2026-0098 MFA Internet Portals POC (NS) REMOTE - 9 Jul

  • Deadline Date: Thursday 09 July 2026
  • Build a Proof of Concept (POC) environment based on a single Entra ID Identity
  • Required Security Clearance: NATO SECRET (or UK SC)
Deadline Date:  Thursday 09 July 2026 Requirement: Multi-Factor Authentication on Internet Facing Portals - Proof of Concept Location:  Off-Site Cost Not to Exceed:  EUR 66,375 Period of Performance:  13 August 2026 through 30 December 2026 Required Security Clearance:  NATO SECRET Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:
  1. Current National or NATO SECRET clearance
  2. Nationality of one of the NATO member countries
  3. Current work visa for the specific location if applying for an in-country position
Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.Introduction Due to the findings in the Type 4 Security Audit NATO, technical teams have been tasked with planning and implementing a security standardisation for Multi-Factor Authentication for internet facing web-portals throughout the NATO enterprise.Scope:
  • Build a Proof of Concept (POC) environment based on a single Entra ID Identity Provider to a number of MFA technologies as MFA brokers.
  • Test and document POC applications against a set test criterion.
  • Build and test security logging with the security department.
  • Document Service delivery requirements and support documentation.
  • Work with Quality teams to align test strategy and test acceptance.
  • This SOW will not exceed EUR 73,750 (Deliverables and Travel).
Constraints:
  • The identification of the most fit-for-purpose solution is to be validated, confirmed and accredited.
  • The solution is to align with other ongoing NCIA efforts, including but not limited to: IT Modernization; NATO Cloud Programs; Protected Business Network; and NATO and NCIA Directives.
  • The solution is developed in close coordination with NCSC, NCIA and its technical staff. Coordination meetings shall take place at intervals sufficient to ensure information sharing and technical exchange.
  • Due to the criticality and dependencies of follow-on project elements, the solution is to be completed and accepted no later than end of December 2026.
MFA Internet Facing Portals - Extract Scope Preparation Phase and Configuration Business Analysis; Document current production configurations; Full production configuration export; Document current production MFA configuration (if it exists); Document current self-registration, onboarding and user lifecycle process; Screenshot and document current login and logout UI/UX; Inventory all application interfaces; User account audit and mapping; CIS Description; Test strategy; Test scripts created by principal users; Security Pen Testing; Dependency Map; Target Architecture; Training Materials; Runbooks.Execution Phase: POC Build and Technology Pillar Integration Create non-production Entra ID app registration; Configure Entra ID branding; Customize Entra ID sign-in and sign-out page text; Configure and map Entra ID MFA registration policy; Design Entra ID self-service signup, browser authentication, and first login flows; Configure Entra ID custom attributes; Customize Entra ID email templates; Configure Entra ID Terms of Use; Configure identity provider attribute mappers; Enable Account Linking strategy; Setup monitoring and alerting; Document rollback procedure.Technology Pillars: Moodle; SharePoint; Keycloak; Cognito.Requirements Qualifications: Identity and Access Management:
  • Minimum 5 years of experience in Identity and Access Management.
  • Strong knowledge of authentication protocols (SAML, OIDC).
  • Sound knowledge of federated identity management and Single Sign-On (SSO) solutions (Okta, Entra ID, and similar).
Multi-Factor Authentication:
  • Proven experience designing and rolling out MFA at scale in an enterprise environment (5,000+ users).
  • Experience with certificate-based MFA smart cards, YubiKeys, passkeys/WebAuthn, TOTP, and push-based MFA applications (Microsoft Authenticator, Duo, and similar).
  • Understanding of risk-based or adaptive authentication strategies.
Web Security and Secure Access Architecture:
  • Experience in securing web applications and APIs.
  • Strong understanding of TLS, client certificates, reverse proxies, and Zero Trust principles.
  • Experience with SSO integration of web applications.
  • Recent experience configuring MFA technologies on the following platforms (Technology Pillars) as brokers: Moodle; SharePoint; Keycloak; Cognito.
  • Demonstrated recent experience configuring Entra ID as an MFA Provider to the above MFA brokers.
  • Ability to produce high-standard documentation for testing and service delivery.
Communication and Interpersonal Skills:
  • Excellent verbal and written communication skills.
  • Full proficiency in English.
  • Ability to communicate technical information to non-technical users in a clear and concise manner.
Customer Service Orientation:
  • Strong customer service focus with a commitment to user satisfaction.
  • Patience and empathy when dealing with user issues and concerns.
Organisational Skills:
  • Attention to detail in documenting support activities and maintaining accurate records.
Team Collaboration:
  • Ability to work effectively as part of a team and share knowledge and resources.
  • Willingness to collaborate with colleagues to solve complex issues.
Other Requirements:
  • Strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
  • Must hold the nationality of one of the NATO member nations.
Apply Now
Apply Now

Job Details

Company
Park Lane Recruitment Ltd
Location
London, South East, England, United Kingdom
Hybrid / Remote Options
Employment Type
Full-Time
Salary
Salary negotiable
Posted