Job Description
Deadline Date: Monday 13 April 2026
Requirement: Cloud Engineer (Intune Device Management)
Location: Off-Site
Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)“. Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs
Period of Performance: 18 May – 31 December 2026
Start date is as soon as possible but not later than 18 May 2026
Required Security Clearance: NATO SECRET
1 INTRODUCTION
Supporting NATO throughout all its geographical locations, the NCI Agency is looking for a Cloud Engineer (Intune Device Management), joining the journey of NATO’s modernisation of IT services, through leveraging the public cloud (Microsoft Azure, M365 and Amazon AWS), delivering managed, protected, security-centric and reliable IT Services.
NCI Agency – Cloud Operations Team
The NATO Communications and Information Agency (NCI Agency) is dedicated to supporting NATO’s strategic objectives, including the ambitious NATO 2030 agenda. As part of this commitment, we are spearheading the modernization and digital transformation of NATO’s IT services. Our focus is on leveraging public cloud technologies like Microsoft 365 and Intune, incorporating a security‐by‐design approach, and ensuring a seamless transition to a modern, collaborative workplace environment.
To achieve these goals, we are building a Cloud Operations team under the Cloud Center of Excellence, operating under the NATO Enterprise Cloud Operating Model (NECOM). The NECOM framework provides a standardized approach for cloud service management, ensuring interoperability, scalability, and security across NATO’s IT infrastructure. The Cloud Center of Excellence will serve as a hub for best practices, innovation, and expertise, driving the adoption and optimization of cloud technologies within NATO. This team will play a crucial role in our journey towards providing managed, protected, and reliable End User Services.
Embracing the latest technological advancements, this initiative will foster innovation and ensure NATO remains at the cutting edge of IT capabilities. By continuously evolving and integrating new technologies, we aim to enhance operational efficiency and readiness for future challenges. This remote position offers an exciting opportunity to be at the forefront of NATO’s technological evolution and contribute to the security and efficiency of our operations.
NCI Agency – Cloud Centre of Excellence (CCoE)
The Cloud Centre of Excellence (CCoE) within the NCI Agency is focused on driving successful cloud adoption and maximizing the potential of cloud technologies across the organization. It serves as a central governing body, promoting best practices, enabling knowledge sharing, and ensuring alignment between business objectives and cloud initiatives. The CCoE supports various cloud‐based solutions, ensuring their effective and efficient implementation and management. By fostering a culture of continuous improvement and innovation, the CCoE helps the NCI Agency leverage cloud technologies to enhance operational efficiency, scalability, and agility.
The NCI Agency is seeking for a highly skilled Cloud Engineer (Intune Device Management) to join our IT team. The Intune Device Management Specialist will be responsible for managing the deployment, security, and compliance of corporate devices using Microsoft Intune. This role involves developing and enforcing device management policies, automating administrative tasks, and ensuring the overall health and security of managed devices. You will contribute to the seamless operation of our IT services by leveraging the full capabilities of Microsoft Intune, ensuring that our device infrastructure is secure, efficient, and compliant with NATO and National Security policies.
This position requires a deep understanding of device management, security configurations, and compliance standards. You will work closely with various IT teams to support and optimize our Intune environment. The ideal candidate will have extensive experience with Intune, strong problem-solving skills, and a commitment to continuous improvement. You will be responsible for configuring and managing device policies, deploying applications, and monitoring device health. Additionally, you will develop and maintain automation scripts to streamline management processes, ensuring efficient operation and reducing manual intervention.
Your expertise will be crucial in maintaining the security and compliance of our device fleet, protecting sensitive organizational data, and ensuring adherence to best practices and security accreditations. You will also play a key role in troubleshooting and resolving complex technical issues, providing expert support to end-users and IT staff.
Furthermore, you will be responsible for generating and analyzing reports on device compliance and usage, providing valuable insights into the health and security of our device fleet. If you are a motivated specialist with a passion for device management and security, we invite you to apply and join our dynamic team, contributing to the secure and efficient operation of our IT services.
2 OBJECTIVES
The NCI Agency is embracing cloud services by transitioning to Microsoft 365 with a security‐centric design. This shift aims to enhance operational efficiency, collaboration, and security across the organization. We are looking for individuals with strong knowledge, a willingness to learn, and a desire to grow as part of this new challenge.
The objective of this statement of work is to establish a support and operating model for End User Services operating in the Public Cloud, with a focus on Microsoft 365 services.
3 SCOPE OF WORK
Under the direction / guidance of the local NCIA Point of Contact or the Cloud Ops Operations
Manager, the Cloud Engineer (Intune Device Management) will be supporting the following
activities:
- Device Management Policies:
a) Configure and manage comprehensive device management policies using Microsoft Intune.
b) Ensure device and data security across the organization.
- Application Deployment:
a) Oversee the deployment and management of applications and software updates through Intune.
b) Ensure devices remain secure, up-to-date, and performant.
- Conditional Access Policies:
a) Implement and manage conditional access policies and device compliance settings.
b) Protect sensitive organizational resources based on user and device risk levels.
- Troubleshooting and Support:
a) Provide expert troubleshooting and technical support for device enrollment, configuration, and management issues.
b) Ensure a seamless user experience.
- Device Health Monitoring:
a) Regularly monitor the health and security posture of managed devices.
b) Proactively address vulnerabilities and compliance deviations.
- Automation and Scripting:
a) Develop and maintain automation scripts and tools to streamline Intune management processes.
b) Enhance operational efficiency.
- Device Lifecycle Management:
a) Collaborate with hardware vendors and procurement teams to manage the lifecycle of corporate-owned devices.
b) Oversee the acquisition, management, and retirement of devices.
- App Protection Policies:
a) Configure and enforce Intune app protection policies to secure corporate data on both company-owned and personal (BYOD) devices.
b) Ensure data protection and compliance.
- Reporting and Analysis:
a) Generate and analyze reports on device compliance, usage, and management activities.
b) Provide insights into device fleet health and security.
- Collaboration with IT Support:
a) Work closely with the IT support team to resolve complex device-related issues.
b) Serve as a subject matter expert in mobile device management.
- Documentation and Training:
a) Maintain comprehensive documentation for Cloud Operations processes, configurations, and workflows.
b) Provide training and support to other staff as required for knowledge and information sharing.
- Collaboration and Communication:
a) Collaborate with IT security, compliance, and other relevant teams to ensure cohesive Cloud Operations strategies.
b) Communicate effectively with internal stakeholders to understand requirements and address concerns.
The contractor will be part of a team providing Technical Level 2 and 3 support, ensuring the secure, available, managed and compliant delivery of Public Cloud Services to NATO and its Strategic Commands.
The contractor will work primarily remotely, providing services during Core working hours of the Cloud Operations team (Brussels / BEL).
The measurement of execution for this work is sprints, with each sprint planned for a duration of 1 week.
4 DELIVERABLES AND PAYMENT MILESTONES
The following deliverables are expected from the work on this statement of work:
Deliverable 01: 25 sprints
Payment Milestones: Upon completion of each fourth sprint and at the end of the work.
The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number
Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and project authority.
5 COORDINATION AND REPORTING
The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via electronic means using Conference Call capabilities, according to the Operation Managers / Team Leaders instructions.
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the work held and the development achievements during the sprint.
6 SCHEDULE
This task order will be active immediately after signing of the contract by both parties
The period of performance is as soon as possible but not later than 18 May and will end no later than 31 December 2026.
7 CONSTRAINTS
All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the project point of contact.
All code, scripts, documentation, etc. will be stored under configuration management and/or in the provided NCI Agency tools.
8 SECURITY
The duties of the consultants require a valid NATO SECRET security clearance.
All the deliverables of this project will be considered NATO UNCLASSIFIED, while access to networks exceeding this classification level is required.
With this role being of technical nature providing administrative support, a security clearance at
the NATO Secret level is required prior to the start of the engagement.
9 PRACTICAL ARRANGEMENTS
The contractor will be required to work primarily remote as part of this engagement. The Cloud Operations Team is located in BRUSSELS / BEL and THE HAGUE / NLD, with working hours to be adjusted accordingly.
The contractor will be required to work within a NATO country, following the rules and regulations applicable for the operations of NATO CIS.
The only travelling required is on the first day for the selected candidate to collect their IT equipment. Apart from this, travelling will be minimum to almost none.
Travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive.
This individual hired for this position will be part of the NCIA Cloud Operations Team.
- The duties of the consultants require a valid NATO SECRET security clearance.
10 QUALIFICATIONS
The consultancy support for this work requires a Cloud Engineer (Intune Device Management) with the following qualifications:
- Device Management Policies:
- Configure and manage comprehensive device management policies using Microsoft Intune.
- Ensure device and data security across the organization.
- Application Deployment:
- Oversee the deployment and management of applications and software updates through Intune.
- Ensure devices remain secure, up-to-date, and performant.
- Conditional Access Policies:
- Implement and manage conditional access policies and device compliance settings.
- Protect sensitive organizational resources based on user and device risk levels.
- Troubleshooting and Support:
- Provide expert troubleshooting and technical support for device enrolment, configuration, and management issues.
- Ensure a seamless user experience.
- Device Health Monitoring:
- Regularly monitor the health and security posture of managed devices.
- Proactively address vulnerabilities and compliance deviations.
- Automation and Scripting:
- Develop and maintain automation scripts and tools to streamline Intune management processes.
- Enhance operational efficiency.
- Device Lifecycle Management:
- Collaborate with hardware vendors and procurement teams to manage the lifecycle of corporate-owned devices.
- Oversee the acquisition, management, and retirement of devices.
- App Protection Policies:
- Configure and enforce Intune app protection policies to secure corporate data on both company-owned and personal (BYOD) devices.
- Ensure data protection and compliance.
- Reporting and Analysis:
- Generate and analyze reports on device compliance, usage, and management activities
- Security and Compliance Knowledge:
- Understanding of security best practices and compliance requirements related to Intune Device Management and Operations.
- Experience conducting audits and ensuring adherence to regulatory standards.
- Communication and Collaboration:
- Excellent communication skills to effectively collaborate with IT teams, stakeholders, and end-users.
- Ability to document processes clearly and provide training on IAM tools and practices.
- Organizational Skills:
- Strong organizational skills to manage multiple tasks and priorities effectively.
- Attention to detail in managing M365 environment and the Microsoft Intune Platform.
- Team Collaboration:
- Ability to work effectively as part of a team and share knowledge and resources.
- Willingness to collaborate with colleagues to solve complex issues.
- Others:
- The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
- Full proficiency in the English language. French language proficiency is of advantage.
- The candidate must have the nationality of one of the NATO nations.
- The candidate must possess a NATO Secret Security Clearance or national equivalent.
This role is critical for maintaining efficient IT support operations and ensuring users receive timely and effective assistance with their devices and Microsoft 365 services. As a Level 2⁄3 engineer, you will handle more complex issues, support advanced configurations, and play a key role in strategic planning and implementation of device management solutions. If you are a motivated and experienced technician with strong problem-solving skills, full proficiency in English, and a passion for customer service and automation, we invite you to apply and join our dynamic team
