Cyber Security Engineer

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID – 2025-0342

Role Background

The NATO Communications and Information Academy (NCI Academy) offers training on both static and deployed NATO communication and information systems (CIS). This includes Consultation, Command, Control, Communications and Intelligence, Surveillance and Reconnaissance (C4ISR), as well as cyber security and cyber defence. Moreover, the NCI Academy plays an instrumental role in designing, developing and rolling out new learning solutions. This is achieved through comprehensive analysis of training requirements and by leveraging cutting-edge learning technologies.

The NCI Academy also provides a range of education and training services through its Academy Learning Environment (ALE). The ALE governs and strategically coordinates the

systems and infrastructure that deliver training, including the Training Management System (TMS), Learning Management System (LMS), Academy Training Network (ATN), and future components such as the Adaptive Learning Platform. These systems support multiple delivery methods, such as classroom training, mobile training, Virtual Instructor-Led Training (VILT), and self-paced training. The ALE relies on technological elements like cloud-hosted services (TMS, LMS), virtual environments via the ATN, local networks, and a Virtual Desktop Infrastructure (VDI) that enables remote access.

To ensure these systems remain secure and compliant, the NCI Academy is outsourcing Cyber Security Engineering and System Accreditation Support for the ALE. The Contractor shall work in close coordination with, and report to, the Academy Technical Capability (TeC) Team.

Role Duties and Responsibilities

• The Contractor shall develop and maintain the system descriptions for ALE systems, capturing the technical description, connections (physical and logical), physical locations, and hardware/software inventories. This shall be formalised in a document titled “CIS Description” and maintained under version control.
• The Contractor shall define the accreditation strategy and plan for ALE systems, describing the steps required to achieve security accreditation for operation at the NCI Academy. This shall be formalised in a document titled “Security Accreditation Plan (SAP)” and maintained under version control.
• The Contractor shall perform a high-level security risk assessment to inform early design, including identifying assets, threats, vulnerabilities, likelihood/impact, and initial riskratings. This shall be formalised in a document titled “High-Level Security Risk Assessment (SRA)” and maintained under version control.
• The Contractor shall define system-specific security requirements and control coverage by tailoring the security control baseline, mapping requirements to applicable standards and policies, and identifying coverage gaps with corresponding actions. This shall be formalised in a document titled “System-specific Security Requirement Statement (SSRS)” and maintained under version control.
• The Contractor shall develop and maintain Security Operating Procedures (SecOPs) to enable secure day-to-day operations. This includes:
  • For Administrators: account/privilege management, backups, patching, baseline configurations, logging/monitoring, incident and change handling, and continuity steps.
  • For End Users: acceptable use, data handling, access/MFA, reporting suspicious activity, and secure usage guidance. These shall be formalised in a document titled “Security Operating Procedures (SecOPs)” and maintained under version control.
• The Contractor shall define security test and verification activities to evidence control effectiveness. This shall be formalised in a document titled “Security Test and Verification Plan (STVP)” and maintained under version control.

Essential Skills, Experience and Certifications

• Cyber Security Engineer Experience:
  • Minimum 5 years of experience in designing secure, scalable solution architectures aligned with enterprise standards, or complex environments.▪ Minimum 5 years of experience in applying and overseeing physical, procedural, and technical security controls, conducting risk assessments, and leading incident response efforts.
  • Minimum 5 years of experience in system and application hardening, collaborating across technical teams to enforce best practices and compliance
• Accreditation Process: Demonstrated success in managing accreditation processes, defining assurance requirements, and coordinating with stakeholders is essential.
• Communication Skills: Excellent written and verbal communication in English, with the ability to explain technical information clearly and in a user-friendly manner.
• Collaboration: Demonstrated ability to work effectively in a team environment and coordinate with multiple stakeholders.
• Documentation: Strong documentation capabilities including SOPs, technical manuals, and security guidelines are required to support operational readiness and knowledge sharing.
• Analytical Skills: Strong problem-solving and troubleshooting ability, with the capacity to quickly identify issues and determine the most efficient resolution.. 

Desirable Skills, Experience and Certifications

• Knowledge and experience of working with the NCI Agency and/or NATO organisations.
• Knowledge of ISO27001 or equivalent standards.
• Familiarity with Agency tools for configuration, risk, and documentation management.
• Experience supporting audits.
• Understanding of Agile delivery practices.

Working Location

• Oeiras, Portugal

Working Policy

• Onsite

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.