 EUR

Number of Sprints: 22

NTE Total Cost: 87,230 EUR

Payment Milestones: Upon completion of each fourth sprint and at the end of the service.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements

5 COORDINATION AND REPORTING

The contractor shall participate in daily status update meetings, sprint planning, sprint retrospectives and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to Service Delivery Manager’s instructions.

For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her service during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the service held and the development achievements during the sprint.

6 SCHEDULE

This task order will be active immediately after signing of the contract by both parties. It is expected the initial service starts on 30th January 2023 and will end no later than 31 December 2023.

7 CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the point of contact. All work, artefacts, scripts, documentation, etc. will be stored under configuration management and/or in the provided NCI Agency tools.

All the deliverables of this project will be considered NATO UNCLASSIFIED

Part of the service may involve handling sensitive data, therefore, a security clearance at the right level is expected for the contractor(s) undertaking this service.

8 PRACTICAL ARRANGEMENTS

The contractor will be required to provide the service off site. Access to the NCI Agency NSF platform will be provided in coordination with the NCIA Point of Contact or delegated staff.

The contractor may be required occasionally to travel to NCI Agency sites within NATO for completing these tasks. Travel expenses will be reimbursed to the individual directly (outside this contract) under NATO rules.

This service must be accomplished by ONE contractor.

Requirements

9 QUALIFICATIONS

The consultancy support for this service requires a Cloud SOC Analyst with the

following qualifications:

• The candidate must have a currently active NATO SECRET security clearance
• The candidate has a strong record of accomplishments in cloud security operations.
• The candidate has a broad understanding of cybersecurity best practices, techniques and tools, attack vectors, cyber threats.
• The candidate has relevant key soft skills such as collaboration, problem solving, critical thinking, inquisitive mind and ability to work under pressure.
• The candidate has extensive understanding of information technologies including networks and protocols.
• The candidate has strong relevant skills and experience with cloud security operations at tactical level:
  • Security incidents analysis and triage,
  • Security incident response,
  • Security incident recovery,
  • Threat Hunting
• The candidate has experience with and deep knowledge on the use of various cloud SOC tools and services:
  • Microsoft Sentinel,
  • Microsoft Defender for Cloud,
  • Microsoft Defender(s) (M365, Endpoint, Identity, Cloud Apps),
  • Azure and M365 Logging and Monitoring,
  • Endpoint detection and response (EDR) solution,
  • Azure Information Protection,
  • Azure Active Directory Identity Protection,
  • Microsoft Purview Compliance Manager,
  • Kusto Query language (KQL),
  • Other security tools
• The candidate has experience with Microsoft 365 and Azure services and tools:
  • Azure Active Directory,
  • Application gateways,
  • Azure policies,
  • Azure automation accounts,
  • Azure Network Security Groups,
  • Azure DDoS protection
• The candidate has experience with Windows and Linux operating systems.
• The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
• The candidate is able to speak and write fluent English since the service is conducted in English.
• The candidate must have the nationality of one of the NATO nations.