Security and Data Management Specialist

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

The NATO Communications and Information Agency (NCI Agency) located in The Hague, The Netherlands, is involved in the development of new capabilities for NATO as well as in the support of existing capabilities. In light of these, Command and Control (C2) Service Line have a requirement for subject matter experts to be embedded with a team of NCI Agency staff in support of the Scientific Programme of Work for 2021.

The main objective of this statement of work are:

• Support the development and validation of C2 Services Enabling requirements, architectural products and technical specifications;
• Support the Alliance Federation information sharing concepts, services and specifications; supporting TIDE and CWIX activities and;
• Providing technical support for C3S activities in the area of identity and access management, API security, Data Management and Message and Information transformation and standardisation

Role Duties and Responsibilities

The consultant is requested to participate and provide expert support to NCI Agency in the execution of scientific activities advancing the following objectives:

• ACT Interoperability Standardization (IOS) ‐ Joint C2 Cross‐COI Concepts: Maintenance of standards to support seamless information sharing techniques.
• ACT Interoperability Standardization (IOS) ‐ Joint C2 Cross‐COI Concepts (NATO Core Data Framework (NCDF) implementation development and support): Assist ACT with the maturing of the NATO Core Data Framework (NCDF), AFSC, Data Centric Security (DCS)

This work will further develop and contribute to the definition of Information Sharing Scenarios for Core and C2 Services. This includes knowledge and expertise in Metadata Labelling, Binding, Binding Profiles, Label to Marking mapping, label interoperability cross domain information exchanges including , NATO Common Cross-Community Semantic Reference Model (CXCSRM) , MIP Information Model (MIM), Cross‐Domain Information Sharing (CDIS) solutions and the validation of information sharing Core and C2 Services at various exercise venues such as TIDE Sprint, CWIX and further support may be required for Steadfast Cobalt as added scope to this task.

The consultants will work off‐site and regularly coordinate their efforts with the team using the Agile/Sprint procedures already established. This requires both face‐to‐face meetings and remote tele‐ or video‐conferences.

The expertise is focussed on:

• requirement elicitation, formalization and validation
• API design with specific attention to the security aspects
• System and services architecture design
• Design, validate, implement and test identity and data management infrastructures and API security
• Design, validate, implement and test messages and information transformation and standardization

Deliverables

• Deliverable 1 ‐ D001:

The architecture for the protection of the NATO Core Data Framework API. The architecture shall adhere to the API security Best Practices, shall be based on the adoption and profiling of the NATO standards and of the Federated Mission Network (FMN) adopted protocols and methodologies. The API architecture shall cover at least the aspects of the user authentication/authorization and the propagation of the user identity to the backend services via the impersonation and/or the delegation approaches.

An initial “NCDF API security implementation guide” document to guide the API implementation. It shall contain enough information to guide the implementation of the security services and the configuration of the security infrastructure. This deliverable will be provided in form a single document, the “NCDF API security architecture and implementation guide” containing both the architecture definition and the implementation guide.

• Deliverable 2 ‐ D002:

Shall participate to the design, implementation and test of the secure NCDF Data Lake API for the NCDF Data Lake services. Those activities will be executed using the agile methodologies and the expected deliverables and timeline will be decided at runtime as part of the sprint planning activities.

• Deliverable 3 (Optional) ‐ D003:

May participate to further improvements of the NCDF Data Lake API and of the related NCDF Data Lake services. Those activities will be executed in 2024 and will be using the agile methodologies. The expected deliverables and timeline will be decided at runtime as part of the sprint planning activities.

• Deliverable 4 (Optional) ‐ D004

May participate to further improvements of the NCDF Data Lake API and of the related NCDF Data Lake services.

Those activities will be executed in 2025 and will be using the agile methodologies. The expected deliverables and timeline will be decided at runtime as part of the sprint planning activities. Optional deliverables D003 and D004 may be exercised at the discretion of NCIA.

For the mentioned deliverables, the consultant is expected

• To co‐author with the NCI Agency publications in international conferences and journals contributing to discoveries and advances made during the period of performance.

To prepare documentation and make presentations to sponsors and stakeholders throughout the contract period. This may require the consultants to independently represent specific technical areas on behalf of NCI Agency without direct support of Agency staff e.g. TIDE Sprint, CWIX execution.

Essential Skills and Experience

• Knowledge of Information Management principles;
• Knowledge of the Modern Data Architecture. Data Lakes, Hubs & Warehouses concepts and experience in design related system and services architecture;
• Knowledge of design and implementation of architectures and protocols for distributed and federated systems.
• Detailed knowledge and experience with Web Service‐specific security standards and products including Security Policy Information File (SPIF), SAML 1.x and 2.0, XACML, WS‐Security, WS‐Trust, OpenId Connect, OAuth 2.0, Microsoft Active Directory Federation Services (ADFS) v3.0, and competing products in this space;
• Detailed knowledge and experience with Service Oriented Architecture (SOA) implementation concepts including Web Services, SOAP, REST, Publish‐Subscribe, XML and WSDL, as well as Web Services specifications;
• Knowledge and experience with NATO Core Data Framework (NCDF) concepts, technologies and business cases, standard specifications and related implementations.
• Ability to independently produce and edit technical documentation and scientific reports in English;
• Excellent communications skills;
• Good understanding of the project management methodologies, including PRINCE 2 and Agile/Scrum

Desirable Skills and Experience

• Knowledge of NATO Confidentiality Label Syntax specifications (specifically ADatP‐4774 & 4778), profiles and emerging standards;
• Knowledge of NATO Metadata Binding Mechanism specifications, profiles and emerging standards, including Metadata Labelling Strategy and the Data Centric Security Strategy;
• Knowledge of NATO Core Metadata Specification (NCMS), profiles and emerging standards;
• Knowledge of the NATO C3 Policies, including the Data Management Policy
• knowledge of methods and mechanisms to resolve security label translation/mapping between NATO and NATO national systems;
• Knowledge and experience with Standards Transformation Framework (STF) concepts, technologies, business cases.
• Expertise in security labelling and object level protection solutions;
• Expertise in secure communication and API security.
• Familiarity with NATO organisational and political structures (especially NHQC3S, ACT HQ and NCI Agency) and relationships with NATO and Partner nations;

Working Location

• Off-site

Working Policy

• Remote

Travel

• Some travel to other NATO or Non-NATO sites may be required

Contract Duration

• Jun 2024 – Dec 2024

Security Clearance

• Valid National or NATO Secret personal security clearance