Cloud Migration and Operations Engineer

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID – 2025-0215

Role Background

NCIA is embracing cloud services by transitioning to Microsoft 365 with a security-centric design.

This shift aims to enhance operational efficiency, collaboration, and security across the organization.

The objective of this statement of work is to establish a support and operating model for End User Services operating in the Public Cloud, with a focus on Microsoft 365 services.

Role Duties and Responsibilities

• Cloud Operations Oversight
  • Manage and maintain hybrid-cloud workloads using Microsoft Azure and Microsoft 365.
  • Monitor operational performance, security, and reliability of core cloud services.
  • Ensure alignment with NATO’s Enterprise Cloud Operating Model.
• Migration Support and Planning
  • Assist in data center-to-cloud migration planning and implementation.
  • Lead technical validation of migrated workloads.
  • Support phased service transitions and readiness checks.
• Azure Platform Engineering
  • Maintain and configure Storage Accounts, NSGs, Azure DNS, and VNETs.
  • Troubleshoot and resolve Azure IaaS and PaaS issues.
  • Collaborate with security teams to enforce boundary protection.
• Microsoft Intune and M365 Support
  • Oversee Intune policy and compliance profiles.
  • Coordinate device onboarding and role-based access controls.
  • Support conditional access and mobile app management.
• Microsoft Defender Platform
  • Configure and monitor Microsoft Defender across 365 and Endpoint environments.
  • Respond to alerts and support SOC operations.
  • Develop and manage custom detection rules.
• Microsoft Sentinel and SIEM Integration
  • Integrate Sentinel with security tooling for SOC visibility.
  • Create dashboards and incident response workflows.
  • Support threat hunting and data normalization.
• Microsoft Purview and Compliance
  • Implement DLP, retention, and eDiscovery policies.
  • Manage compliance manager score improvements.
  • Ensure ongoing audit readiness.
• Data Sanitization and Ingress
  • Utilize OPSWAT MetaDefender for malware scanning and content filtering.
  • Support PST ingestion and data flattening into compliant structures.
  • Monitor ingestion workflows for OneDrive, SharePoint, and Exchange.
• Sensitivity Labeling and Metadata Governance
  • Define and assign sensitivity labels across Microsoft 365 workloads.
  • Integrate with Titus and metadata frameworks for automated enforcement.
  • Support information protection and usage reporting.
• Cloudflare One and ZTNA Design
  • Support Zero Trust policy deployment with Cloudflare WARP clients.
  • Configure access policies, DNS filtering, and posture checks.
  • Troubleshoot endpoint trust issues and network pathing.
• Email Security Management
  • Maintain email security policies and configurations.
  • Review threat intelligence feeds and domain spoofing mitigation.
  • Support SPF/DKIM/DMARC configuration and enforcement.
• DevOps and Automation
  • Develop scripts and workflows using PowerShell and YAML pipelines.
  • Integrate CI/CD processes with GitHub Actions and Azure DevOps.
  • Manage Terraform templates and ARM-based deployments.
• Security and Architecture Review
  • Support system architecture review boards (SARBs).
  • Provide technical guidance for secure solution design.
  • Align with NIST, ISO 27001, and NATO-specific frameworks.
• Stakeholder Coordination
  • Interface with senior management to gather technical requirements.
  • Present design proposals and readiness assessments.
  • Coordinate across NCSC, service teams, and project offices.
• Documentation and Knowledge Transfer
  • Maintain As-Built and Operational documentation.
  • Draft SOPs, STIGs, and runbooks for managed environments.
  • Deliver training and knowledge transfer to operations teams.
• Collaboration and Communication:
  • Collaborate with IT security, compliance, and other relevant teams to ensure
  • cohesive Cloud Operations strategies.
  • Communicate effectively with internal stakeholders to understand requirements and address concerns.

Essential Skills, Experience and Certifications

• Microsoft Azure and M365 Expertise (8 years of experience)
  • Strong practical knowledge of M365 tenant architecture and services.
  • In-depth Azure experience including RBAC, ARM, and NSGs.
  • Capability to design and maintain secure hybrid environments.
• Device and Intune Management (8 years of experience)
• Experience managing corporate devices with Microsoft Intune.
• Configuration of policies for compliance and conditional access.
• Troubleshooting enrollment, provisioning, and policy conflicts.
• Advanced Cloud Security Controls
  • Implementation of security configurations in Defender XDR.
  • Experience with identity protection and MFA enforcement.
  • Familiarity with Microsoft 365 Secure Score and Zero Trust maturity.
• SIEM and Monitoring
  • Hands-on experience with Microsoft Sentinel and log correlation.
  • Knowledge of Kusto Query Language (KQL) for custom rules.
  • Ability to respond to and triage security alerts.
• Data Protection and Compliance
• Proficiency in using Purview for sensitivity, retention, and eDiscovery.
• Familiarity with GDPR, DLP, and compliance manager.
• Integration of compliance frameworks into daily operations.
• Information Labeling Solutions
• Experience with Titus and Microsoft Sensitivity Labels.
• Label enforcement in Exchange, Teams, SharePoint, and OneDrive.
• Integration with metadata and classification engines.
• Zero Trust Architecture
• Experience implementing Cloudflare Zero Trust policies.
• Use of WARP client, Access Gateway, and posture validation.
• Policy tuning and client troubleshooting in secure environments.
• Threat Protection and Email Security
• Configuration and tuning of Proofpoint threat policies.
• Knowledge of mail routing, encryption, and threat analytics.
• Understanding of SPF, DKIM, and DMARC application.
• Automation and DevOps
• PowerShell scripting and automation pipeline development.
• Familiarity with Git, YAML, Terraform, and Bicep.
• CI/CD lifecycle knowledge for infrastructure as code.
• Data Migration and OPSWAT
  • Experience with data flattening, rehydration, and ingestion.
  • Use of MetaDefender for sanitization and CDR operations.
  • Managing large file sets and PST archives securely.
• Storage and Network Infrastructure
  • Understanding of Azure Storage Account tiers and encryption.
  • VNET peering, NSG enforcement, and firewall logging.
  • Experience with private endpoints and routing policies.
• Stakeholder Engagement
  • Strong communication and stakeholder management skills.
  • Experience in requirement elicitation and technical validation.
  • Presentation of solution architectures and recommendations.
• Architecture Documentation
  • Skilled in technical writing for solution design and operations.
  • Authoring and maintaining architectural design documents.
  • Contribution to SOPs and compliance documentation.
• Security Frameworks and Policy
  • Familiarity with NIST SP 800-53, CIS Benchmarks, and ISO standards.
  • Experience supporting NATO and governmental security requirements.
  • Supporting compliance audits and accreditation processes.
• Communication and Collaboration:
  • Excellent communication skills to effectively collaborate with IT teams, stakeholders, and end-users.
  • Ability to document processes clearly and provide training on IAM tools and practices.
• Organizational Skills:
  • Strong organizational skills to manage multiple tasks and priorities effectively.
  • Attention to detail in managing M365 environment and the Microsoft Intune Platform.
• Team Collaboration:
  • Ability to work effectively as part of a team and share knowledge and resources.
  • Willingness to collaborate with colleagues to solve complex issues.
• Others:
  • The individuals shall have strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
  • Full proficiency in the English language. French language proficiency is of advantage.
  • The individual must have the nationality of one of the NATO nations.

Working Location

• The Hague, Netherlands

Working Policy

• Onsite

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.