3325 ACPV Security Data Analyst

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC's role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the NCSC executes a portfolio of programs and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services.

The TRANSFORM Branch supports the missions of the NCSC by ensuring the delivery of coherent, holistic, effective and efficient Cyber Security services across the NATO Enterprise.

The Enterprise Asset, Configuration, Patching and Vulnerability (E-ACPV) Project refers to the comprehensive management of technology assets to enhance NATO's cyber security posture.

ACPV is a broad concept. It is the first Enterprise-wide data service. It will host data from across the NATO Enterprise, building the platform on which cyber security professionals will analyze and manage vulnerabilities. The term "assets" refers to information systems or technology that contain, host or process NATO data. "Configuration" refers to the initial set-up of these assets, the way they are pieced together and remain secure. "Patching" then refers to repairing, upgrading or updating these systems. The correct configuration and patching of assets significantly improve cybersecurity and reduces vulnerability of the Alliance as a whole to cyberattacks.

Background The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defense functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.

OBJECTIVE The objective of this Statement of Work (SoW) is to outline the scope of work and deliverables for the ACPV Data Analysis, Data Source Discover and Data Source Onboarding Support for NCSC.

The purpose of the work package is to provide support to NCSC to fulfil identified ACPV Discover, Onboarding and Analysis activities more effectively, as well as documentation activities related to the ACPV implementation and service.

SCOPE OF WORK The aim of this SOW is, under the direction / guidance of the NCSC Point of Contact, to support NCSC with technical expertise specifically related to ACPV - both project implementation activities and delivery of the service after implementation completion, with a deliverable based (completion-type) contract to be executed in 2026 and 2027.

Providing support as the ACPV Data Analysis, Data Source Discover and Data Source Onboarding Support, the service performed by the Contractor will be focused on the following weekly activities:

• Analysis of data sources related to assets, configurations, and vulnerabilities.
• Validation of onboarded data sources.
• Leading technical discussions on data sources, correlation, SOP.
• Preparation and presentation of technical findings, provision of recommendations, and documentation of results.
• Support data source discovery, data source onboarding, and data lifecycle processes in the context of ACPV.
• Review ACPV service for depth, compliance, and vulnerability exposure.
• Representation of NCIA to stakeholders, delivering presentations and recommendations.
• Documentation of ACPV processes.

Analysis of data sources related to assets, configurations, and vulnerabilities:

• Deliverables expected are outputs from a comprehensive examination of various data repositories to identify critical information concerning the organization's assets, their configurations, and any potential vulnerabilities. The process begins with the identification and cataloguing of relevant data sources that contain information about the network and information systems. This involves extracting pertinent data to build a comprehensive understanding of asset configurations and vulnerabilities. The analysis focuses on assessing vulnerabilities, identifying security gaps, and reviewing asset configurations to ensure compliance with established security standards. By synthesizing these findings, the task aims to provide actionable insights and recommendations for enhancing the security posture of the organization.
• Through this analysis, the organization seeks to gain a deeper understanding of its assets and configurations, ultimately identifying potential security risks and areas for improvement. The task culminates in the preparation of detailed reports that summarize the analysis results, highlight key vulnerabilities, and suggest mitigation strategies.
• These reports serve as a foundation for decision-making, enabling the organization to proactively address vulnerabilities and strengthen its network and information system security framework. By undertaking this task, the organization demonstrates its commitment to maintaining a robust security posture, ensuring the protection of its critical assets and information systems.

Validation of onboarded data sources:

• Deliverables are outputs from thorough examination and confirmation of the reliability and accuracy of data sources that have been integrated into the organization's systems. This process ensures that the data sources meet predefined criteria and standards for quality, relevance, and security. The validation task includes assessing the data's integrity, completeness, and consistency, as well as verifying the source's authenticity and compliance with organizational policies and industry regulations.
• The objective of this task is to guarantee that the data sources provide dependable and actionable insights for decision-making processes. The approach involves collaborating with technical teams and stakeholders to review documentation, conduct technical evaluations, and perform data analysis. This task may also include identifying potential vulnerabilities and recommending corrective actions to enhance data security and usability. Regular validation exercises are crucial to maintaining the organization's data ecosystem's robustness and ensuring that it supports strategic objectives effectively.
• Leading technical discussions on data sources, correlation, and SOP.
• Deliverables are outputs from orchestrating and guiding conversations among internal and external stakeholders to address technical aspects related to data management and utilization. This includes discussions on the selection, integration, and optimization of data sources, as well as the methodologies for correlating data to derive meaningful insights. The task requires expertise in both technical and strategic dimensions, ensuring that all parties have a clear understanding of the processes, challenges, and solutions associated with data handling.
• The objective is to foster a collaborative environment where technical complexities are dissected and resolved, and where SOPs are reviewed and refined to enhance operational efficiency. The approach involves setting agendas, facilitating discussions, and synthesizing diverse viewpoints to develop actionable strategies. Leading these discussions ensures alignment between technical capabilities and organizational goals, promoting effective data exploitation and adherence to best practices. Regular engagements and follow-ups are essential to maintain momentum and drive continuous improvement in data management processes.

Preparation and presentation of technical findings, provision of recommendations, and documentation of results:

• Deliverables are outputs from compiling and analyzing data-driven insights and translating them into comprehensive technical reports. This task requires the synthesis of complex information into clear, actionable findings that are easily understood by both technical and non-technical stakeholders. The preparation phase includes data analysis, identification of key trends, and evaluation of technical performance, which is then structured into a coherent presentation format.
• The objective is to effectively communicate technical findings and recommendations to inform decision-making and drive strategic initiatives. The approach includes creating detailed documentation that captures the methodology, results, and implications of the analysis. Presentations are tailored to the audience, emphasizing clarity and relevance, while recommendations are aligned with organizational goals and operational realities. The documentation serves as a valuable resource for future reference, ensuring that insights are preserved and can guide ongoing and future projects. Regular updates and feedback loops are integral to refining the process and enhancing the impact of the findings.

Support data source discovery, data source onboarding, and data lifecycle processes in the context of ACPV:

• Deliverables are outputs from assisting in the identification and integration of new data sources into the ACPV (Assumed Contextual Project or Program Value) framework. This includes evaluating potential data sources for their applicability, reliability, and alignment with project objectives. The task also encompasses the onboarding process, ensuring that new data sources are seamlessly integrated into existing systems and processes, while adhering to organizational standards and protocols.
• The objective is to enhance the ACPV's data ecosystem by expanding and optimizing the range of data sources available, thereby improving the quality and scope of data-driven insights. The approach involves close collaboration with technical teams to streamline the onboarding process, ensuring that all necessary security, compliance, and operational checks are conducted. Additionally, supporting the data lifecycle processes involves ongoing monitoring, maintenance, and optimization of data sources to ensure their continued relevance and effectiveness. This task is crucial for maintaining a dynamic and robust data environment that supports the project's evolving needs.

Review ACPV service for depth, compliance, and vulnerability exposure:

• Deliverables are outputs from comprehensive evaluation of the ACPV service to ensure it meets the necessary technical and security standards. This process requires a detailed examination of the service's architecture, configurations, and operational procedures to verify that they align with the established compliance requirements. The review will assess the depth of IT services provided, ensuring they are robust and comprehensive enough to support the organization's needs. This includes analyzing the service's documentation, Standard Operating Procedures (SOPs), and technical reports to identify any discrepancies or areas for improvement.
• Additionally, the task involves identifying potential vulnerabilities within the ACPV service that could pose security risks to the organization. This includes scrutinizing the interconnection points between networks and information systems, as well as evaluating the effectiveness of existing security measures. The goal is to uncover any weaknesses that could be exploited by malicious actors and to provide recommendations for mitigating these risks. By conducting this thorough review, the organization can ensure that the ACPV service operates securely and efficiently, maintaining compliance with internal and external standards.

Representation of NCIA to stakeholders, delivering presentations and recommendations:

• This task entails acting as the official spokesperson for the NCIA in meetings with external parties. This role involves conveying the organization's objectives, initiatives, and progress to stakeholders, ensuring that they are well informed about the NCIA's activities and strategic direction. The representative must possess a deep understanding of the organization's projects and priorities to effectively communicate key messages and foster positive relationships with stakeholders. This task requires strong interpersonal skills and the ability to engage with diverse audiences, including government entities, partner organizations, and industry leaders.
• Furthermore, the task includes delivering presentations that provide insights into technical data and findings, along with actionable recommendations based on thorough analyses. The representative must be adept at translating complex technical information into clear, understandable formats that facilitate informed decision-making. By offering expert guidance and recommendations, the representative plays a crucial role in shaping stakeholders' perceptions and decisions, ensuring alignment with the NCIA's goals. This task is pivotal in building trust and credibility with external parties and driving collaborative efforts that support the organization's mission.

Documentation of ACPV processes:

• Deliverables are outputs from systematically capturing and recording all procedures, methodologies, and workflows associated with the ACPV service. This documentation serves as a comprehensive reference that outlines how the ACPV service operates, detailing each step of the processes involved.
• The aim is to create clear, structured documents that provide guidance for current and future personnel, ensuring consistency and accuracy in the execution of ACPV-related tasks. This includes documenting technical specifications, compliance checklists, and any relevant operational protocols to facilitate seamless knowledge transfer and operational continuity.
• Moreover, the documentation process is critical for maintaining transparency and accountability within the organization. By thoroughly documenting ACPV processes, the organization can easily track changes, updates, and improvements over time, enabling effective process management and optimization. This task also supports auditing and compliance efforts, providing evidence that the ACPV service adheres to required standards and regulations. Comprehensive documentation is essential for risk management, as it helps identify potential gaps or vulnerabilities within processes and supports the development of strategies to address them proactively.

Do you have experience in Tableau?, Do you have a Master's degree?, * Active Directory Security Assessment Tool

• On-board Data Source Validation
• Security Assessment and Documentation, For the execution of this contract, the following qualifications are required:
• Nationally recognized/certified engineering university/college qualification with preferably Master of Science degree.
• Valid security clearance at minimum NATO SECRET level.
• Good knowledge of MS Office, with a minimum of 2 years of experience.
• Prior experience with data visualization tools (e.g. Power BI, Tableau, Grafana) and the Ability to analyze and interpret structured and unstructured data.
• Knowledge of cybersecurity fundamentals, risk analysis, threat modelling and secure data handling, and Cyber Security tools e.g. vulnerability assessment, forensic analysis, log aggregation and correlation.
• Data sensitivity awareness. Understanding of handling classified or mission-critical information.
• Knowledge of multi-vendor switching, routing and security technology with proven technical experience with in depth understanding of communication protocols (mainly TCP/IP stack and technology behind of each element in the stack), network and security technologies.
• Knowledge of NATO Accreditation process and document set required for Accreditation and potential presentation to NSAB.
• Ability to plan and execute assigned project tasks taking into account policies, program goals, and priorities, funding and other planning constraints.
• Ability to work on their own and as part of a team.
• Motivated, good communication skills, team player.
• Good communication skills (speaking, reading, writing, listening) in English.
• At least 3 years in support of a Cyber Security environment.
• Prior experience of working in an international environment, including both military and civilian elements, for a minimum of 1 year (preferred).
• Knowledge/understanding of NATO responsibilities and organization.
• Knowledge of NATO Communication and Information Systems Infrastructure (preferred).