Requirement: Open-Source Intelligence Standardization Specialist
Location: Mons, BELGIUM
Full Time On-Site: Yes
Not to Exceed: 116,640 EUR (this includes travel budget for meetings at SHAPE/NCIA, as needed)
Period of Performance: 13 April 2026
Required Security Clearance: NATO SECRET
Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Introduction
- The Intelligence and ISR (Intelligence, Surveillance, and Reconnaissance) Functional Services (IIFS) programme aims to enhance and accelerate NATO's situational awareness and decision-making by increasing and diversifying data sources, integrating new tools, and providing access to emerging and disruptive technologies.
- NCIA is delivering the materiel solutions for IIFS, which include enhanced capabilities for Imagery Intelligence (IMINT), Open-Source Intelligence (OSINT), Data Management, Data Acquisition, and Processing, Exploitation, and Dissemination (PED) Management.
- As part of this effort, ACO is tasked with delivering the Coherence Project, which ensures doctrine and processes are revised to support the implementation of the material projects in a timely manner.
- To drive interoperability across the NATO Command Structure and with Nations, technical standards should be established to normalize and harmonize the formats, representations, and mechanisms by which data is shared, enabling analysts to effectively make sense of it. The data can come from existing NATO/National systems/services, Publicly Available Information (PAI), and Commercially Available Information (CAI).
The scope of this project is to develop OSINT Technical Standardization Agreement(s), supporting standardized procedures and protocols to enable the sharing of open-source data and intelligence across the Alliance. Within this context, the applicant will be assigned to SHAPE J26 and will be responsible for the following tasks:
- Review existing NATO STANAGs relevant to the OSINT standardization project and identify capability gaps;
- Collect and analyse existing standardization efforts ongoing within the Alliance (including Nations) and within industry, including international standards;
- Gather standardization requirements from Allies and the NATO Enterprise to enable the structured sharing and exploitation of PAI/CAI and OSINT products;
- Develop the first draft of the OSINT standard and coordinate its review across the NATO Enterprise;
- Coordinate activities with Allies via the Open-Source Intelligence Working Group (OSIWG), a sub-working group of the Joint Capability Group Intelligence, Surveillance, and Reconnaissance (JCGISR);
- Consolidate a mature version of the OSINT standard for National promulgation, either as an addendum to an existing STANAG or as a new standalone agreement;
- Support additional activities as urgent operational requests emerge, depending on the candidate's qualifications.
Roles and Responsibilities:
- This work will be carried out at SHAPE and remotely with travel to NCIA. The work will be conducted during normal office hours, as specified in the General Provisions, following the SHAPE, Belgium calendar.
- The Contractor will support the OSINT standardization project, under the supervision of SHAPE J26, with support from NCIA JISR Centre, the OSIWG Chair and the JCGISR Chair.
- The Contractor shall conduct the work in close collaboration with all stakeholders, as described below:
- SHAPE J26, Intelligence Systems Branch: Project lead and main stakeholder
- NCIA JISR Centre: Project Manager (PM) & Subject Matter Experts (SME) inputs
- OSIWG Chair: OSINT SME inputs and access to points of contact from wider Alliance OSINT community
- JCGISR Chair: STANAG guidance
SHAPE will use the following acceptance criteria to approve the documents:
Completeness:
- All sections specified in the SoW are included
- No incomplete, placeholder, or draft content remains
- Content is factually accurate and internally consistent
- Terminology is defined and used consistently throughout
- The document is aligned with applicable laws, regulations, and internal policies
- References to external standards or frameworks are provided where applicable
- Content has been coordinated with other stakeholders and does not contain duplications / contradictions of other standards. It builds upon existing efforts and identifies the delta
- Written in clear, professional language appropriate for the target audience
- Processes, requirements, or guidance are actionable and unambiguous
- Delivered in the agreed format and template
- Includes document control (version, date, owner)
- Suitable for formal approval and adoption
- Does not require material rework to meet intended purpose
Coordination and Reporting
- The Contractor personnel will be part of a team under the primary supervision of SHAPE J26.
- SHAPE J26 and the Contractor personnel will have regular meetings to review progress, address issues, and make necessary adjustments to the processes or production methodology. The meetings will be physically in the office, or in person via electronic means using Conference Call capabilities, according to the project team's instructions.
- The Contractor personnel shall establish a continuous feedback loop to gather input from all stakeholders for ongoing improvements and their subsequent implementation depending on SHAPE J26' approval.
- All Contractors/Sub-contractors shall be aware of all security rules pertaining to the handling of NATO classified information.
- Personnel Security Clearance (PSC): Individuals who require access or may have access to information classified NC or above during the course of their duties shall have a PSC, at the appropriate level, which is valid for the duration of the authorized access. In addition, such individuals are required to: Have a need-to-know; Have been briefed on their security obligations in respect to the protection of NATO Classified Information; and Have acknowledged their responsibilities either in writing or an equivalent method, which ensures non-repudiation.
- For this particular SOW the contractor will be required to access to NS level information.
- The work will be carried out at SHAPE, remotely, with potential meetings at NATO Command Structure Sites and NCIA.
A Sole contractor must accomplish this work and is identified as the primary contractor for each deliverable. In the event that the contractor leaves during the contract period, a new contractor who has the proven required qualifications and is evaluated qualified and suitable shall replace them, having received training and handover of the performed history of the project. All normal NCIA Terms and Conditions apply.
General Provisions
- SHAPE Recognized Business hours/Holidays: SHAPE official holiday schedule applies and will be provided to the contractor.
- SHAPE Hours of Operations: Monday to Thursday 0830 - 1730 and Friday 0830 - 1530 (CET)
Data Standardization and Structuring
- Common Data Formats: Ensuring that OSINT products (e.g., reports, imagery, metadata) use standardized formats such as JSON, XML, or STIX/TAXII (for cyber OSINT).
- Metadata Consistency: Harmonizing metadata fields (e.g., source reliability, time stamps, geolocation) to support effective ingestion, filtering, and fusion across systems.
- Language & Translation: Multilingual data must be normalized, which requires shared language models or translation standards.
- Software Interoperability: Different nations may use different OSINT platforms (e.g., Maltego, Palantir, IBM i2, or open-source tools). The standard must support APIs or data exchange interfaces that allow tool-to-tool communication.
- Modular Integration: Maintain visibility of microservices or containerized deployments (e.g., Docker/Kubernetes) to enable coalition Nations to integrate shared tools without altering core infrastructure.
- AI/ML Models: If AI is used to analyse OSINT, model formats and training data need to be shared or at least standardized for interpretability and comparability. This links with wider AI-ISR related work that JCGISR is pursuing.
- Provenance Tracking: Nations (and NATO) must be able to verify the origin and handling of data (chain of custody), especially for politically or legally sensitive content.
- Data Classification & Labelling: Even OSINT may be sensitive. Adoption of existing data tagging schemes (e.g., NATO's STANAG 4774/4778) ensures nations understand how OSINT data can be used, retained, and shared.
- Role-Based Access Control (RBAC): Accommodate the need for granular user and group-level permissions to reflect national policies and trust levels.
- Audit and Compliance Tools: Logs must be interoperable for audit trails across national boundaries.
- Legal Interoperability Support: Tools should support differential handling of OSINT based on national laws (e.g., GDPR in Europe vs. more permissive U.S. frameworks).
- Version Control: Shared OSINT reports must have trackable versions with edit history, allowing rollback and comparison across Nations.
- Shared Taxonomies and Tags: Common terminologies (e.g., threat actor names, location codes) reduce misinterpretation. Mandate and leverage existing ontologies like NATO's COI taxonomies (and the new CXCSRM from NDS) to aid interoperability of OSINT.
- Natural Language Understanding (NLU): For unstructured OSINT (like social media), ensure consistent semantic parsing across languages and platforms.
- Secure Software Supply Chains: Tools used for OSINT must themselves be vetted to avoid adversarial manipulation. This activity will required standardisation and links to wider trust and provenance assessment work.
- Secure Data Sharing Channels: Use encrypted communication protocols (TLS, VPNs) and ideally a federated architecture to maintain national data sovereignty.
- Latency and Syncing: Variations in national infrastructure may cause delays or inconsistent data replication—robust caching and sync logic is needed.
- Cross-Domain Solutions (CDS): Where OSINT is shared across classified/unclassified boundaries, trusted gateways or data diodes must be included in the architecture.
Required qualifications
- Nationally recognized/certified university qualification in Computer Science and/or Data Science. Or exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to SHAPE J26, that is, at least 3 years extensive and progressive expertise in duties related to the function of the post (e.g. standardization);
- Valid security clearance as from contract start date at minimum NATO SECRET level;
- Knowledge and experience with cloud service models and data platform services;
- Excellent knowledge of Open-Source International Standards
- Good knowledge of Open-Source Intelligence, formats and metadata;
- Good knowledge of data management in a complex multi-network/multi-user environment;
- Solid experience in working in a Microsoft environment with shared data access;
- Fluent in Business English;
- Ability to independently plan and execute assigned project tasks under guidance, taking into account policies, programme goals, priorities, funding and other planning constraints;
- Ability to work on its own and as part of a team;
- Highly motivated, good communication skills, team player;
- NATO and/or military experience;
- Knowledge of Microsoft Word/Excel, PowerPoint.
