NSATU Cyber Boundary Protection Level 3 Support

Duties / Responsibilities

• Provide 3rd Level technical support for NSATU NATO CIS Services, Boundary Protection infrastructure, and IT/Data Management Services to ensure continuous service availability and operational resilience.
• Perform advanced fault diagnosis, troubleshooting, and incident resolution activities using NATO ITSM and monitoring systems.
• Support the administration, maintenance, and optimization of Next Generation Firewall (NGFW) infrastructure and associated management systems.
• Implement, modify, validate, and document firewall rulesets, security policies, VPN configurations, and boundary protection controls in accordance with NATO cyber security standards and procedures.
• Execute routine preventive and corrective maintenance activities, including software updates, security patches, signature updates, and firmware upgrades for NGFW systems.
• Support backup, restore, disaster recovery, and system recovery activities for firewall and network security infrastructure.
• Maintain and update technical documentation, operational procedures, configuration baselines, and engineering records to ensure auditability and traceability.
• Provide remote support and intervention capabilities to ensure operational continuity across all NSATU functional locations.
• Coordinate with internal NATO stakeholders, external vendors, and operational teams to support maintenance, incident resolution, and service delivery activities.
• Execute and support ITSM processes including Incident Management, Change Management, and Release Management in compliance with NATO governance frameworks.
• Participate in operational coordination meetings, service review activities, and governance forums.
• Produce and contribute to monthly Service Performance Reports, KPI reporting, incident reports, root cause analyses, and operational dashboards.
• Monitor service performance metrics including MTTI, MTTR, MRT, Security Compliance, and Reporting Timeliness.
• Identify recurring operational issues and recommend corrective and preventive actions to support Continuous Service Improvement initiatives.
• Support cross-domain information exchange services and ensure firewall services remain aligned with mission-critical operational requirements.
• Perform scheduled night work, weekend support, and approved travel activities when operationally required.
• Ensure full compliance with NATO security regulations, operational procedures, and audit requirements.
• Maintain valid NATO security clearance requirements throughout the duration of the assignment.

Mandatory Requirements

• Minimum three (3) years of professional experience in firewall administration and network security.
• Valid Palo Alto Networks Certified Network Security Engineer (PCNSE) certification or equivalent.
• Valid CompTIA Security certification (SY0-601 or SY0-701).
• Proven experience with Palo Alto firewall configuration, administration, troubleshooting, and policy management.
• Strong understanding of networking protocols, network security principles, and enterprise network architecture.
• Experience designing, implementing, and maintaining security policies and firewall rulesets.
• Strong knowledge of VPN technologies, secure connectivity solutions, and remote access configurations.
• Experience with scripting and automation for operational and security management tasks.
• Ability to perform advanced troubleshooting and root cause analysis in complex enterprise environments.
• Experience working with Incident, Change, and Release Management processes within an ITSM framework.
• Ability to work independently with minimal supervision while contributing effectively within multinational technical teams.
• Strong analytical, communication, documentation, and stakeholder coordination skills.
• English language proficiency equivalent to NATO SLP 3333 or higher in accordance with STANAG 6001.
• Valid NATO COSMIC TOP SECRET clearance, or NATO SECRET clearance with COSMIC TOP SECRET in process prior to engagement start.
• Willingness to work 100% onsite in Wiesbaden, Germany.
• Availability for occasional travel to Poland, Romania, Slovakia, Belgium, and the Netherlands.
• Availability to support night work, weekend activities, and on-call operational requirements when required.

Desirable Requirements

• Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.
• Certified Information Systems Security Professional (CISSP) certification.
• Cisco Certified Network Associate (CCNA 200-301) certification.
• Experience supporting NATO Enterprise Architecture and Deployable CIS (DCIS) environments.
• Practical understanding of NATO command structures, governance processes, and operational environments.
• Experience supporting mission-critical or military communication infrastructures.
• Knowledge of OSI Layers 1–7 within large-scale enterprise or defense environments.
• Experience working in multinational and multidisciplinary operational environments.
• Familiarity with operational reporting, KPI tracking, and service governance frameworks.