Near East Foundation
Assignment: VAPT Service
Introduction and Background
The Near East Foundation (NEF) is seeking qualified candidates and firms for a Vulnerability Assessment & Penetration Testing Service (VAPT) to NEF Lending Management System (LMS).
For 100 years, the Near East Foundation (NEF) has worked to build more sustainable, prosperous, and inclusive communities in the Middle East, Caucasus, and Africa through education, governance, and economic development initiatives. Working through a network of country offices and local partners, NEF currently has operations in nine countries: Armenia, Jordan, Lebanon, Iraq, Mali, Morocco, Palestine, Sudan, and Syria. Its programs are organized around three themes: Peacebuilding through Economic Cooperation, Climate-resilient Agriculture, and Microenterprise Development. More information on NEF’s and its affiliates’ work and geographic focus can be found on NEF’s website: www.neareast.org.
NEF has developed an end-to-end LMS to automate the full lending cycle from creating application, processing approvals, disbursing the loans, then processing repayments, along with other post-disbursement actions. In addition, the LMS securely manager loan applicants’ information and accurately monitor the quality of loan portfolio with real-time data.
The LMS is hosted on cloud servers and provides two main functions: workflow management and reporting function. It is currently used to support different lending programs (users are located in different countries).
The Vulnerability Assessment and Penetration Testing is intended to provide us with an assessment of the system security profile and a thorough analysis to identify vulnerabilities, weakness, gaps with best practices, and exploitable flaws that might pose threats to the system along with risks associated with these threats. And to recommend remedial solutions for these threats. The service must be conducted according to the industry best standards, including but not limited to, OWASP standards.
- Work plan (to be submitted before commencing with task).
- Executive report.
- Detailed report including at least the following:
- Main findings, observations, and current security status.
- Risks associated with the reported vulnerabilities and weakness.
- Recommendations and corrective measurements.
- Suggestion for financial industry best practices.
- Post corrections assessment.
- Experience in cybersecurity solutions, IT audit and security testing.
- A portfolio of at least three similar projects, preferably with financial services institutions.
- Technical team to be certified with professional certificates such as:
- Certified Ethical Hacker
- Certified Licensed Penetration tester
- Offensive Security Certified Professional
- Certified Information Systems Auditor
- Experience in cloud-based solutions.
- Familiarity with international data privacy and transfer laws and regulations (e.g., GDPR).
- Excellent written and verbal communication skills in English and Arabic.
How to apply
Please apply by submitting the following information, combined into a single file, on the Near East Foundation careers page no later than December 27, 2021: https://neareast.bamboohr.com/jobs/view.php?id=180
- Cover letter outlining all relevant experience and availability.
- Technical proposal to describe the service and scope of work.
- Financial proposal (in USD, including estimated costs of retesting after deploying the recommended corrections.
- Curriculum Vitae of key personnel.
- List of three references from similar projects, including email addresses and telephone numbers.
Kindly note only finalists will be contacted.
Applicants are strongly encouraged to familiarize themselves with the Near East Foundation and its affiliates by visiting the NEF website (www.neareast.org).
All data and information related to the service must be kept confidential and not transferred, published, shared, and/or disseminated to any third part unless with Near East Foundation written permission.