Cyber Security Architect

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

CPP 9A3201 consists of six projects that aim to addressing critical CIS security services uplifts; implement the necessary enhancements which remain after approval of CP090120; and provide capability lifecycle support for existing and programmed CIS security services-related capabilities.

One of the six projects is the ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project. Its aim is to provide maintenance of the current CIS security posture, by addressing critical CIS security services uplifts and enhancements, which remain after approval of CP120. It also addresses non-overlapping scope related to the Uplift to Security Information and Event Management (SIEM)/Log Storage, post-Intrusion Detection and Threat Hunting systems, as well seeking to provide a Cyber Threat Intelligence (CTI) capability.

CTI is a clearly-defined part of the authorised ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project, with secured funding and an authorised Schedule for project implementation. Its next project milestone is the Release of an Invitation for Bids (IFB), and much of the foundation work for this ‘project’ is in place; however, the materials now need to be developed and coordinated as it moves towards its scheduled IFB Release Milestone. As with all of the CPP 9A3201 projects, this ‘project’ is following the ‘performance-based’ methodology, with artefacts, documents and deliverables all adhering to the principles of this model. The ‘Scope of Work’ outlined directly below aims to directly address and accomplish this.

The Refresh and Maintain Obsolete Equipment for Cyber Capabilities (OBSO) project is one of the projects defined in the CPP 9A3201 Cyberspace. This project is focused on maintaining the current CIS security posture by addressing critical CIS security services uplifts and enhancements. The Cyberspace Programme aims to mitigate NATO enterprise security posture degradation due to planned and unplanned hardware/software obsolescence and to improve NATO enterprise security posture by adopting refreshed technologies and expertise.

OBSO is a clearly defined project within CPP 9A3201 with secured funding, an authorised schedule, and well-described scope. The next milestone for the OBSO project is the IFB Release, with only some preliminary work completed towards planning or drafting of this document.

Role Duties and Responsibilities

• The maturation of the Cyber Threat Intelligence (CTI) ‘project’ ‘Building Blocks’ that the project team has developed (including ‘High Level Objectives’; ‘Tasks’; ‘User Stories’; ‘Risks’) into a coherent Performance Work Statement that is accessible to potential bidders and fully mature.
• Involvement with workshops and collaborative sessions that enable the aforementioned Performance Work Statement to connect with other associated artefacts, such as the Quality Assurance Surveillance Plan and the ‘Landscape Document’. Some active contribution to the content might be expected.
• Prepare the IFB materials for the Refresh and Maintain Obsolete Equipment (OBSO) project. The task involves, but is not limited to, a) updating the list of obsolete cybersecurity devices for replacement as an Annex to the IFB; b) drafting a bill of materials (BoM) with associated price estimation and prioritization of these devices; c) producing a matrix of interfaces and interdependencies with other NATO and National projects and systems; d) collaborating with the NCSC Cyber Security Services Framework (CSSF) team to produce a draft Task Order (TO); and e) Preparing draft technical specifications supporting the IFB.
• Liaison with project stakeholders on behalf of the project to garner information required to mature the artefacts.

Essential Skills and Experience

• Cyber Security and Cyberspace Background related to both the protection of military networks and securing operations and missions.
• CISSP experience and certification.
• Strong analytical and problem-solving skills.
• Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.
• Familiarity with the CFCDGM governance model and capability development lifecycle.
• Familiarity with the range of NATO Stakeholders.
• Practical working experience within the Cyber domain with 2-4 years of experience working within Cybersecurity topics.
• Familiarity with Defence / NATO Procurement processes.
• Familiarity with high-quality public-facing Documentation Production.
• Prior knowledge of NATO IFB related work is helpful but not essential.
• Experience of working with classified material.

Desirable Skills and Experience

• Experience of working with NATO and awareness of the NATO Command Structure;
• Experience of working with NATO Communications and Information Agency;
• Experience and familiarity with NATO networks and cybersecurity;
• Experience of working with national Defence or Government entities.

Education

• Bachelor's degree in Computer Science, Information Technology, or related field, or equivalent experience.

Working Location

• Remote

Working Policy

• Off-Site

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance