2024-0096 DevSecOps Engineer (NS) - TUE 14 May

Deadline Date: Tuesday 14 May 2024

Requirement: DevSecOps Engineer

Location: On-site, either in The Hague, Netherlands or in Braine L’Alleud, Belgium.

Period of Performance: As soon as possible but not later than 17 JUN 2024 to 31 DEC 2024, with possibility to exercise three 1 (one) year options (2025, 2026, 2027)

Required Security Clearance: NATO SECRET

1 INTRODUCTION

The NATO Communications and Information Agency (NCI Agency) has been modernizing its application-hosting infrastructure and has been implementing custom DevSecOps delivery processes. As part of this work a body of development and implementation work, it is needed to update existing applications, migrate them to new infrastructure and establish operation and maintenance capabilities. The ITM RC1 Applications team is building a multi-year team of system administrators and DevSecOps engineers to support this work.

NCI Agency is looking for a DevSecOps engineer with a background in automation and containerization technology as well as in legacy hypervisor environments to support the ITM RC1 team with both containerized and legacy migrations to the new infrastructure.

2 OBJECTIVES

NCI Agency is undertaking a major infrastructure modernization project, enabling comprehensive application lifecycle management. In addition, existing applications will have to be migrated to the new infrastructure.

The main objective of this statement of work is to support the ITM RC1 team with planning, performing, testing, validating and documenting this body of work. Specifically, this comprises of:

- Implementing DevSecOps and automation capabilities (GitOps, Kubernetes, Ansible)

- Transitioning suitable applications from a hypervisor to a container platform

- Migrating legacy virtual machine payloads

3 SCOPE OF WORK

Under the direction / guidance of the NCIA Point of Contact or delegated staff, the DevSecOps engineer will support building the ITM RC1 Application Migration team

This includes the following activities:

• Develop containers and Terraform and Ansible scripts for existing applications

• Develop / maintain infrastructure as code for deployment and configuration of infrastructure (VMs, Disks), core services (AD, CA, Exchange etc.), and applications (NATO and Commercial Application)

• Contribute to design and implementation of infrastructure as code and container orchestration services

• Contribute to the design and implementation of an overall DevSecOps capability

• Migrate Virtual Machines legacy payloads

• Implement hardening, compliancy and security scanning

• Create pipelines and self-service solutions for deploying test environments using infrastructure as code

• Participate in entire lifecycle activities – including design, testing, training and documentation

The contractor will be part of a team and will work using an Agile and iterative approach during multiple sprints. Each sprint is planned for a duration of 1 week. The content and scope of each sprint will be agreed during the sprint-planning meeting.

4 DELIVERABLES AND PAYMENT MILESTONES

The following deliverables are expected in relation to this statement of work:

2024 BASE period:

Deliverable 01: 30 sprints of software development.

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

Invoices shall be accompanied by a Certificate of Acceptance (Annex B), signed for acceptance by the Project Authority.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements

OPTION YEAR 1: 01 January 2025 to 31 December 2025

Deliverable 01: 44 sprints of software development.

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

Invoices shall be accompanied by a Certificate of Acceptance (Annex B), signed for acceptance by the Project Authority.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements

OPTION YEAR 2: 01 January 2026 to 31 December 2026

Deliverable 01: 44 sprints of software development.

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

Invoices shall be accompanied by a Certificate of Acceptance (Annex B), signed for acceptance by the Project Authority.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements

OPTION YEAR 3: 01 January 2027 to 31 December 2027

Deliverable 01: 44 sprints of software development.

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

Invoices shall be accompanied by a Certificate of Acceptance (Annex B), signed for acceptance by the Project Authority.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements

5 COORDINATION AND REPORTING

The contractor shall participate in daily status update meetings, sprint planning, sprint retrospectives and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to project manager’s instructions.

For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the work held and the development achievements during the sprint.

Also a Certificate of Acceptance (Annex B) will be filled in and signed by the contractor and signed for acceptance by the Project Authority.

6 SCHEDULE

This task order will be active immediately after signing of the contract by both parties and will end no later than 31 December 2024.

In case the options are exercised, the related period of performance for the three options are as follows: 01 January 2025 to 31 December 2025, 01 January 2026 – to 31 December 2026 and 01 January 2027 to 31 December 2027.

7 CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the project point of contact.

All code, scripts, documentation, etc. will be stored under configuration management and/or in the provided NCI Agency tools.

All the deliverables of this project will be considered at most NATO RESTRICTED

Part of the work will involve handling classified networks, therefore, a security clearance at NATO SECRET level is expected for the contractor undertaking this project. While the contractor may start work prior to obtaining the appropriate clearance, it should be obtained no longer than 3 months after the effective contract start date. In a case that the contract has started prior to obtaining a clearance, for a maximum 3 months period, the contractor can work remotely while periodically visiting the office in The Hague as a visitor.

8 PRACTICAL ARRANGEMENTS

The contractor will be required to work on site, either in The Hague, Netherlands or in Braine L’Alleud, Belgium. Final location will be determined after contract award.

Access to the NCI Agency platforms will be provided in coordination with the NCIA Point of Contact or delegated staffs.

The contractor may be required to travel to NCI Agency, Mons BE, Braine L’Alleud BE, The Hague NL and other sites within NATO for completing these tasks. Travel expenses will be reimbursed under AAS+ framework contract provisions and in accordance with NCIAs Travel Directive.

9 QUALIFICATIONS

[See Requirements]

Requirements

9 QUALIFICATIONS

The consultancy support for this work requires a software developer with the following qualifications:

• The candidate has relevant and recent experience in administrating complex applications or systems.
• The candidate has a track record in DevSecOps and has strong problem solving skills.
• The candidate has extensive and recent experience with and knowledge of Continuous integration and delivery, including the following tools and technologies and concepts: a. Git (mandatory); b. Ansible (mandatory); c. Docker (mandatory); d. Jenkins (mandatory); e. Terraform/OpenTofu (mandatory); f. VMWare vSphere (mandatory); g. Designing and implementing build/deploy pipelines
• The candidate has extensive and recent experience with and knowledge of Continuous Operations, including the following tools and technologies and concepts: a. Kubernetes; b. GitOps; c. Container Registry
• The candidate has experience with designing and maintaining Sharepoint, SQL Server, Postgres, Active Directory and Exchange solutions
• The candidate has relevant and recent experience in using Scrum methodology.
• The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
• The candidate is able to speak and write fluent English since the work is conducted in English.
• The candidate must have the nationality of one of the NATO nations.