SC2023-002866 Web App Security Assessment Vulnerability Manager (NS) FRI 29 SEP

Deadline Date: Friday 29 September 2023

Requirement: Web Application Security Assessment Vulnerability Manager

Location: Mons, BE

Full time on-site: Yes

Time On-Site: 100%

Not to Exceed Rate: 115 EUR

Total Scope of the request (hours): 300

Required Start Date: 13 November 2023

End Contract Date: 30 December 2023

Required Security Clearance: NATO SECRET

Duties and Role:

Under the direction of the NCSC / Security Compliance and Mitigation / Vulnerability Mitigation Cell Head, the incumbent will execute following tasks:

• Organize, manage and coordinate website vulnerability assessments
• Collect and consolidate the vulnerabilities discovered during the assessment campaigns;
• Execute Vulnerability Management duties, based on the Security findings reported from the assessment campaigns. This includes:
  • Validating the severity of discovered vulnerabilities,
  • Contextualising the vulnerabilities in the light of NATO policies and best practices,
  • Determining possible remediation and mitigation measures,
  • Defining / Assigning priorities,
  • Contacting and liaising with relevant system owners and proposing a remediation plan,
  • Track and trace all remediation actions, and report progress to OCIO.
• After each campaign, deliver a comprehensive vulnerability report, taking into account all identified security shortfalls, and the associated action plans

This Statement of Work (SoW) specifies the required skillset and experience and expected deliverables. Development environment(s) and software licenses as required for execution of the work are provided by the NCI Agency. Any customization or code developed under this contract remains intellectual property of NATO.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Experience in Cyber Security, ideally having a former or current background as a Web pentester or, at least, demonstrating being able to understand and interpret the technical details of a web pentest report.
• Experience in the Vulnerability Assessment and / or Management area, particularly in the interpretation of the results of CIS Technical Security Vulnerability Assessments.
• Comprehensive knowledge of the Web Application security implementation concepts and experience in the modern Web Application security assessment
• Experience in the implementation and integration of CIS Security protective measures, or practical hands-on experience in system and network administration.
• Excellent communication skills with respect to briefing/presenting, report writing & mediation and relevant experience.
• Comprehensive understanding of the NATO structure and mission. Experience with classified data handling.
• Comprehensive understanding of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience