3299 Cyber Security Engineer Oeiras

Required Security Clearance

NATO Secret

SCOPE OF WORK

Provide expert cyber security engineering support to prepare, maintain, and evidence all documentation required to achieve and sustain accreditation/Authorization to Operate for all ALE systems in operation. This includes supporting secure design, risk assessments, control implementation traceability, security testing and evaluation evidence, and risk treatment records, in compliance with NATO/NCI Agency security policies and standards.

Key Outcomes

• Solution Architecture (Secure by Design): Design secure architectures for ALE systems (on‑premises and cloud), evaluating alternatives and trade‑offs (cost, performance, scalability), documenting architectural decisions, and preparing security design inputs and technical plans aligned with enterprise/solution architecture standards. Align with enterprise security standards and support change initiatives with technical plans.
• Information Security (Controls & Risk): Apply physical, procedural, and technical controls. Conduct risk and business impact analysis, identify vulnerabilities, and design countermeasures. Support security incident investigations, lessons learned, response coordination, and track remediation to closure.
• Information Assurance & Accreditation: Lead technical assessments of ALE systems. Define accreditation requirements, gather evidence, and coordinate with stakeholders throughout the accreditation lifecycle. Ensure traceability of controls and contribute to assurance processes.
• System Hardening & Compliance Support: Collaborate with system and network administrators, as well as developers, to implement hardening measures across systems and applications, ensuring compliance with security best practices and organizational standards.
• Security Documentation: Develop and maintain SOPs/SECOPs, Security Test & Evaluation plans and reports, and user guides. Contribute to the ALE knowledge base with security‑focused content.

Main Activities

• Develop and maintain system descriptions for ALE systems, capturing technical descriptions, connections (physical and logical), physical locations, and hardware/software inventories. Document titled “CIS Description” and maintained under version control.
• Define the accreditation strategy and plan for ALE systems, describing steps required to achieve security accreditation for operation at the NCI Academy. Document titled “Security Accreditation Plan (SAP)” and maintained under version control.
• Perform a high‑level security risk assessment to inform early design, identifying assets, threats, vulnerabilities, likelihood/impact, and initial risk ratings. Document titled “High‑Level Security Risk Assessment (SRA)” and maintained under version control.
• Define system‑specific security requirements and control coverage by tailoring the security control baseline, mapping requirements to applicable standards and policies, and identifying coverage gaps with corresponding actions. Document titled “System‑specific Security Requirement Statement (SSRS)” and maintained under version control.
• The Contractor shall develop and maintain Security Operating Procedures (Sec
  OPs) to enable secure day‑to‑day operations. This includes:
  • For Administrators: account/privilege management, backups, patching, baseline configurations, logging/monitoring, incident and change handling, and continuity steps.
  • For End Users: acceptable use, data handling, access/MFA, reporting suspicious activity, and secure usage guidance.
  These shall be formalized in a document titled “Security Operating Procedures (Sec
  OPs)” and maintained under version control.
• Define security test and verification activities to evidence control effectiveness. Document titled “Security Test and Verification Plan (STVP)” and maintained under version control.

SKILL, KNOWLEDGE & EXPERIENCE

• NATO Security Clearance valid for the duration of the contract, issued by the respective National Security Authority.

Cyber Security Engineer Experience

• Minimum 5 years of experience in designing secure, scalable solution architectures aligned with enterprise standards, or complex environments.
• Minimum 5 years of experience in applying and overseeing physical, procedural, and technical security controls, conducting risk assessments, and leading incident response efforts.
• Minimum 5 years of experience in system and application hardening, collaborating across technical teams to enforce best practices and compliance.

General

• Accreditation Process: Demonstrated success in managing accreditation processes, defining assurance requirements, and coordinating with stakeholders is essential.
• Communication Skills: Excellent written and verbal communication in English, with the ability to explain technical information clearly and in a user‑friendly manner.
• Collaboration: Demonstrated ability to work effectively in a team environment and coordinate with multiple stakeholders.
• Documentation: Strong documentation capabilities including SOPs, technical manuals, and security guidelines are required to support operational readiness and knowledge sharing.
• Analytical Skills: Strong problem‑solving and troubleshooting ability, with the capacity to quickly identify issues and determine the most efficient resolution.

Desirable Qualifications And Experience

• Knowledge and experience of working with the NCI Agency and/or NATO organizations.
• Knowledge of ISO27001 or equivalent standards.
• Familiarity with Agency tools for configuration, risk, and documentation management.
• Experience supporting audits.
• Understanding of Agile delivery practices.

Language Proficiency

• Level 3 English language skills according to NATO STANAG 6001: Listening (3); Speaking (2); Reading (3); and Writing (2) or according to Common European Framework of Reference for Language level B2‑C1/Upper Intermediate‑Advanced level.

This is a deliverable‑based contract.

This is a condensed version of the job description. A full, detailed job description will be provided during the application process.