Technical Lead Architect Support services for the ITM Recovery project
Duties
- Review and validate the design documents for the private air-gapped cloud (vCF 9, NSX-T, Cisco ACI), identifying gaps, risks, and non-conformances against best practices, dependencies and overarching NATO architecture and directives documents.
- Provide design guidance to infrastructure and platform teams throughout the implementation lifecycle.
- Define and maintain architecture decision records (ADRs) and ensure traceability from requirements to design.
- Define and specify Interface Control Documents (ICDs) between the private cloud infrastructure and all producer/consumer services.
- Ensure interfaces are designed with security, observability, and automation in mind.
- Maintain an interface register and track ICD sign-off across workstream owners.
- Coordinate design and implementation efforts between the cyber security team and the infrastructure team, specifically covering: Privileged Access Management (PAM) implementation via CyberArk, PKI design and certificate lifecycle management, and Cyber Security Monitoring capability integration with the private cloud.
- Chair or co-chair joint design sessions and resolve cross-team technical dependencies.
- Validate and guide implementation of infrastructure automation using Ansible / AAP, Terraform, Jenkins, and vCF Automation.
- Define the automation and IaC target operating model for the cloud platform team.
- Advise on and document the transition from traditional infrastructure support to an automation-first operating model.
- Support upskilling of cloud operating teams in automation principles and tooling.
- The Contractor will be part of a team and will provide services using Agency tools and reporting.
- The consultant will deliver the following products in the base contract: Design review report — vCF 9 / NSX-T / Cisco ACI (findings, risks, recommendations); ZTA alignment assessment and gap closure recommendations; Architecture/Design decision records (ADRs) — initial set covering key design choices; Interface Control Documents (ICDs) — v1 for all primary producer/consumer interfaces; Interface register established and under change control; PAM / CyberArk integration design validated and signed off; PKI design reviewed and approved; Cyber Security Monitoring integration agreed; Automation & IaC target operating model document; IaC implementation validated (Terraform / Ansible / vCF Automation); Automation adoption roadmap for cloud operating teams.
- The Contractor shall conduct a monthly meeting with the ITM-RC1 POC to plan the objectives of upcoming months and review Contractor`s manpower to meet the agreed deliverables.
- Set sprint goals: Define clear, achievable goals for the sprint and associated acceptance criteria, including specific delivery targets, Quality standards as well as Key Performance Indicators (KPIs) for each task to be recorded in the monthly meeting minutes.
- Agree resourcing: Agree on the required level of effort for the various monthly tasks.
- Payment Assessment: Assess each payment milestone cycle duration of one calendar month.
- Objective: Contractor to execute the agreed “sprint plans” with continuous monitoring and adjustments.
- Weekly meetings: Between ITM-RC1 POC and the Contractor to review sprint progress, address issues, and make necessary adjustments to the processes or production methodology.
- Continuous improvement: The Contractor shall establish a continuous feedback loop to gather input from stakeholders for ongoing improvements and their subsequent implementation depending on NCIA approval.
- Progress Tracking: The Contractor shall use a shared dashboard or tool to track the status of the month deliveries and any issues.
- Quality Assurance/Quality Check: The Contractor shall ensure that the quality standards agreed for the month deliverables are maintained throughout the month.
- For each sprint to be considered as complete and payable, the Contractor must report the outcome of their work during the sprint, first verbally during the previous sprint review meeting and then in writing within five days after the month’s end date.
- At the end of the project, the Contractor shall provide a Project Closure Report that summarizes the activities under taken and completed during the period of performance at high level.
- Completion of the activities/tasks agreed in each sprint meeting as per section 3 above, and associated deliverables.
- Produce sprint completion reports (format: e-mail update), which include details of activities performed and the list of the deliverables of the week.
- The Contractor will participate in the daily reporting and planning activities (daily stand-ups) as well as the required participation in workshops, meetings, events and conferences related to the supported services, as requested by the service delivery manager.
- The Contractor shall organize and/or participate in Project meetings, or any other ITM meetings when asked by the PO, physically in the office or in person via an electronic means according to project manager’s instructions.
- The Contractor shall agree weekly with the PO a schedule of work, products and delivery dates, which will form the basis of the monthly deliverables report.
Requirement
- Hands-on experience with VMware vCF 5; working knowledge of vCF 9 (direct vCF 9 experience strongly preferred).
- Experience designing or validating NSX-T software-defined networking at enterprise scale.
- Familiarity with Cisco ACI in a multi-site or data centre context.
- Demonstrable experience applying Security by design principals (e.g Zero Trust Approaches) to private cloud or data centre environments.
- Direct experience with CyberArk PAM implementation and integration.
- Understanding of PKI design and certificate management in enterprise environments.
- Hands-on experience with two or more of: Ansible / AAP, Terraform, Jenkins, vCF Automation.
- Experience leading or supporting the adoption of IaC practices within an infrastructure or cloud operating team.
- Ability to produce and maintain ADRs, ICDs, and architecture review reports to a professional standard.
- Experience coordinating across security, infrastructure, and application teams in a complex enterprise programme.
- Experience — evidence of comparable assignments involving enterprise private cloud architecture, vCF / NSX-T / Cisco ACI, , CyberArk PAM, and IaC adoption at scale.
- Track Record — at least two references from similar engagements in the last 3 years, with measurable outcomes and client contacts.
- Delivering services under this SoW requires a valid NATO SECRET security clearance.
- Any resource proposed for this SOW requires valid NATO SECRET security clearance prior to the start of the engagement.