# NATOIS-0046 Software Engineer (NS) - WED 15 Jul

> EMW, Inc. · Brussels, Belgium (Hybrid) · Contract · Posted 2026-07-06

**Workplace:** hybrid

**Department:** AAS

## Description

**Deadline Date:** Wednesday 15 July 2026

**Requirement:** Software Engineer

**Location:** Brussels, BE

**Full Time On-Site:** No

**Time On-Site:** 50%

**Total Scope of the request (hours):** Base period of 2026: 38 hours/week, for a total of 18 weeks and a total of 684 hours.

Option 1: 30.4 hours/week, for a total of 42 weeks and a total of 1276.8 hours

Option 2: 30.4 hours/week, for a total of 42 weeks and a total of 1276.8 hours.

**Period of Performance:** 2026 BASE: 18 August - 31 December 2026, with possibility to exercise the following options:

Option 1: Jan – Dec 2027

Option 2: Jan – Dec 2028

**Required Security Clearance:** NATO SECRET

**Special Terms and Conditions:** The contractor will be responsible for complying with the respective national requirements for working permits, visas, taxes social security etc. whilst working on site at NATO HQ- Brussels, Belgium. No special status is either conferred or implied by the host organisation, NATO HQ- Brussels, Belgium on to the contractor whilst working on site.

**1 GENERAL**

**1.1 Introduction**

1.1.1 The Cyber Threat Analysis Branch (CTAB) is looking for a Software Engineer with experience in application development and cloud-based infrastructure to support the development of NATO’s cyber threat intelligence platform in order to enhance cyber threat intelligence production for the NATO Enterprise and Alliance.

**1.2 Background Information**

1.2.1 The Joint Intelligence and Security Division (JISD), under the leadership of the Assistant Secretary General for Intelligence and Security (ASG I&S), comprises two principal pillars: Intelligence – headed by the Deputy ASG for Intelligence; and the NATO Office of Security (NOS) – headed by the Deputy ASG for Security. Intelligence is responsible for ensuring the situational awareness of the North Atlantic Council and the Military Committee, for the analysis of the indications and warnings in support of the NATO Crisis Response System and for the development of intelligence policies and capabilities for NATO. Its functional areas address: intelligence analysis and production, intelligence policy and capability development.

1.2.2 The joint civilian and military Intelligence Production Unit (IPU), under the JISD, delivers strategic intelligence-based analysis to support North Atlantic Council (NAC) and Military Committee (MC) decision making on strategic issues of concern. The IPU produces a range of planned and tasked intelligence products on regional issues in Eurasia, Africa and the Middle East, and on transnational issues such as hybrid warfare, terrorism, instability, weapons of mass destruction and energy security.

1.2.3 The Cyber Threat Analysis Branch (CTAB), under the IPU, is responsible for providing evidence-based assessments of the cyber threat landscape to empower NATO stakeholders to make risk-informed decisions. The multidisciplinary team combines all-source data with cutting edge technologies to support and enhance the Alliance leaderships’ understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis, cyber threat intelligence, and threat hunting.

**2 STATEMENT OF OBJECTIVES**

**2.1 Corporate Objective**

2.2 The contractor (Software Engineer) will support the work of the Cyber Threat Analysis Branch and be responsible for further developing the cloud-based NATO Cyber Threat Intelligence Platform.

**2.3 Contract Objective**

2.3.1 Obtain specialist consulting services to support the following initiatives:

2.3.1.1 Together with a senior Cloud Engineer, manage and improve NATO’s cloud-based cyber threat intelligence platform by working on data pipelines, CI/CD workflows, code extensions, application updates and cloud architecture while keeping security and documentation front and centre.

2.3.1.2 Together with Threat Researchers, design, develop and optimize API integrations and expand custom functionalities (in Python and Storm) within the platform to ensure correct ingestion and correlation of large amounts of technical and non-technical cyber threat intelligence data.

2.3.1.3 Together with a Data Scientist, work to integrate artificial intelligence (such as Large Language Models) into the cyber threat intelligence platform by ensuring code quality and improving developed software.

2.3.1.4 Continuously try to find new ways to improve the platform through developing and integrating novel extensions and applications that improve the ingestion, correlation and representation of data.

**2.4 Management Objective**

2.4.1 Allow the Contractor the maximum flexibility to innovatively manage its corporate resources and expertise so as to provide a high-value contribution in support to the NATO’s corporate and contract objectives within existing constraints and available funding.

**3 PERSONNEL AND RESOURCES**

\[See Requirements\]

**4 HOURS OF OPERATION**

4.1 While performing at NATO sites, Contractor’s personnel must work during NATO official working hours (normally between 8:30–18:00, Monday to Thursday, and between 8:30-16:00 on Friday), unless otherwise specified in the task orders. Recognized holidays are official holidays approved by the NATO site specified in the task order, or if no site is specified in the task order, by the NATO Headquarters. A list of the official holidays can be obtained from the NATO Project Manager designated in task orders.

4.2 Exceptionally, Contractor’s personnel may be required to work outside normal working hours.

4.3 Exceptionally, Contractor’s personnel may be required to visit other locations other than those specified in the task order in order to participate in project-related meetings, in which case any associated travel costs will be reimbursed.

4.4 Contractor’s Key Personnel performing services under Contract shall take vacation and voluntary leave at times agreed between the Contractor and the designated NATO Project Manager.

**5 NATO FURNISHED PROPERTY AND SERVICES**

5.1 The Organization will provide the Contractor with a secure working environment in NATO HQ for an expected minimum of 2 days per week, where the other 2 days per week are remote work from home (for a total 4-day work-week), as well as access to the CTAB cyber threat intelligence platform.

**6 CONTRACTOR FURNISHED PROPERTY AND SERVICES**

6.1 Except for those items or services specifically stated to be NATO furnished in Section 5 above, the Contractor shall furnish everything required to perform this Contract.

**7 CONTRACTOR TASKS**

**7.1 General**

7.1.1 Under the guidance and supervision of the NATO IS Procurement Service, the selected service provider will be responsible for the execution of the tasks and for the delivery of the specialist products specified in this SOW.

**7.2 Task Order Management**

7.2.1 The Contractor will be responsible for conducting general application development for the current threat intel platform to support NATO’s cyber threat intelligence production. The Contractor must:

7.2.1.1 Develop and maintain custom extensions to the cyber threat analysis platform using Python and storm, with a strong focus on API-based integrations and service-to-service communication. Expose and consume internal and external APIs to integrate threat intelligence data sources and downstream tooling. Conduct both activities in coordination with threat intelligence researchers in support of their objectives and requirements.

7.2.1.2 Create and maintain applications on the AWS cloud environment together with the senior Cloud Engineer. Package and deploy services using Docker containers, supporting both cloud and on-premises virtualized environments. Set-up and use code review and CI/CD pipelines, and ensure the utmost security of the code as well as adequate documentation of conducted work.

7.2.1.3 Enhance NATO’s cyber threat intelligence capabilities by developing, together with a data scientist, novel and AI-driven solutions to process, enrich, and analyse large volumes of threat intelligence data. Ensure that we are doing things as smart as possible and push for novel implementations where you see possibility.

7.2.1.4 Participate in team and branch calls as required by the team lead to give status updates on projects and developments pertinent to the Contractor’s tasks. Solicit feedback on conducted work and implement it.

7.3 Development of Specialist Products

7.3.1 The Contractor shall produce the Deliverables as specified in the task order management under supervision of the NATO Project Manager. The Contractor shall submit Deliverables to the NATO Project Manager for Quality Review, test or inspection not later than the dates specified by the NATO Project Manager.

7.3.2 The Contractor shall continuously validate any deliverables with the NATO Project Manager and peers within CTAB.

7.3.3 The Contractor shall hold periodic sessions with the NATO Project Manager to make sure that the deliverables are aligned with NATO’s expectations.

**8 QUALITY CONTROL**

8.1 Contractor’s products must comply with the criteria as set forth by the NATO Project Manager. Contractor must implement an appropriate quality control process in order to make sure that the products which are submitted for quality review, inspection or acceptance are of acceptable quality.

8.2 The Organization will immediately stop the review, inspection, acceptance or delivery of those products or services that are affected by material deficiencies, significant omissions, or gross mistakes and return the delinquent products to the Contractor for correction, or request the reperformance of service. The review and acceptance processes will be suspended until the Contractor’s shows that the product has been subject to a thorough quality control before being submitted again for review.

**9 QUALITY ASSURANCE AND CONTRACTOR PERFORMANCE ASSESSMENT**

**9.1 General**

9.1.1 NATO will evaluate the Contractor’s performance under this task order in accordance with reasonable quality assurance procedures and techniques such as random and periodic inspections and surveys. All observations will be recorded by NATO Project Manager or his/her designees. When an observation indicates defective performance, the NATO Project Manager will obtain the Contractor’s representative’s initials on the record of the observation. Contract Discrepancy Reports will be issued wherever the nature and circumstances of the deficiency warrant such a measure.

**9.2 Performance Evaluation Meetings**

9.2.1 The Contractor’s contract or project manager may be required to meet periodically with the NATO Project Manager and the Procurement Officer during the period of task order performance. Meetings will be scheduled as required. The Contractor may request meetings whenever a Contract Discrepancy Report is issued. The written minutes of these meetings shall be signed by the contractor’s manager, Procurement Officer, and NATO Project Manager. If the Contractor does not concur with the minutes, any areas of non-concurrence shall be submitted to NATO Project Manager within 10 working days of receipt of the signed minutes.

## Requirements

**3 PERSONNEL AND RESOURCES**

**3.1 General Requirements**

-   The contractor shall be proficient in English.
-   The Contractor will require a NATO SECRET clearance.

**3.2 Specific Requirements**

In addition to the generic qualification requirements, the Contractor must have:

-   A university degree from a nationally recognised/certified university in a technical subject with substantial software engineering and information technology content – OR – at least 2 years’ experience similar to the tasks described in this SoW and relevant industry recognized certificates.
-   Demonstratable knowledge of best practices for the software development life cycle, including coding standards, code reviews, and testing. Is familiar with CI/CD workflows, and can work with Terraform to implement them.
-   Proficient in Python and a deep working knowledge of the Linux command line and git. Has demonstratable knowledge in managing and orchestrating Docker containers and working with Kubernetes. Demonstrated ability and willingness to learn new programming languages and technologies quickly, with a focus on applying them effectively in production environments. Knowledge of the Storm Query Language (from Synapse Vertex) is strongly preferred but not required for this role.
-   Expertise in AWS and cloud best-practices, with working knowledge of modern AWS services such as Lambda, API Gateway, CloudFront, Route 53, and ALB/NLB. Similar knowledge of Azure is preferred but not required for this role. Strong experience working with RESTful APIs, including data ingestion, transformation, and integration.
-   Previous experience with full-stack applications including modern frontend development is strongly preferred but not required for this role.
-   Experience within cybersecurity and/or the intelligence domain is strongly preferred but not required for this role.
-   Good communication skills, both orally and written. Able to translate complex technical topics into information conveyable to non-domain experts. Can easily cooperate with non-engineers and explain conducted work, as well as give and take feedback.

## Apply

[Apply at EMW, Inc.](https://apply.workable.com/emw/j/4EEF3D27DC/apply)

---
Powered by [Workable](https://www.workable.com)
