Deadline Date: Friday 2 September 2022
Requirement: Web Vulnerabilities Assessment Professional
Location: Mons, BE
Full time on-site: Yes
NATO Grade: A/132
Total Scope of the request (hours): 418
Required Start Date: 3 October 2022
End Contract Date: 31 December 2022
Required Security Clearance: NATO SECRET
Specific Working Conditions: The work will be executed on-site. Payment of work will take place monthly on a pro-rata basis following confirmation of expended level of effort. This is a level of effort contract with a scope of 60 working days, where deliverables and acceptance criteria will be identified during a kick off meeting with NCIA and OCIO staff. A biweekly meeting will take place to track progresses.
Duties & Role:
Under the direction of the NCSC Security Compliance and Mitigation section Head, the incumbent will execute following tasks:
- Organize, manage and coordinate website vulnerability assessments
- Collect and consolidate the vulnerabilities discovered during the assessment campaigns;
- Execute Vulnerability Management duties, based on the Security findings reported from the assessment campaigns. This includes:
- Validating the severity of discovered vulnerabilities,
- Contextualising the vulnerabilities in the light of NATO policies and best practices,
- Determining possible remediation and mitigation measures,
- Assigning priorities,
- Contacting and liaising with relevant system owners and proposing a remediation plan,
- Track and trace all remediation actions, and report progress to OCIO.
- After each campaign, deliver a comprehensive vulnerability report, taking into account all identified security shortfalls, and the associated action plans
Requirements
Skill, Knowledge & Experience:
- The candidate must have a currently active NATO SECRET security clearance.
General experience requirements:
- Experience in Cyber Security, ideally having a former or current background as a Web pentester or, at least, demonstrating being able to understand and interpret the technical details of a web pentest report.
- Experience in the Vulnerability Assessment and / or Management area, particularly in the interpretation of the results of CIS Technical Security Vulnerability Assessments.
- Experience in the implementation and integration of CIS Security protective measures, or practical hands-on experience in system and network administration.
- Excellent communication skills with respect to briefing/presenting, report writing & mediation and relevant experience.
- Comprehensive understanding of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience