Cloud Operations and Cloud Migration

at EMW
🇳🇱 Netherlands - Remote
🔧 DevOps🔵 Mid-level

Job description

Deadline Date: Friday 8 August 2025

Requirement: Cloud Operations and Cloud Migration

Location: The Hague, NL

Full Time On-Site: Yes

Time On-Site: 100%

Period of Performance: 2025 BASE: As soon as possible but not later than 1 September 2025 until 31 DEC 2025 with the possibility to exercise following options:

• 2026 option: from 01 JAN 2026 to 31 DEC 2026

• 2027 option: from 01 JAN 2027 to 31 DEC 2027

• 2028 option: from 01 JAN 2028 to 31 DEC 2028

Required Security Clearance: NATO SECRET

Special Terms and Conditions: A Non-disclosure Undertaking will have to be signed before the start of the service delivery

1 INTRODUCTION

NCIA seeks highly experienced service delivery in Cloud Operations and Cloud Migration to support and drive the NATO Public Cloud migration project. The contractor will deliver services as the deputy to the project’s Technical Lead and act in their absence as the primary technical authority. These services involve end-to-end cloud engineering responsibilities covering cloud operations, security, and platform modernization. This includes significant support services in Intune, Microsoft 365, Azure, and supporting tools like Microsoft Purview, Microsoft Sentinel, Defender, and other platforms that are directly integrated of interconnected with the Public Cloud environment. The contractor will also be supporting the data migration effort and service transitioning from on-premises.

These services require interfacing with senior management and operational stakeholders to understand and document technical requirements, architect secure cloud solutions, and ensure continuous service delivery. Strong communication, documentation, and leadership skills are critical.

NCIA – Cloud Operations Team

The NATO Communications and Information Agency (NCIA) is dedicated to supporting NATO’s strategic objectives, including the ambitious NATO 2030 agenda. As part of this commitment, we are spearheading the modernization and digital transformation of NATO’s IT services. Our focus is on leveraging public cloud technologies like Microsoft 365 and Intune, incorporating a security-by-design approach, and ensuring a seamless transition to a modern, collaborative workplace environment.

To achieve these goals, we are building a Cloud Operations team under the Cloud Center of Excellence, operating under the NATO Enterprise Cloud Operating Model (NECOM). The NECOM framework provides a standardized approach for cloud service management, ensuring interoperability, scalability, and security across NATO’s IT infrastructure. The Cloud Center of Excellence will serve as a hub for best practices, innovation, and expertise, driving the adoption and optimization of cloud technologies within NATO. This team will play a crucial role in our journey towards providing managed, protected, and reliable End User Services.

Embracing the latest technological advancements, this initiative will foster innovation and ensure NATO remains at the cutting edge of IT capabilities. By continuously evolving and integrating new technologies, we aim to enhance operational efficiency and readiness for future challenges. This remote position offers an exciting opportunity to be at the forefront of NATO’s technological evolution and contribute to the security and efficiency of our operations.

NCIA – Cloud Centre of Excellence (CCoE)

The Cloud Centre of Excellence (CCoE) within NCIA is focused on driving successful cloud adoption and maximizing the potential of cloud technologies across the organization. It serves as a central governing body, promoting best practices, enabling knowledge sharing, and ensuring alignment between business objectives and cloud initiatives. The CCoE supports various cloud-based solutions, ensuring their effective and efficient implementation and management. By fostering a culture of continuous improvement and innovation, the CCoE helps NCIA leverage cloud technologies to enhance operational efficiency, scalability, and agility.

NCIA is seeking highly skilled service delivery in Cloud Operations and Cloud Migration to support our Cloud Operations team and act as a lead contributor to the NATO Public Cloud migration project. These services will support end-to-end operations of Microsoft 365, Intune, Azure, DevOps, and Zero Trust architectures, with emphasis on enterprise-grade compliance, security, and identity management. The contractor is expected to provide expert technical guidance on workload migration, data governance, storage security, and platform observability using Microsoft Defender, Purview, Sentinel, and related services.

The contractor will support large-scale data transfers and sanitization operations utilizing Multi Engine Malware Detection and Data Loss Prevention solutions, implement sensitivity labels across collaboration platforms, and assist in ZTNA model design for secured remote access. Additional services include reviewing NSG and firewall configurations, managing Azure networking, and maintaining storage account structures. These services involve significant automation, scripting, and interface with leadership, making technical recommendations, reviewing system architecture, and contributing to design documentation.

The contractor will also be responsible for writing and maintaining technical documentation, coordinating stakeholder input, and supporting operational rollout and audit readiness across services. A strong understanding of Zero Trust principles, Microsoft compliance frameworks, and experience in service delivery for secure government/military environments is essential.

2 OBJECTIVES

NCIA is embracing cloud services by transitioning to Microsoft 365 with a security-centric design.

This shift aims to enhance operational efficiency, collaboration, and security across the organization. We are looking for individuals with strong knowledge, a willingness to learn, and a desire to grow as part of this new challenge.

The objective of this statement of work is to establish a support and operating model for End User Services operating in the Public Cloud, with a focus on Microsoft 365 services.

3 SCOPE OF WORK

Under the direction / guidance of the local NCIA Point of Contact or the Cloud Ops Operations Manager, the contractor will support the following:

  1. Cloud Operations Oversight

Manage and maintain hybrid-cloud workloads using Microsoft Azure and Microsoft 365.

Monitor operational performance, security, and reliability of core cloud services.

Ensure alignment with NATO’s Enterprise Cloud Operating Model.

  1. Migration Support and Planning

Assist in data center-to-cloud migration planning and implementation.

Lead technical validation of migrated workloads.

Support phased service transitions and readiness checks.

  1. Azure Platform Engineering

Maintain and configure Storage Accounts, NSGs, Azure DNS, and VNETs.

Troubleshoot and resolve Azure IaaS and PaaS issues.

Collaborate with security teams to enforce boundary protection.

  1. Microsoft Intune and M365 Support

Oversee Intune policy and compliance profiles.

Coordinate device onboarding and role-based access controls.

Support conditional access and mobile app management.

  1. Microsoft Defender Platform

Configure and monitor Microsoft Defender across 365 and Endpoint environments.

Respond to alerts and support SOC operations.

Develop and manage custom detection rules.

  1. Microsoft Sentinel and SIEM Integration

Integrate Sentinel with security tooling for SOC visibility.

Create dashboards and incident response workflows.

Support threat hunting and data normalization.

  1. Microsoft Purview and Compliance

Implement DLP, retention, and eDiscovery policies.

Manage compliance manager score improvements.

Ensure ongoing audit readiness.

  1. Data Sanitization and Ingress

Utilize OPSWAT MetaDefender for malware scanning and content filtering.

Support PST ingestion and data flattening into compliant structures.

Monitor ingestion workflows for OneDrive, SharePoint, and Exchange.

  1. Sensitivity Labeling and Metadata Governance

Define and assign sensitivity labels across Microsoft 365 workloads.

Integrate with Titus and metadata frameworks for automated enforcement.

Support information protection and usage reporting.

  1. Cloudflare One and ZTNA Design

Support Zero Trust policy deployment with Cloudflare WARP clients.

Configure access policies, DNS filtering, and posture checks.

Troubleshoot endpoint trust issues and network pathing.

  1. Email Security Management

Maintain email security policies and configurations.

Review threat intelligence feeds and domain spoofing mitigation.

Support SPF/DKIM/DMARC configuration and enforcement.

  1. DevOps and Automation

Develop scripts and workflows using PowerShell and YAML pipelines.

Integrate CI/CD processes with GitHub Actions and Azure DevOps.

Manage Terraform templates and ARM-based deployments.

  1. Security and Architecture Review

Support system architecture review boards (SARBs).

Provide technical guidance for secure solution design.

Align with NIST, ISO 27001, and NATO-specific frameworks.

  1. Stakeholder Coordination

Interface with senior management to gather technical requirements.

Present design proposals and readiness assessments.

Coordinate across NCSC, service teams, and project offices.

  1. Documentation and Knowledge Transfer

Maintain As-Built and Operational documentation.

Draft SOPs, STIGs, and runbooks for managed environments.

Deliver training and knowledge transfer to operations teams.

  1. Collaboration and Communication:

Collaborate with IT security, compliance, and other relevant teams to ensure cohesive Cloud Operations strategies.

Communicate effectively with internal stakeholders to understand requirements and address concerns.

The contractor will be part of the project management and implementation team, working closely with the Cloud Operations Centre team, ensuring the secure, available, managed and compliant delivery of Public Cloud Services to NATO and its Strategic Commands.

The measurement of execution for this work is sprints, with each sprint being planned for a duration of 5 working days.

Due to the AGILE approach of this project, the specific deliverables and associated acceptance criteria will be defined for each sprint between the NCIA and the contractor. This includes sprint planning, execution and review processes, which are detailed below:

1. Sprint Planning:

Objective: Plan the objectives for the upcoming sprint

Kick-off meeting: Conduct a monthly meeting with the contractor to plan the objectives of upcoming sprints and review contractor`s manpower to meet the agreed deliverables.

Set sprint goals: Define clear, achievable goals for the sprint and associated acceptance criteria, including specific delivery targets, Quality standards as well as Key Performance Indicators (KPIs) for each task to be recorded in the sprint meeting minutes.

Agree on the required level of effort for the various sprint tasks.

Backlog Review: Review and prioritise the backlog of tasks, issues, and improvements from previous sprints.

Assess each payment milestone cycle duration of one calendar month. State of completion and validation of each sprint status and sign off sprints to be submitted for payment as covered in Section 4.

2. Sprint Execution

Objective: Contractor to execute the agreed “sprint plans” with continuous monitoring and adjustments.

Regular meetings between NCIA and the contractor to review sprint progress, address issues, and make necessary adjustments to the processes or production methodology. The Meetings will be physically in the office, or in person via electronic means using Conference Call capabilities, according to the NCIA staff instructions.

Continuous improvement: Contractor to establish a continuous feedback loop to gather input from all stakeholders for ongoing improvements and their subsequent implementation depending on NCIA approval.

Progress Tracking: Contractor to use a shared dashboard or tool to track the status of the sprint deliveries and any issues.

Quality Assurance/Quality Check: Contractor shall ensure that the quality standards agreed for the sprint deliverables are maintained throughout the sprint.

Quality Control: NCIA to perform the Final Quality Control of the agreed deliverables and provide feedback on any issues.

3. Sprint Review

Objective: Review the sprint performance and identify areas for improvement.

At the end of each sprint, there will be a meeting between the NCIA and the Contractor to review the outcomes against the acceptance criteria comprising sprint goals, agreed quality criteria and Key Performance Indicators (KPIs).

Define specific actions to address issues and enhance the next sprint.

4. Sprint Payment

For each sprint to be considered as complete and payable, the contractor must report the outcome of their work during the sprint, first verbally during the retrospective sprint review meeting and then in writing within three days after the sprint’s end date. A report must be sent by email to the NCIA manager, highlighting all work performed against the agreed tasking list set for the sprint.

The contractor’s payment for each sprint will be depending upon the achievement of agreed Acceptance Criteria for each task, defined at the sprint planning stage. This will include specific delivery targets, quality standards as well as Key Performance Indicators (KPIs) for each task.

The payment shall be dependent upon successful acceptance as set in the above planning/review meetings. This will follow the payment milestones that shall include a completed Delivery Acceptance Sheet (DAS) – (Annex A)

Invoices shall be accompanied with a Delivery Acceptance Sheet (DAS) – (Annex A) signed by the Contractor and project authority.

If the contractor fails to meet the agreed Acceptance criteria for any task, the NCIA reserves the right to withhold payment for that task/sprint.

Each sprint has a duration of one week. The content and scope  of each sprint will be agreed during the sprint‐planning meetings.

4 DELIVERABLES AND PAYMENT MILESTONES

The following deliverables are expected from the work on this statement of work:

2025 BASE period: from 01 SEP 2025 to 31 DEC 2025:

Deliverable: 17 sprints of cloud operations support.

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

The Purchaser (NCIA) reserves the right to exercise a number of options of one or more sprints based on the same scrum deliverables, at a later time, depending on the project priorities and requirements, at the following cost: for base year (2025) at the same cost, for outer years (2026, 2027 and 2028) the Price Adjustment Formula will be applied in accordance with paragraph 6.5 of the Framework Contract Special Provisions.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex A).

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex A) signed by the Contractor and the project authority.

2026, 2027 and 2028 OPTION: from 01 JAN to 31 DEC

Deliverable: Up to 46 sprints of cloud operations support.

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

5 COORDINATION AND REPORTING

The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via electronic means using Conference Call capabilities, according to the Operation Managers / Team Leaders instructions.

For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the work held and the development achievements during the sprint.

6 SCHEDULE

This task order will be active immediately after signing of the contract by both parties and will end no later than 31 December 2025.

If the 2026, 2027 and 2028 options are exercised, the period of performance is 01 JAN to 31 DEC of the respective year.

7 CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact.

All code, scripts, documentation, etc. will be stored under configuration management and/or in the provided NCIA tools.

All the deliverables of this project will be considered NATO UNCLASSIFIED, while access to networks exceeding this classification level is required.

With this role being of technical nature with access to NATO managed networks, a security clearance at the NATO SECRET level is required prior to the start of the engagement.

8 PRACTICAL ARRANGEMENTS

The contractor will work 100% on-site, with the possibility to work remote up to 1 day per week.

Remote services need to be provided from a NATO country. The duty location being The Hague (NETHERLANDS), the contractor shall provide services during Core working hours of the Cloud Operations team (Brussels / BEL).

The contractor may be required to travel, infrequent and not exceeding 2 weeks at a maximum, to other NCIA locations as part of his role. Travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of the AAS+ Framework Contract and within the limits of the NCIA Travel Directive.

The contractor delivering the services will be part of the NCIA NATO Public Cloud Project Team.

9 QUALIFICATIONS

[See Requirements]

9 QUALIFICATIONS

The consultancy support for these services requires an experienced contractor in Cloud Operations and Cloud Migration, with the following qualifications:

  1. Microsoft Azure and M365 Expertise (8 years of experience)
  • Strong practical knowledge of M365 tenant architecture and services.
  • In-depth Azure experience including RBAC, ARM, and NSGs.
  • Capability to design and maintain secure hybrid environments.
  1. Device and Intune Management (8 years of experience)
  • Experience managing corporate devices with Microsoft Intune.
  • Configuration of policies for compliance and conditional access.
  • Troubleshooting enrollment, provisioning, and policy conflicts.
  1. Advanced Cloud Security Controls
  • Implementation of security configurations in Defender XDR.
  • Experience with identity protection and MFA enforcement.
  • Familiarity with Microsoft 365 Secure Score and Zero Trust maturity.
  1. SIEM and Monitoring
  • Hands-on experience with Microsoft Sentinel and log correlation.
  • Knowledge of Kusto Query Language (KQL) for custom rules.
  • Ability to respond to and triage security alerts.
  1. Data Protection and Compliance
  • Proficiency in using Purview for sensitivity, retention, and eDiscovery.
  • Familiarity with GDPR, DLP, and compliance manager.
  • Integration of compliance frameworks into daily operations.
  1. Information Labeling Solutions
  • Experience with Titus and Microsoft Sensitivity Labels.
  • Label enforcement in Exchange, Teams, SharePoint, and OneDrive.
  • Integration with metadata and classification engines.
  1. Zero Trust Architecture
  • Experience implementing Cloudflare Zero Trust policies.
  • Use of WARP client, Access Gateway, and posture validation.
  • Policy tuning and client troubleshooting in secure environments.
  1. Threat Protection and Email Security
  • Configuration and tuning of Proofpoint threat policies.
  • Knowledge of mail routing, encryption, and threat analytics.
  • Understanding of SPF, DKIM, and DMARC application.
  1. Automation and DevOps
  • PowerShell scripting and automation pipeline development.
  • Familiarity with Git, YAML, Terraform, and Bicep.
  • CI/CD lifecycle knowledge for infrastructure as code.
  1. Data Migration and OPSWAT
  • Experience with data flattening, rehydration, and ingestion.
  • Use of MetaDefender for sanitization and CDR operations.
  • Managing large file sets and PST archives securely.
  1. Storage and Network Infrastructure
  • Understanding of Azure Storage Account tiers and encryption.
  • VNET peering, NSG enforcement, and firewall logging.
  • Experience with private endpoints and routing policies.
  1. Stakeholder Engagement
  • Strong communication and stakeholder management skills.
  • Experience in requirement elicitation and technical validation.
  • Presentation of solution architectures and recommendations.
  1. Architecture Documentation
  • Skilled in technical writing for solution design and operations.
  • Authoring and maintaining architectural design documents.
  • Contribution to SOPs and compliance documentation.
  1. Security Frameworks and Policy
  • Familiarity with NIST SP 800-53, CIS Benchmarks, and ISO standards.
  • Experience supporting NATO and governmental security requirements.
  • Supporting compliance audits and accreditation processes.
  1. Communication and Collaboration:
  • Excellent communication skills to effectively collaborate with IT teams, stakeholders, and end-users.
  • Ability to document processes clearly and provide training on IAM tools and practices.
  1. Organizational Skills:
  • Strong organizational skills to manage multiple tasks and priorities effectively.
  • Attention to detail in managing M365 environment and the Microsoft Intune Platform.
  1. Team Collaboration:
  • Ability to work effectively as part of a team and share knowledge and resources.
  • Willingness to collaborate with colleagues to solve complex issues.
  1. Others:
  • The individuals shall have strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
  • Full proficiency in the English language. French language proficiency is of advantage.
  • The individual must have the nationality of one of the NATO nations.
  • The individual must possess a NATO Secret Security Clearance or national equivalent.
Share this job:
Please let EMW know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

EMW logo

EMW

ICT Services Provider

  • 51-200 employees
  • Founded in 1991
  • 2 remote jobs
View all jobs

Latest Jobs at EMW

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply