2026-0098 MFA Internet Portals POC (NS) REMOTE - 9 Jul

Job Description

  • Deadline Date: Thursday 09 July 2026
  • Build a Proof of Concept (POC) environment based on a single Entra ID Identity
  • Required Security Clearance: NATO SECRET (or UK SC)

Deadline Date: Thursday 09 July 2026Requirement: Multi-Factor Authentication on Internet Facing Portals - Proof of ConceptLocation: Off-SiteCost Not to Exceed: EUR 66,375Period of Performance: 13 August 2026 through 30 December 2026Required Security Clearance: NATO SECRET Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:

  • Current National or NATO SECRET clearance
  • Nationality of one of the NATO member countries
  • Current work visa for the specific location if applying for an in-country position

Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.IntroductionDue to the findings in the Type 4 Security Audit NATO, technical teams have been tasked with planning and implementing a security standardisation for Multi-Factor Authentication for internet facing web-portals throughout the NATO enterprise.Scope:

  • Build a Proof of Concept (POC) environment based on a single Entra ID Identity Provider to a number of MFA technologies as MFA brokers.
  • Test and document POC applications against a set test criterion.
  • Build and test security logging with the security department.
  • Document Service delivery requirements and support documentation.
  • Work with Quality teams to align test strategy and test acceptance.
  • This SOW will not exceed EUR 73,750 (Deliverables and Travel).

Constraints:

  • The identification of the most fit-for-purpose solution is to be validated, confirmed and accredited.
  • The solution is to align with other ongoing NCIA efforts, including but not limited to: IT Modernization; NATO Cloud Programs; Protected Business Network; and NATO and NCIA Directives.
  • The solution is developed in close coordination with NCSC, NCIA and its technical staff. Coordination meetings shall take place at intervals sufficient to ensure information sharing and technical exchange.
  • Due to the criticality and dependencies of follow-on project elements, the solution is to be completed and accepted no later than end of December 2026.

MFA Internet Facing Portals - Extract ScopePreparation Phase and ConfigurationBusiness Analysis; Document current production configurations; Full production configuration export; Document current production MFA configuration (if it exists); Document current self-registration, onboarding and user lifecycle process; Screenshot and document current login and logout UI/UX; Inventory all application interfaces; User account audit and mapping; CIS Description; Test strategy; Test scripts created by principal users; Security Pen Testing; Dependency Map; Target Architecture; Training Materials; Runbooks.Execution Phase: POC Build and Technology Pillar IntegrationCreate non-production Entra ID app registration; Configure Entra ID branding; Customize Entra ID sign-in and sign-out page text; Configure and map Entra ID MFA registration policy; Design Entra ID self-service signup, browser authentication, and first login flows; Configure Entra ID custom attributes; Customize Entra ID email templates; Configure Entra ID Terms of Use; Configure identity provider attribute mappers; Enable Account Linking strategy; Setup monitoring and alerting; Document rollback procedure.Technology Pillars: Moodle; SharePoint; Keycloak; Cognito.RequirementsQualifications:Identity and Access Management:

  • Minimum 5 years of experience in Identity and Access Management.
  • Strong knowledge of authentication protocols (SAML, OIDC).
  • Sound knowledge of federated identity management and Single Sign-On (SSO) solutions (Okta, Entra ID, and similar).

Multi-Factor Authentication:

  • Proven experience designing and rolling out MFA at scale in an enterprise environment (5,000+ users).
  • Experience with certificate-based MFA smart cards, YubiKeys, passkeys/WebAuthn, TOTP, and push-based MFA applications (Microsoft Authenticator, Duo, and similar).
  • Understanding of risk-based or adaptive authentication strategies.

Web Security and Secure Access Architecture:

  • Experience in securing web applications and APIs.
  • Strong understanding of TLS, client certificates, reverse proxies, and Zero Trust principles.
  • Experience with SSO integration of web applications.
  • Recent experience configuring MFA technologies on the following platforms (Technology Pillars) as brokers: Moodle; SharePoint; Keycloak; Cognito.
  • Demonstrated recent experience configuring Entra ID as an MFA Provider to the above MFA brokers.
  • Ability to produce high-standard documentation for testing and service delivery.

Communication and Interpersonal Skills:

  • Excellent verbal and written communication skills.
  • Full proficiency in English.
  • Ability to communicate technical information to non-technical users in a clear and concise manner.

Customer Service Orientation:

  • Strong customer service focus with a commitment to user satisfaction.
  • Patience and empathy when dealing with user issues and concerns.

Organisational Skills:

  • Attention to detail in documenting support activities and maintaining accurate records.

Team Collaboration:

  • Ability to work effectively as part of a team and share knowledge and resources.
  • Willingness to collaborate with colleagues to solve complex issues.

Other Requirements:

  • Strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
  • Must hold the nationality of one of the NATO member nations.

Job Details

Company
Park Lane Recruitment Ltd
Location
London, UK
Hybrid / Remote Options
Employment Type
Full-time
Posted