Deadline Date: Tuesday 12 May 2026
Requirement: Cybersecurity Standards Engineering Support Services
Location: Brussels, BE
Full Time On-Site: Yes
Time On-Site: 100%
Total Scope of the request (hours): 1087
Required Start Date: No Later Than 17 June 2026
End Contract Date: 31 December 2026
Required Security Clearance: NATO SECRET
Special Terms and Conditions: The contractor will be responsible for complying with the respective national requirements for working permits, visas, taxes, social security etc. whilst working on site at NATO HQ Brussels, Belgium. No special status is either conferred or implied by the host organisation, NATO HQ Brussels, Belgium to the contractor whilst working on site. If the successful candidate is allowed to work remotely, travel to NATO HQ for meetings will be at the candidate’s expense. Travel to other locations will be reimbursed as if the travel originated in Brussels. Attendance at these meetings is mandatory.
1. INTRODUCTION
Cyber Digital Transformation Division (CDT) drives NATO’s Digital Transformation, a key objective is to strengthen the ability of Allies and the NATO Enterprise to deter, defend against and counter the full spectrum of cyber and cyber-enabled threats at the speed of relevance, comprehensively across the political, military, and technical levels. In particular, strengthen mechanisms and tools to enhance readiness and resilience against cyber threats across the Alliance, focusing in particular on Mission Vital Infrastructure (MVI).
We are looking for a well-rounded professional with excellent technical and communication skills as well as experience in the cybersecurity domain. NATO knowledge would constitute and asset.
2. TASKS
The Cyber Security Standard Engineering Support Services require a professional who can provide expert support in the analysis, coordination, development, and maintenance of NATO Cyber Security and CIS standards. The contractor will contribute to the design and evolution of NATO standardization artefacts within the cyber security domain, working closely with engineers, national subject matter experts, standards custodians, and relevant NATO stakeholders. The role supports the Interoperability and Standardization Section (ISS) as a cross-functional capability, ensuring consistent, secure, and interoperable cyber security standards across NATO’s digital technology portfolio. The contractor shall provide the following services in an effective and timely manner:
Requirements Analysis and Stakeholder Coordination
Description: The contractor shall engage with relevant stakeholders, including NATO committees, Capability Panels, national SMEs, and standards custodians, to elicit, analyse, and validate requirements related to cyber security standards and CIS protection. This includes translating complex cyber security specifications, policies, and operational needs into clear, actionable, and testable requirements.
Measurement: Success will be measured by the delivery of stakeholder-approved requirements documentation, traceability between requirements and resulting standards artefacts, and documented stakeholder interactions and decisions. Timeline: Continuously throughout the period of performance.
Development and Maintenance of Cyber Security Standards
Description: The contractor shall contribute to the development, review, and maintenance of NATO cyber security standards, ensuring alignment with NATO policies and internationally recognized frameworks such as NIST and ISO. This includes supporting the lifecycle of standardization artefacts within NATO governance processes.
Measurement: Success will be measured by the delivery and acceptance of standards artefacts by relevant governance bodies, compliance with applicable frameworks, and alignment with operational cyber security requirements.
Timeline: Continuously throughout the period of performance, with key deliverables aligned to governance cycles.
Development of Cyber Security Conformance Criteria and Audit Objectives
Description: The contractor shall define, document, and maintain cyber security conformance criteria and audit objectives, with a focus on enabling automation of compliance verification wherever feasible. This includes ensuring that criteria are measurable, testable, and aligned with NATO security policies and standards.
Measurement: Success will be measured by the delivery of approved conformance criteria, demonstrated applicability in auditing or compliance activities, and evidence of automation potential or implementation.
Timeline: Initial development by the end of Q4 2026, with continuous updates and refinement thereafter.
Development of Cyber Security Reference Architectures
Description: The contractor shall design and maintain cyber security reference architectures, including the application of modern security principles such as Zero Trust. These architectures shall support secure system design across NATO CIS environments, including cloud and AI-enabled systems.
Measurement: Success will be measured by the delivery of validated reference architectures, alignment with NATO security policies, and adoption or reuse across systems or programmes.
Timeline: Delivery of the proposed solutions by the end of Q4 2026.
Support to Secure Cloud and AI Capabilities
Description: The contractor shall support the development and standardization of security measures for cloud-based environments and AI-enabled systems, ensuring that emerging technologies are aligned with NATO cyber security standards and best practices.
Measurement: Success will be measured by the integration of security standards into cloud and AI-related initiatives, demonstrated alignment with security requirements, and stakeholder validation of delivered outputs.
Timeline: Continuously throughout the period of performance.
Interoperability and Standards Harmonization
Description: The contractor shall ensure that cyber security standards are harmonized across NATO CIS domains and aligned with international standards and frameworks. This includes supporting interoperability between systems and reducing inconsistencies across standards and implementations.
Measurement: Success will be measured by demonstrated alignment across standards, reduction of identified inconsistencies, and validation of interoperability in relevant environments or use cases.
Timeline: Continuously throughout the period of performance.
Reporting, Briefings, and Technical Communication
Description: The contractor shall prepare and deliver briefings, presentations, and reports to NATO committees, Capability Panels, and working groups, clearly communicating technical concepts, progress, and recommendations related to cyber security standards.
Measurement: Success will be measured by the timely delivery of high-quality reports and presentations, documented briefings, and stakeholder feedback demonstrating clarity, relevance, and effectiveness of communication.
Timeline: Continuously throughout the period of performance.
Support to Unforeseen and Ad Hoc Requirements.
Description: The contractor shall provide support to unforeseen or ad hoc requirements within the scope of cyber security standards engineering, data standardization, and interoperability, as requested and prioritised by CDT. Such support shall be subject to mutual agreement on scope, effort, and priority.
Measurement: Success will be measured by the timely and effective delivery of agreed support activities, as documented in tasking requests, and acceptance of outputs by CDT.
Timeline: Continuously throughout the period of performance.
3. PROFILE
[See Requirements]
4. LOCATION OF DUTY
The contractor will be embedded within CDT at NATO HQ, Brussels Belgium, working in close coordination with the Interoperability and Standardization Section (ISS) within the Strategy and Policy Directorate, the NATO Communication and Information Agency (NCIA), Capability Panels, and other stakeholders.
The services are to be provided on-site. Teleworking is possible (within Belgium only) on a case-by-case basis, subject to management approval.
5. TIMELINES
The services of the contractor are required for the period starting as soon as possible but no later than 17 June 2026 until 31 December 2026.
A contract extension is possible for the calender year 2027. The contract extensions are subject to performance of the contractor and related NATO regulations and budget availability
6 SPECIFIC WORKING CONDITIONS
The work will be performed in an office-based environment within a secure setting, under standard working hours. Occasional non-standard working hours may be required to support urgent or high-priority tasks.
7 TRAVEL
The contractor will be expected to undertake business travel in support of specification development and coordination with security engineering stakeholders across NATO entities.
The frequency and duration of travel will depend on operational requirements and tasking needs.
Travel expenses will be reimbursed to the individual directly (in addition to the hourly rate) under NATO rules. Travel to Shape will not be reimbursed
8 SECURITY AND NON-DISCLOSURE AGREEMENT
The contractor must hold, or be capable of obtaining, a NATO SECRET security clearance.
The contractor will be required to sign a Non-Disclosure Agreement prior to commencing work.
Requirements
8 SECURITY AND NON-DISCLOSURE AGREEMENT
1. The contractor must hold, or be capable of obtaining, a NATO SECRET security clearance.
3. PROFILE
2. The candidate must possess a university degree in a relevant engineering or technical field such as computer science, systems science, or an equivalent technical qualification.
3. The candidate must have comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications.
4. The candidate must have at least five (5) years of demonstrated experience working with national or international CIS and cyber security standards, including their application and auditing at both governance and operational levels. Demonstrated experience working with NIST and ISO standards is essential.
5. The candidate must have demonstrated experience in securing cloud-based environments.
6. The candidate must have demonstrated experience in defining and implementing cyber security architectures, including Zero Trust principles.
7. The candidate must have good knowledge of securing AI-enabled systems and data-driven capabilities.
8. The candidate must have knowledge of high-level programming languages. Experience with languages such as Python is desirable.
9. The candidate must demonstrate strong communication and presentation skills, including the ability to convey complex cyber security concepts to both technical and non-technical audiences.
10. The candidate must demonstrate strong project management skills.
11. The candidate must demonstrate the ability to analyse complex cyber security specifications and translate them into clear, actionable requirements or standards artefacts.
12. The candidate must demonstrate a strong security-focused and analytical mindset, with attention to detail and problem-solving capability.
13. Knowledge of NATO Security Policy and its supporting Directives is desirable.
14. Knowledge of the NATO Digital Policy Committee (DPC) and its substructure is desirable.
15. Knowledge of NATO standardization artefacts, including STANAGs, Allied Communications Publications (AComP), and Standards Related Documents (SRD), is desirable.
16. Knowledge of NATO CIS Security Accreditation processes, or equivalent national processes, is desirable.
17. Knowledge of additional cyber security standards and frameworks, such as PCI-DSS, FedRAMP, or C5, is desirable.
18. Recognised professional certifications in cyber security and/or project management are desirable.