#NC25SED185018 - Cloud vulnerability scanning - Closed
Deadline: December 16, 2025
Requester: NATO
Location: Mons, Belgium
Job type: Contractor
Start date: January, 2026
Security clearance: NO CLEARANCE
SCOPE OF WORK / DUTIES / ROLES
Active Scanning Components:
- Solution shall provide a Technology dashboard | real-time;
- It shall take screenshots of discovered NATO internet-facing web assets;
- The dashboard shall visualize, provide filter option on asset types;
- The solution shall allow exports of identified vulnerabilities in various formats (at minimum .csv);
- Technical support for either issues around the technology itself, RFI about specific vulnerabilities and functionally related shall be available 24/7. The response time shall be within 1-2 days irrespective of subscribed service volume;
- The solution shall support search for individual Common Vulnerability Exposures (CVEs), a group of customizable CVEs and or vulnerabilities;
- Customer customizable, defined tagging or labelling shall be possible for assets, with built-in automation to reduce manual efforts;
- The solution shall support various types of alerting for issues around service degradation and/or vulnerabilities (e.g. email alert, dashboard alerts etc.);
- The response time of the solution to provide vulnerability and/or misconfiguration scanning templates for newly public disclosed vulnerabilities/misconfigurations shall be rapid. Ideally within 1-2 days after public disclosure or solution provider (threat intel) awareness;
- It shall be at all-time possible for the customer to access and review how the service technically detect, identifies, evaluates and scores vulnerabilities.
Scan(s):
-
Daily, weekly, monthly, configurable scan execution windows;
-
The scan ports shall be customizable;
-
The header information shall be customizable;
-
Scan source IP or IP ranges shall be single, stable, and continuously visible. Morphing, ever-changing Scan IP, IP ranges are not permitted. Static IPs or IP ranges used for scanning shall be limited to the minimum required;
-
The customer shall have the possibility to create custom scan templates or request the creation for such from the provider with a short turnaround of no more than 6 hours;
-
Ad-hoc, customer initiated scans for a single asset, customized group of assets for a single vulnerability or grouped shall be at all-time possible without the need to scan for a whole IP range.
Seed(s):
-
Domain, Email, Web Application & Netblock based seeds shall be supported Integration;
-
The tool support integration with JIRA and/or Plextrac;
-
API integration support is required;
-
It shall be possible to choose, customize, group integrations and have continuous support on customer integration requirements;
-
Optional - The solution detects and alerts on compromised credentials from various sources (infostealer logs, web, dark web, etc.).
REQUIRED SKILLS, KNOWLEDGE AND EXPERIENCE
This position is now closed.
We regularly add new positions. We suggest exploring other available opportunities and staying updated by following our LinkedIn page.
If you don’t find any suitable opportunities, you can send us your CV, as an open application. However, we will not submit you to any vacancies without your written consent.