Deadline Date:
Friday 11 July 2025
Requirement Title: Support for Web Application Security Assessment (WASA)
Location of Performance:
On-site SHAPE, Mons – Belgium
Cost Not to Exceed (Euro):
2025 Base: NTE 2,826 EUR/sprint (max.22 sprints, total NTE 62,172 EUR)
2026 – 2027 - 2028 Options
Period of performance:
2025 Base period: 25 August 2025
Required Security Clearance:
NATO SECRET or above
Special Terms and Conditions:
Non-disclosure agreement must be signed
Introduction:
- For more than 70 years, NATO’s mission has been to preserve peace and security in the Alliance for nearly one billion citizens.
- The NATO Communications and Information Agency (NCIA) and its predecessors have worked tirelessly in providing the means that enable the connectedness and togetherness that keep our Alliance strong.
- Our technology and cyber experts allow NATO to conduct critical operations, protect NATO’s airspace, make data-driven decisions, defend against cyber-attacks, secure NATO networks and maintain superiority in space.
The aim of this SOW is to support NCSC with technical expertise specifically related to Vulnerability Management of 2 main vulnerability assessments “black box” and “grey box testing” with a deliverable based (completion‐type) contract to be executed in 2025.
Practical Arrangements:
It is crucial for the performance of the Contractor to understand the rules, regulations and methods of work in NATO and in particular in NCSC, therefore frequent replacement of the contractor is not advised. This services under this SOW must be accomplished by ONE contractor for the entire performance period.
The Purchaser will provide the contractor with the following Purchaser‐Furnished
Equipment (PFE):
- Access to NATO sites, as required, for the purpose of executing this SOW.
- Workspace (needed business IT for both on‐ and off‐site service, hot‐desk at NCSC facility).
- NCIA “REACH” laptop to be used by the contractor for the execution of the
contract.
The contractor who will perform the services required under this SOW must have demonstrated skills, knowledge and experience as listed below.
- + 5 years of experience in web applications assessment, with proven experience within the last 6 months.
- General knowledge of cyber security principles, best practices, concepts and technology;
- Knowledge of cyber security architectures, including boundary protection, encryption, identity and access management, monitoring and detection, incidence response, vulnerability assessments, and risk management;
- + 3 years of experience in testing and validating that contracted deliveries meet the security requirements and fulfil the intended use-cases;
- Familiarity with NATO security policy and supporting directives is desirable.
- Knowledge of Web Application Security Assessment (WASA) environment
- Ability to work independently and in teams to achieve the desired goals.
- The ability to take ownership of tasks and strong motivation to accomplish them to the end.
- Excellent communications and writing skills in English.