Web Application Security Assessment Vulnerability Manager
Mons, BE

SC2023/002866, Web Application Security Assessment Vulnerability Manager


Under the direction of the NCSC / Security Compliance and Mitigation / Vulnerability Mitigation Cell Head, the incumbent will execute following tasks:

  • Organize, manage and coordinate website vulnerability assessments
  • Collect and consolidate the vulnerabilities discovered during the assessment campaigns;
  • Execute Vulnerability Management duties, based on the Security findings reported from the assessment campaigns. This includes:
  • Validating the severity of discovered vulnerabilities,
  • Contextualising the vulnerabilities in the light of NATO policies and best practices,
  • Determining possible remediation and mitigation measures,
  • Defining / Assigning priorities,
  • Contacting and liaising with relevant system owners and proposing a remediation plan,
  • Track and trace all remediation actions, and report progress to OCIO.
  • After each campaign, deliver a comprehensive vulnerability report, taking into account all identified security shortfalls, and the associated action plans
  • This Statement of Work (SoW) specifies the required skillset and experience and expected deliverables. Development environment(s) and software licenses as required for execution of the work are provided by the NCI Agency.
  • Any customization or code developed under this contract remains intellectual property of NATO


General experience requirements:

  • Experience in Cyber Security, ideally having a former or current background as a Web pentester or, at least, demonstrating being able to understand and interpret the technical details of a web pentest report.
  • Experience in the Vulnerability Assessment and / or Management area, particularly in the interpretation of the results of CIS Technical Security Vulnerability Assessments.\
  • Comprehensive knowledge of the Web Application security implementation concepts and experience in the modern Web Application security assessment
  • Experience in the implementation and integration of CIS Security protective measures, or practical hands-on experience in system and network administration.
  • Excellent communication skills with respect to briefing/presenting, report writing & mediation and relevant experience.
  • Comprehensive understanding of the NATO structure and mission. Experience with classified data handling.
  • Comprehensive understanding of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience

Reageren op aanvraag