2025-0234 Level 3 Support For Web Application Security

Operations:

• Configure and maintain Cloudflare WAF rules
  and policies, in line with NATO Security Policy, to protect against OWASP Top
  10 and other emerging threats.
  
• Implement and manage WAAP features for
  securing APIs and applications, including schema validation, threat
  intelligence, and behavioural analysis. 
  
• Implement Rate Limiting Policies to protect
  APIs and web applications from abuse, brute force attacks, and scraping
  attempts. Design intelligent thresholds based on traffic patterns and
  application sensitivity.
  
• Monitor and mitigate DDoS attacks,
  leveraging Cloudflare’s L3/L4/L7 protection capabilities. 
  
• Optimize CDN configurations to ensure high
  availability, low latency, and efficient caching strategies.
  
• Deploy and fine-tune Bot Management policies
  to differentiate between good bots and malicious traffic.
  
• Leverage Cloudflare Workers to deploy server
  less functions at the edge for custom logic, header rewriting, request
  inspection, or response manipulation.
  
• Monitor and enforce Page Rules for
  URL-specific behaviours such as redirects, cache settings, and security
  controls.
  
• Analyse traffic patterns, security logs, and
  incident data to proactively identify and remediate vulnerabilities.
  
• Work closely with DevOps, Application
  Security, and Networking teams to enforce secure deployment practices.
  
• Respond to security incidents and support
  troubleshooting efforts related to Cloudflare services.
  
• Keep documentation up to date for security
  policies, procedures, and architecture diagrams.
  
• Stay current with Cloudflare’s roadmap,
  industry trends, and evolving threat landscapes.
  

• Maintain updates to the CMDB with the
  Configuration Items used by the services/systems listed in Annex C;  
  

• Log and track incidents, work orders and
  change requests using the incident ticketing system (ITSM);
  
• Investigate and resolve Application Security
  Service (WAF, WAAP, CDN, etc), Performance and Availability (CDN) and Threat
  Mitigation and Resilience (DDoS, Rate Limiting) related issues, directly
  assigned by end-users/requesters, or escalated from Level 2 support, within the
  staff competences and administrator permissions;
  
• Maintain communication with end-users when
  needed;
  
• Ensure all tickets are updated with accurate
  and detailed information and resolved (or assigned to appropriate stakeholders)
  within the agreed service levels;
  
• Escalation:
  
• Escalate complex issues to Level 4 support
  (vendor) or appropriate teams when necessary.
  
• Follow up on escalated issues to ensure
  timely resolution and user satisfaction.
  
• Knowledge Base Management:
  
• Contribute to the creation/maintenance of a
  knowledge base, documenting common issues and solutions.
  
• Share knowledge and best practices with team
  members to improve overall service quality.
  
• Performance Monitoring:
  
• Monitor support metrics and KPIs to ensure
  high-quality service delivery.
  
• Participate in regular reviews to identify
  areas for improvement and implement corrective actions.
  

• Leverage Infrastructure as Code (IaC) tools
  (e.g., Terraform or Cloudflare’s native SDK/curl) to establish and maintain a
  scalable, repeatable, and auditable security posture through the deployment and
  management of Cloudflare WAF rules, firewall policies, custom configurations,
  and security settings.
  
• Utilize automation to create workflows for
  repetitive tasks, improve service efficiency and proactively implement
  solutions.
  
• Communication and Collaboration:
  
• Communicate effectively with internal user
  community to understand their issues and provide clear instructions.
  
• Collaborate with IT teams to resolve issues
  and improve service delivery.
  

• The Contractor shall start the execution of
  the contract by implementing the transition-in onboarding plan.
  
• The on-boarding plan shall include at the
  minimum:
  
• Detailed schedule of the activities with
  GANTT chart.
  
• Resources and PFE required from the
  Purchaser for successful execution of onboarding plan.
  
• The on-boarding period will be divided in
  two parts; Shadowing and Reverse Shadowing.
  
• For the Transition-In on-boarding, Shadowing
  will be the monitoring of Purchaser’s activities by the Contractor for each
  product listed in Annex C. Reverse shadowing will the monitoring of the
  Contractor activities by the Purchaser for item listed in Annex C.
  

• Whatever the cause or the triggering event
  of the contract coming to an end, the Contractor shall end the execution of the
  contract by implementing the transition-out Handover-Takeover (HOTO) plan. 
  
• The transition-out Handover-Takeover plan to
  be executed for contract closure or contract termination shall include at the
  minimum:
  
• Detailed HOTO schedule with GANTT chart
  
• Transition to The Purchaser of any tools,
  procedures, training and documentation used by The Contractor to execute this
  SOW.
  
• Resources and PFE required from the
  Purchaser for successful execution of HOTO plan
  
  

Requirements

• Cloudflare Security Stack
  
• Web Application Firewall (WAF) Configuration
  
• DDoS Mitigation & Rate Limiting
  
• API Security & Schema Validation (Page
  Shield)
  
• Bot Management
  
• SSL/TLS Management
  
• DNS & CDN Optimization
  
• Security Analytics & Logging
  
• Secure Coding & Vulnerability
  Assessment/Mitigation (WASP top 10)
  
• Incident Response & Troubleshooting
  
• DevOps & Automation - Use Terraform or
  APIs to automate Cloudflare configurations.
  
• Cloudflare Workers and Zero Trust (Bonus)
  

• The support for this work requires expertise
  in performing the following tasks:
  
• Deploy, Configuration, Management, Security
  Operations
  
• Monitoring, Upgrade, Version Control
  

• Analytical Thinking – Ability to analyse
  traffic patterns and identify anomalies or malicious behaviour using
  data-driven insights. 
  
• Troubleshooting & Debugging – Skilled at
  diagnosing and resolving technical issues related to performance, security
  rules, and system errors.
  
• Security Incident Response – Capable of
  quickly responding to and mitigating active security threats without affecting
  legitimate traffic.
  
• Performance Optimization – Identifies and
  addresses performance bottlenecks while balancing security and speed.
  
• Automation & Configuration Consistency –
  Uses Infrastructure as Code to ensure consistent, reliable, and error-free
  deployments.
  
• Risk Assessment & Prioritization –
  Evaluates security risks and prioritizes remediation efforts based on impact
  and urgency.
  

• Experience with IaaC to automate routine
  support tasks.
  
• Proficiency in automation to create
  workflows and automate repetitive processes.
  
• Ability to identify and implement automation
  opportunities to enhance efficiency.
  

• Excellent verbal and written communication
  skills.
  
• Full proficiency in English.
  
• Ability to communicate technical information
  to non-technical users in a clear and concise manner.
  

• Strong customer service focus with a
  commitment to user satisfaction.
  
• Patience and empathy when dealing with user
  issues and concerns.
  

• Ability to manage multiple support tickets
  and prioritize tasks effectively.
  
• Attention to detail in documenting support
  activities and maintaining accurate records.
  
• 8) Team Collaboration:
  
• Ability to work effectively as part of a
  team and share knowledge and resources.
  
• Willingness to collaborate with colleagues
  to solve complex issues.
  

• The candidate has strong customer
  relationship skills, including negotiating complex and sensitive situations
  under pressure.
  
• Full proficiency in the English
  language. 
  
• The candidate must have the nationality of
  one of the NATO nations.