Requirement: Design and validate the ADatP-36 and STANAG 5659 security & / DSIG improvements
Location: Offsite but collaborating with team members from NCIA, The Hague, The Netherlands with travel to various locations throughout NATO
Cost Not to Exceed: 65,205 EUR
Period of Performance: 1 July 2026 to 31 December 2026
Required Security Clearance: NATO SECRET
Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Overall Scope
- The NATO Information and Communication Agency (NCIA) is engaged in the development, implementation, and testing of secure protocols that form part of the Command and Control (C2) information exchange specifications for NATO.
- In support of these activities, the Command and Control Centre requires the provision of an experienced Secure Protocols Designer/Implementer (hereafter referred to as the "Contractor") to deliver defined technical outputs and associated documentation in accordance with the agreed scope, quality standards, and timelines.
- Specifically, the Contractor shall be integrated within the project teams responsible for the design, documentation, development, and testing of security-enabled communication protocols and their associated software implementations.
- Under the overall supervision of the Project Manager (PM) and the technical direction of the Project's Technical Leader, the Contractor shall contribute to the development, refinement, and maintenance of security profiles for designated NATO standards. The Contractor shall also support the planning, preparation, execution, and assessment of validation and interoperability events.
- The Contractor's responsibilities shall include, but not be limited to: editing, reviewing, and contributing to relevant sections of selected NATO standards related to secure communication implementation; preparing executable technical artefacts and validating the associated security profiles; supporting experimentation, integration, and validation activities; participating in technical and coordination meetings as required by the PM and Technical Leader; maintaining and updating the development backlog, including progress reporting, comments, risk identification, and issue tracking; producing agreed technical deliverables in accordance with defined acceptance criteria, quality standards, and timelines; ensuring structured knowledge transfer to NCIA personnel and designated stakeholders throughout the contract execution, including preparation of technical documentation, architectural explanations, code walkthroughs, and operational guidance; supporting formal knowledge handover sessions prior to contract completion to ensure continuity, maintainability, and long-term sustainability of the delivered solutions.
- All source code, scripts, configuration items, and documentation produced under this contract shall be stored and maintained under configuration management within the NATO Software Factory environment.
- Coordination and development activities shall be performed remotely through secure access to NCIA systems using the unclassified development laptop provided by NCIA.
- The Contractor shall operate as part of a multidisciplinary development team following the SCRUM methodology. The scope, content, and acceptance criteria of each deliverable shall be defined by the Technical Leader and formally approved by the Project Manager. Completion and acceptance of deliverables shall include verification that adequate documentation and knowledge transfer activities have been performed.
This contract is deliverable-based. Payment shall be linked exclusively to the satisfactory completion and formal acceptance of defined deliverables or percentage of them in accordance with agreed scope, quality standards, timelines, and acceptance criteria.
Delivery and Acceptance Process
- For each deliverable, the Contractor shall submit a completed Delivery Acceptance Sheet (DAS) to the Purchaser using the template provided in Annex B.
- Each DAS shall: clearly reference the associated deliverable identifier; describe the content delivered; confirm compliance with agreed acceptance criteria and KPIs; reference supporting artefacts (code repository location, documentation, test results, validation evidence); declare completion of associated knowledge transfer activities where applicable.
- The Purchaser shall review the deliverable within the agreed review period and formally confirm acceptance by signing the Delivery Acceptance Sheet.
- Where deficiencies are identified (based on acceptance criteria and KPI), the Purchaser shall provide consolidated feedback. The Contractor shall address the comments and resubmit the deliverable for acceptance.
- No delivery shall be considered complete until formally accepted in writing by the Purchaser.
- The Contractor shall participate in a kick-off meeting within one (1) working week following contract signature. The meeting may be conducted virtually via electronic conference capabilities.
- During the kick-off meeting: the Contractor shall be assigned to one or more C2C projects; the scope, priorities, dependencies, and initial backlog shall be reviewed.
- The Contractor shall present a preliminary execution plan outlining: proposed approach; deliverable breakdown; milestones; assumptions and dependencies; identified risks and mitigation proposals.
- The execution plan shall be reviewed and, where necessary, amended in agreement with the Purchaser. The agreed plan shall serve as the baseline for performance monitoring.
- The Contractor shall issue meeting minutes via email within two (2) working days, capturing at minimum: key decisions; assigned actions; updated risks; agreed next steps.
- The Contractor shall participate in regular status meetings, either in person (where feasible) or via electronic conference means. The frequency of such meetings shall be defined during the kick-off meeting.
- The Contractor shall: initiate the recurring meetings; provide structured status updates covering progress against deliverables; report on risks, issues, and mitigation actions; update the development backlog and planning artefacts; highlight deviations from scope, schedule, or quality baselines. Minutes shall be distributed within two (2) working days and shall include decisions taken and action items with assigned responsibilities and due dates.
- Performance shall be measured against agreed deliverables and milestones, not against level of effort.
- The Contractor shall support and contribute to: the development and refinement of security profiles for communication standards; the design and implementation of concept demonstrators; the preparation and execution of on-site and off-site validation activities, including interoperability exercises; the production of associated documentation, test evidence, configuration artefacts, and validation reports.
- All deliverables shall: be traceable to defined requirements; include appropriate technical documentation; be stored under configuration management within the NATO Software Factory; include evidence of validation and testing; incorporate structured knowledge transfer to ensure sustainability and continuity.
- All code, scripts, documentation, configurations, and artefacts developed under this contract shall be: stored within the designated NATO configuration management environment; fully documented to enable maintainability; delivered with sufficient technical detail to allow independent continuation by NCIA personnel.
- Completion of deliverables shall include verification that documentation, repository updates, and knowledge transfer obligations have been fulfilled.
Essential
- At least 1 year of proven experience in the redaction of NATO standards.
- At least 1 year of proven experience in the design and test of secure message exchange protocols.
- At least 1 year of proven knowledge of, and practical experience in, the operational or technical use of FFT systems supported by NCIA.
- At least 1 year of proven experience with the NATO Data-centric Security concept application.
- At least 1 year of practical experience in the area of computer networks and messaging security, including DNS, domains, PKI certificates, network designs, OAuth, OpenID.
- At least 1 year of practical experience in modern test engineering and test management methods and paradigms.
- At least 1 year of proven up-to-date knowledge of computer system architectures, systems security, client/server, LAN/WAN and network concepts, test techniques, Database Management Systems (DBMS) and data management concepts.
- At least 1 year of proven recent experience in planning and execution of validation activities within large-scale C2 exercises.
- At least 2 years of programming experience in JAVA, JavaScript, Angular, Python.
- At least 1 year of proven recent experience with XML and JSON technologies.
- Staff provided by the Contractor must have the nationality of one of the NATO nations.
- Staff provided by the Contractor must have an excellent command of spoken and written English.
- Experience working in the NATO Software Factory (NSF).
- Experience working with STANAGS 4774 and 4778.
- Knowledge of NATO FFT, COT, JDSS, NCDF and other military or civilian interoperability standards for messaging and data exchange related to FFT.
- Bachelor's degree in Computer Science, Information Technology or a closely related engineering field.
- Experience supporting a recent NATO Interoperability exercise.
- Experience interpreting and/or capturing business and user requirements through use cases and developing test cases accordingly.
