SC2022-002363 Web Vulnerabilities Assessment Professional (NS) - FRI 2 Sep

Deadline Date: Friday 2 September 2022

Requirement: Web Vulnerabilities Assessment Professional

Location: Mons, BE

Full time on-site: Yes

NATO Grade: A/132

Total Scope of the request (hours): 418

Required Start Date: 3 October 2022

End Contract Date: 31 December 2022

Required Security Clearance: NATO SECRET

Specific Working Conditions: The work will be executed on-site. Payment of work will take place monthly on a pro-rata basis following confirmation of expended level of effort. This is a level of effort contract with a scope of 60 working days, where deliverables and acceptance criteria will be identified during a kick off meeting with NCIA and OCIO staff. A biweekly meeting will take place to track progresses.

Duties & Role:

Under the direction of the NCSC Security Compliance and Mitigation section Head, the incumbent will execute following tasks:

• Organize, manage and coordinate website vulnerability assessments
• Collect and consolidate the vulnerabilities discovered during the assessment campaigns;
• Execute Vulnerability Management duties, based on the Security findings reported from the assessment campaigns. This includes:
  • Validating the severity of discovered vulnerabilities,
  • Contextualising the vulnerabilities in the light of NATO policies and best practices,
  • Determining possible remediation and mitigation measures,
  • Assigning priorities,
  • Contacting and liaising with relevant system owners and proposing a remediation plan,
  • Track and trace all remediation actions, and report progress to OCIO.
• After each campaign, deliver a comprehensive vulnerability report, taking into account all identified security shortfalls, and the associated action plans

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance.

General experience requirements:

• Experience in Cyber Security, ideally having a former or current background as a Web pentester or, at least, demonstrating being able to understand and interpret the technical details of a web pentest report.
• Experience in the Vulnerability Assessment and / or Management area, particularly in the interpretation of the results of CIS Technical Security Vulnerability Assessments.
• Experience in the implementation and integration of CIS Security protective measures, or practical hands-on experience in system and network administration.
• Excellent communication skills with respect to briefing/presenting, report writing & mediation and relevant experience.
• Comprehensive understanding of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience