EMW, Inc. Belgium Contract 2024-07-02

Deadline Date: Monday 15 July 2024

Requirement: Cloud Engineer (Hybrid) Infrastructure Management

Location: Off-Site

Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)”. Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs

Period of Performance: 2024 BASE: Contract period should not start later than 26 August 2024 until 31 December 2024, with the possibility to exercise following options:

2025 Option: 1 January 2025 until 31 December 2025

2026 Option: 1 January 2026 until 31 December 2026

2027 Option: 1 January 2027 until 31 December 2027

2028 Option: 1 January 2028 until 31 December 2028

Required Security Clearance: NATO SECRET

1 INTRODUCTION

Supporting NATO throughout all its geographical locations, the NCI Agency is looking for Cloud Engineer (Hybrid), Infrastructure Management, joining the journey of NATO’s modernisation of IT services, through leveraging the public cloud (Microsoft Azure, M365 and Amazon AWS), delivering managed, protected, security-centric and reliable IT Services.

NCI Agency – Cloud Operations Team: The NATO Communications and Information Agency (NCI Agency) is dedicated to supporting NATO’s strategic objectives, including the ambitious NATO 2030 agenda. As part of this commitment, we are spearheading the modernization and digital transformation of NATO’s IT services. Our focus is on leveraging public cloud technologies like Microsoft 365 and Intune, incorporating a security-by-design approach, and ensuring a seamless transition to a modern, collaborative workplace environment.

To achieve these goals, we are building a Cloud Operations team under the Cloud Center of Excellence, operating under the NATO Enterprise Cloud Operating Model (NECOM). The NECOM framework provides a standardized approach for cloud service management, ensuring interoperability, scalability, and security across NATO’s IT infrastructure. The Cloud Center of Excellence will serve as a hub for best practices, innovation, and expertise, driving the adoption and optimization of cloud technologies within NATO. This team will play a crucial role in our journey towards providing managed, protected, and reliable End User Services.

Embracing the latest technological advancements, this initiative will foster innovation and ensure NATO remains at the cutting edge of IT capabilities. By continuously evolving and integrating new technologies, we aim to enhance operational efficiency and readiness for future challenges. This remote position offers an exciting opportunity to be at the forefront of NATO’s technological evolution and contribute to the security and efficiency of our operations.

NCI Agency – Cloud Centre of Excellence (CCoE): The Cloud Centre of Excellence (CCoE) within the NCI Agency is focused on driving successful cloud adoption and maximizing the potential of cloud technologies across the organization. It serves as a central governing body, promoting best practices, enabling knowledge sharing, and ensuring alignment between business objectives and cloud initiatives. The CCoE supports various cloud-based solutions, ensuring their effective and efficient implementation and management. By fostering a culture of continuous improvement and innovation, the CCoE helps the NCI Agency leverage cloud technologies to enhance operational efficiency, scalability, and agility.

The NCI Agency is seeking a highly skilled Cloud Engineer (Hybrid), Infrastructure Management to join our IT team. The M365 Core Infrastructure Engineer will manage the overarching platform settings for Microsoft 365, Azure-hosted virtual machines, connected databases, Kubernetes clusters, and AWS-hosted machines. This role involves maintaining and securing virtual machines for both application and OS levels, managing the top-level M365 portal/platform, and supporting application users in conjunction with M365 services. The ideal candidate will have extensive experience with cloud infrastructure, virtualization, and security tools. You will collaborate with cloud operations teams, business areas, boundary protection teams, and customers to maintain, operate, and support applications dependent on M365 user services.

As an M365 Core Infrastructure Engineer, you will be responsible for deploying, configuring, and maintaining virtual machines in both Azure and AWS environments. You will ensure the seamless integration and optimization of connected databases, utilizing services like Azure SQL Database and AWS RDS.

Additionally, you will manage Kubernetes clusters using Azure Kubernetes Service (AKS) and AWS Elastic Kubernetes Service (EKS). Your role will also involve implementing and maintaining robust security measures, including network security groups, firewalls, and data loss prevention (DLP) policies.

You will develop and maintain PowerShell scripts for automating cloud management tasks, enhancing operational efficiency through tools like Azure Automation and AWS Lambda. Monitoring and reporting on the health and performance of cloud resources using Azure Monitor, AWS CloudWatch, and Kubernetes dashboards will be critical to your role. You will generate detailed reports on cloud resource usage, performance, and compliance, providing insights and recommendations for continuous improvement.

Collaboration will be key, as you work closely with CloudOps teams, business areas, and boundary protection teams to ensure cohesive cloud management strategies. You will also support application users by providing technical support and troubleshooting to ensure high levels of user satisfaction. If you are a motivated individual with a strong background in cloud infrastructure and full proficiency in English, we invite you to apply and join our dynamic team.

2 OBJECTIVES

The NCI Agency is embracing cloud services by transitioning to Microsoft 365 with a security-centric design.

This shift aims to enhance operational efficiency, collaboration, and security across the organization. We are looking for individuals with strong knowledge, a willingness to learn, and a desire to grow as part of this new challenge.

The objective of this statement of work is to establish a support and operating model for End User Services operating in the Public Cloud, with a focus on Microsoft 365 services.

3 SCOPE OF WORK

Under the direction / guidance of the local NCIA Point of Contact or the Cloud Ops Operations Manager, the Cloud Engineer (Hybrid), Infrastructure Management will be supporting the following activities:

1) M365 Platform Management:

a) Manage and optimize the overarching settings for the M365 platform.

b) Configure and maintain M365 portal settings and policies.

c) Monitor platform performance and ensure high availability.

d) Implement best practices for M365 platform management and governance.

2) Azure Virtual Machine Management:

a) Deploy, configure, and maintain Azure-hosted virtual machines.

b) Manage and optimize connected databases using Azure SQL Database, Azure Cosmos DB, or other database services.

c) Set up, configure, and manage Kubernetes clusters in Azure using Azure Kubernetes Service (AKS).

d) Implement security measures, including Azure Security Center, to ensure compliance with organizational policies.

3) AWS Virtual Machine Management:

a) Deploy, configure, and maintain AWS-hosted virtual machines using EC2.

b) Ensure seamless integration with AWS services like RDS for databases and EKS for Kubernetes.

c) Monitor and optimize the performance of AWS virtual machines using CloudWatch.

d) Implement security measures, including AWS IAM and AWS Security Hub.

4) Virtual Machine Maintenance:

a) Perform regular patching and updates for virtual machines using tools like Azure Update Management and AWS Systems Manager.

b) Maintain and monitor security tools, such as antivirus and intrusion detection systems.

c) Monitor virtual machine health and performance using Azure Monitor and AWS CloudWatch.

d) Troubleshoot and resolve virtual machine-related issues, ensuring minimal downtime.

5) Application Support:

a) Support application users in conjunction with M365 provided services, ensuring seamless integration and performance.

b) Collaborate with application teams to ensure cloud resources meet their requirements.

c) Provide technical support and troubleshooting for application-related issues.

d) Ensure high levels of user satisfaction by delivering prompt and effective support.

6) Collaboration with CloudOps and Business Areas:

a) Work closely with CloudOps teams to ensure cohesive cloud management strategies.

b) Collaborate with other business areas to support their cloud infrastructure needs.

c) Provide expertise and support for cloud-related projects and initiatives.

d) Participate in cross-functional team meetings and discussions to share insights and best practices.

7) Boundary Protection and Security:

a) Collaborate with boundary protection teams to ensure secure cloud infrastructure.

b) Implement and maintain security measures for virtual machines and cloud services, including network security groups and firewalls.

c) Conduct regular security assessments and vulnerability scans using tools like Azure Security Center and AWS Inspector.

d) Develop and maintain data loss prevention (DLP) policies for cloud infrastructure.

8) Automation and Scripting:

a) Develop and maintain PowerShell scripts for automating cloud management tasks in Azure.

b) Use tools like Azure Automation and AWS Lambda to enhance operational efficiency.

c) Implement automated workflows for routine maintenance tasks using tools like Azure DevOps and AWS CodePipeline.

d) Maintain and update existing automation scripts to adapt to new requirements and technologies.

9) Monitoring and Reporting:

a) Use monitoring tools such as Azure Monitor, AWS CloudWatch, and Kubernetes dashboards to track the health and performance of cloud resources.

b) Generate detailed reports on cloud resource usage, performance, and compliance.

c) Analyze usage patterns to optimize resource allocation and reduce costs.

d) Provide insights and recommendations for improving cloud infrastructure and services.

10) Continuous Improvement:

a) Stay up-to-date with the latest developments in cloud infrastructure, M365 technologies, and best practices.

b) Continuously improve cloud services to meet evolving organizational needs.

c) Participate in industry forums, webinars, and training sessions to enhance technical knowledge.

d) Propose and implement new features and enhancements based on user feedback and technological advancements.

11) Disaster Recovery Planning:

a) Develop and implement disaster recovery and business continuity plans for cloud infrastructure.

b) Ensure quick restoration of services in the event of an outage.

c) Conduct regular disaster recovery drills to test the effectiveness of recovery plans.

d) Maintain documentation of recovery procedures and processes.

12) Integration with Third-Party Services:

a) Integrate cloud services with third-party applications and services using APIs and connectors.

b) Manage and troubleshoot API integrations to ensure seamless data exchange and functionality.

c) Ensure compatibility and security of integrated services by following best practices.

d) Collaborate with third-party vendors to resolve integration issues and optimize performance.

13) Configuration Management:

a) Implement and maintain configuration management practices for cloud resources.

b) Use tools like Azure DevOps, Ansible, and Terraform for configuration management.

c) Ensure consistency and compliance with configuration management policies.

d) Monitor and report on configuration changes and their impact on services.

14) Performance Optimization:

a) Continuously monitor and optimize the performance of cloud resources.

b) Implement performance tuning and optimization strategies for virtual machines and databases.

c) Analyze performance metrics to identify bottlenecks and areas for improvement.

d) Work with development and operations teams to ensure optimal performance of applications and

services.

The contractor will be part of a team providing Technical Level 2 and 3 support, ensuring the secure, available, managed and compliant delivery of Public Cloud Services to NATO and its Strategic Commands.

The contractor will work primarily remotely, providing services during Core working hours of the Cloud Operations team (Brussels / BEL).

The measurement of execution for this work is sprints, with each sprint being planned for a duration of 1 week.

4 DELIVERABLES AND PAYMENT MILESTONES

The following deliverables are expected from the work on this statement of work:

Deliverable 01: 20 sprints

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and project authority.

2025 OPTION: 01 January 2025 to 31 December 2025

Deliverable 01: Up to 46 sprints

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and project authority.

2026 OPTION: 01 January 2026 to 31 December 2026

Deliverable 01: Up to 46 sprints

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and project authority.

2027 OPTION: 01 January 2027 to 31 December 2027

Deliverable 01: Up to 46 sprints

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and project authority.

2028 OPTION: 01 January 2028 to 31 December 2028

Deliverable 01: Up to 46 sprints

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and project authority.Contractor and project authority.

5 COORDINATION AND REPORTING

The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via electronic means using Conference Call capabilities, according to the Operation Managers / Team Leaders instructions.

For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the work held and the development achievements during the sprint.

6 SCHEDULE

This task order will be active immediately after signing of the contract by both parties

The BASE period of performance is as soon as possible but not later than 26th August 2024 and will end no later than 31st December 2024.

If the 2025 option is exercised, the period of performance is 01st January 2025 to 31st December 2025

If the 2026 option is exercised, the period of performance is 01st January 2026 to 31st December 2026.

If the 2027 option is exercised, the period of performance is 01st January 2027 to 31st December 2027.

If the 2028 option is exercised, the period of performance is 01st January 2028 to 31st December 2028.

7 CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the project point of contact.

All code, scripts, documentation, etc. will be stored under configuration management and/or in the provided NCI Agency tools.

8 SECURITY

The duties of the consultants require a valid NATO SECRET security clearance.

All the deliverables of this project will be considered NATO UNCLASSIFIED, while access to networks exceeding this classification level is required.

With this role being of technical nature providing administrative support, a security clearance at the NATO Secret level is required prior to the start of the engagement.

9 PRACTICAL ARRANGEMENTS

The contractor will be required to work primarily remote (Off-site) as part of this engagement. The Cloud Operations Team is located in BRUSSELS / BEL and THE HAGUE / NLD, with working hours to be adjusted accordingly.

The contractor will be required to work within a NATO country, following the rules and regulations applicable for the operations of NATO CIS.

The contractor may be required to travel, not exceeding 1 week per month, to other NCI Agency locations as part of his role. The locations applicable for this engagement are limited to BRUSSELS / BEL and THE HAGUE / NLD. Travel expenses will be reimbursed to the individual directly (outside this contract) under NATO rules.

This individual hired for this position will be part of the NCIA Cloud Operations Team.

10 QUALIFICATIONS

[See Requirements]

Requirements

8 SECURITY

  • The duties of the consultants require a valid NATO SECRET security clearance.
  • With this role being of technical nature providing administrative support, a security clearance at the NATO Secret level is required prior to the start of the engagement.

 

10 QUALIFICATIONS

The consultancy support for this work requires an experienced Cloud Engineer (Hybrid), Infrastructure Management with the following qualifications:

1) M365 Platform Management:

  • Advanced knowledge of M365 platform settings and configurations.
  • Experience optimizing M365 portal performance.
  • Proficiency in monitoring and maintaining M365 services.
  • Ability to implement best practices for platform management and governance.

2) Azure Virtual Machine Management:

  • Expertise in deploying and managing Azure-hosted virtual machines.
  • Experience with connected databases and Kubernetes clusters in Azure.
  • Proficiency in implementing and maintaining security measures using Azure Security Center.
  • Ability to troubleshoot and resolve Azure VM-related issues.

3) AWS Virtual Machine Management:

  • Skilled in deploying and managing AWS-hosted virtual machines using EC2.
  • Experience ensuring seamless integration with AWS services like RDS and EKS.
  • Proficiency in monitoring and optimizing AWS VM performance using CloudWatch.
  • Ability to implement and maintain security measures using AWS IAM and Security Hub.

4) Virtual Machine Maintenance:

  • Advanced knowledge of patching and maintaining virtual machines using Azure Update Management and AWS Systems Manager.
  • Experience with security tools, such as antivirus and intrusion detection systems.
  • Proficiency in monitoring virtual machine health and performance using Azure Monitor and AWS CloudWatch.
  • Ability to troubleshoot and resolve virtual machine-related issues.

5) Application Support:

  • Strong technical support and troubleshooting skills for application users.
  • Experience collaborating with application teams to integrate M365 services.
  • Proficiency in resolving application-related issues and ensuring seamless integration with cloud services.
  • Ability to ensure high levels of user satisfaction through effective support.

6) Collaboration with CloudOps and Business Areas:

  • Skilled in working with CloudOps teams and other business areas to support cloud infrastructure needs.
  • Experience providing expertise for cloud-related projects and initiatives.
  • Proficiency in participating in cross-functional team meetings and discussions.
  • Ability to share insights and best practices for cloud management.

7) Boundary Protection and Security:

  • Advanced knowledge of security measures for cloud infrastructure, including network security groups and firewalls.
  • Experience collaborating with boundary protection teams to ensure secure cloud infrastructure.
  • Proficiency in conducting security assessments and vulnerability scans using Azure Security Center and AWS Inspector.
  • Ability to develop and maintain DLP policies for cloud services.

8) Automation and Scripting:

  • Proficient in writing and executing PowerShell scripts for cloud management tasks in Azure.
  • Experience using automation tools like Azure Automation and AWS Lambda.
  • Ability to implement automated workflows for routine maintenance tasks using tools like Azure DevOps and AWS CodePipeline.
  • Knowledge of maintaining and updating automation scripts to adapt to new requirements and technologies.

9) Monitoring and Reporting:

  • Proficient in using monitoring tools such as Azure Monitor, AWS CloudWatch, and Kubernetes dashboards to track cloud resource health and performance.
  • Ability to generate detailed reports on cloud resource usage, performance, and compliance.
  • Experience analyzing usage patterns to optimize resource allocation and reduce costs.
  • Proficiency in providing insights and recommendations for improving cloud infrastructure and services.

10) Continuous Improvement:

  • Commitment to staying current with the latest developments in cloud infrastructure, M365 technologies, and best practices.
  • Proactive in implementing improvements and enhancements to cloud services.
  • Participation in industry forums, webinars, and training sessions to enhance technical knowledge.
  • Ability to propose and implement new features and enhancements based on user feedback and technological advancements.

11) Disaster Recovery Planning:

  • Experience developing and implementing disaster recovery and business continuity plans for cloud infrastructure.
  • Ability to conduct regular disaster recovery drills to test the effectiveness of recovery plans.
  • Knowledge of maintaining detailed documentation of recovery procedures and processes.
  • Proficiency in ensuring quick restoration of services in the event of an outage.

12) Integration with Third-Party Services:

  • Knowledge of integrating cloud services with third-party applications and services using APIs and connectors.
  • Experience managing and troubleshooting API integrations to ensure seamless data exchange and functionality.
  • Ability to ensure compatibility and security of integrated services by following best practices.
  • Skilled in collaborating with third-party vendors to resolve integration issues and optimize performance.

13) Configuration Management:

  • Expertise in implementing and maintaining configuration management practices for cloud resources.
  • Proficiency in using tools like Azure DevOps, Ansible, and Terraform for configuration management.
  • Ability to ensure consistency and compliance with configuration management policies.
  • Experience monitoring and reporting on configuration changes and their impact on services.

14) Performance Optimization:

  • Skilled in monitoring and optimizing the performance of cloud resources.
  • Proficiency in implementing performance tuning and optimization strategies for virtual machines and databases.
  • Experience analyzing performance metrics to identify bottlenecks and areas for improvement.
  • Ability to work with development and operations teams to ensure optimal performance of applications and services.

15) Others:

  • The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
  • Full proficiency in the English language. French language proficiency is of advantage.
  • The candidate must have the nationality of one of the NATO nations.

 

This role is critical for maintaining efficient IT support operations and ensuring users receive timely and effective assistance with their devices and Microsoft 365 services. As an M365 Core Infrastructure Engineer, you will manage complex cloud infrastructure, support application users, and ensure the seamless operation of M365, Azure, and AWS environments. If you are a motivated individual with a strong background in cloud infrastructure and full proficiency in English, we invite you to apply and join our dynamic team.