Deadline Date:
Wednesday 30 July 2025
Requirement:
Level 3 Support For Web Application Security
Location:
The Hague, NETHERLANDS
Time On-Site:
100%
Not to Exceed:
2025 BASE: 20 sprints, NTE € 3,510 / sprint, total NTE € 70,200 and
2026 Options
Period of Performance:
BASE period: 01 September 2025
Required Security Clearance:
NATO SECRET
Please do NOT
apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Any applications that do NOT meet all the above – and do not CLEARLY show these on the CV - will be deleted.
Introduction:
- The NCIA is seeking Level 3 Support for Web Application Security – On Site, delivered in The Hague, Netherlands, for Internet Website Publishing and Protection Service.
- NCIA – Internet Website Publishing and Protection Service.
- The NCIA provides advanced technological solutions and support to NATO and its member nations. Its mission is to ensure effective and secure communication and information systems for the alliance, enabling operations and decision-making. The agency plays a critical role in maintaining NATO's technological edge and operational readiness through innovation, collaboration, and the implementation of cutting-edge technologies.
- Internet Website Publishing and Protection service provides a suite of capabilities for web assets focused on security performance and reliability. These include a Web Application Firewall (WAF), Web Application and API Protection (WAAP), Content Delivery Network (CDN), Distributed Denial of Service (DDoS) protection, bot management, and SSL/TLS.
The objective of this Statement of Work (SOW) is to describe Level 3 Support requirements for on-site Web Application Security for NATO websites.
Qualifications:
Technical Proficiency:
The support for this work requires the following technical proficiencies, with minimum 3 years experiences in the following domains:
- 3 years experience in Cloudflare Security Stack
- 3 years experience in Web Application Firewall (WAF) Configuration
- 3 years experience in DDoS Mitigation & Rate Limiting
- 3 years experience in API Security & Schema Validation (Page Shield)
- 3 years experience in Bot Management
- 3 years experience in SSL/TLS Management
- 3 years experience in DNS & CDN Optimization
- 3 years experience in Security Analytics & Logging
- 3 years experience in Secure Coding & Vulnerability Assessment/Mitigation (WASP top 10)
- 3 years experience in Incident Response & Troubleshooting
- 3 years experience in DevOps & Automation - Use Terraform or APIs to automate Cloudflare configurations.
- 3 years experience in Cloudflare Workers and Zero Trust (Bonus)
- The support for this work requires expertise in performing the following tasks: Deploy, Configuration, Management, Security Operations; Monitoring, Upgrade, Version Control
- The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
- Full proficiency in the English language.
- The candidate must have the nationality of one of the NATO nations.