Multi-Factor Authentication on Internet facing portals Proof of Concept

Off-site (remote) Deadline: 10-07-2026 Posted: 26-06-2026 #17067

Duties

  • Build a Proof of Concept (POC) environment based on a single Entra ID Identity Provider to a number of MFA technologies as MFA brokers.
  • Test and document POC applications against a set test criterion.
  • Build and test security logging with security department
  • Document Service delivery requirements and support documentation
  • Work with Quality teams to align test strategy and test acceptance
  • Document current prod configurations
  • Screenshot/document current login and logout UI/UX
  • Inventory all application interfaces
  • Document current prod MFA configuration (if it exists)
  • Document current self-registration/onboarding/user lifecycle process
  • User account audit and mapping
  • Test scripts created by principal users
  • Security Pen Testing
  • Runbooks
  • Create non-production Entra ID app registration
  • Configure/Map Entra ID MFA registration policy
  • Configure Entra ID custom attributes
  • Configure identity provider attribute mappers
  • Setup monitoring and alerting
  • NCSC ASO CIS Security & Accreditation Coordination
  • Sysadmins Logs mapping
  • Test Entra ID branding matches app
  • Validate custom attributes flow correctly
  • Agree on success criteria, KPIs,
  • Create a migration plan for each Technology Provider

Requirement

  • Minimum 5 years of experience.
  • Strong knowledge of authentication protocols (SAML, OIDC).
  • Sound knowledge of federated identity management and Single Sign On (SSO) solution (Okta, Entra ID, ...).
  • Rolling out MFA at scale in an enterprise environment (5K users);
  • Experience with certificate-based MFA smart cards, YubiKeys, passkeys/webauthn, TOTP, and push-based MFA apps (Microsoft Authenticator, Duo, ...);
  • Understanding of risk-based or adaptive authentication strategies.
  • Experience in securing web applications and APIs;
  • Strong understanding of TLS, client certificates, reverse proxies, and Zero trust principles.
  • Experience with SSO integration of web applications.
  • The candidate must show recent experience on configuring MFA technologies following platforms (Technology Pillars) as brokers: a. Moodle b. Sharepoint c. Keycloak d. Cognito
  • The Candidate must demonstrate recent experience configuring Entra ID as an MFA Provider to the above MFA brokers
  • The candidate must produce high stand of documentation for testing and service delivery
  • The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
  • The duties of the contractor require a valid NATO SECRET (NS) security clearance, for the entire duration of the contract.
  • Full proficiency in English.
  • The candidate must have the nationality of one of the NATO nations.

Apply for this position

Back