Given the sensitive nature of financial data and client information, Al Majmoua seeks to engage a qualified service provider to conduct penetration testing (Pentesting) to assess the resilience of its infrastructure and applications against cyber threats.
Consultancy Objectives
The main objective of this assignment is to perform a thorough external only penetration test to:
- Identify vulnerabilities in Al Majmoua’s IT infrastructure, including cloud and on-prem systems.
- Evaluate the resilience of the MajFin MIS and other web applications.
- Assess the strength of network configurations, VPNs, and firewalls.
- Provide prioritized recommendations for remediation.
Scope of work
The Pentesting will include, but not be limited to, the following areas:
a. Network Penetration Testing
- External network penetration test of Azure-hosted systems.
- VPN security testing (SSL VPN).
- Firewall configuration review
b. Application Penetration Testing
- Web applications (MajFin MIS, client portals, staff tools).
- Authentication and authorization mechanisms.
- API security testing
- OWASP Top 10 vulnerability testing.
c. Infrastructure Security
- Azure environment configuration review (IAM, identity protection, MFA, conditional access).
Deliverables
The service provider will be responsible for the following deliverables:
1. Inception Report (detailing methodology, tools, and testing schedule).
2. Interim Updates (alerts for critical/high vulnerabilities found during testing).
3. Final Report including:
- Executive Summary.
- Detailed findings with severity ratings (Critical, High, Medium, Low).
- Exploited vulnerabilities and proof of concept (screenshots, evidence).
- Risk impact assessment.
- Recommendations and remediation roadmap.
4. Presentation to Management to summarize findings and answer questions
Confidentiality :
All findings and data must remain confidential. A Non-Disclosure Agreement (NDA) will be signed before the engagement.
Duration of the Assignment
The assignment is expected to last 2–4 weeks from contract signing.
The assignment is expected to start mid-February 2026 and end in April 2026.
Qualifications and Experience
- Proven experience in penetration testing for financial institutions.
- Certified professionals (OSCP, CEH, GPEN, CISSP, etc.).
- Experience with Microsoft Azure security testing.
- Familiarity with hybrid environments (cloud + on-prem).
Application Process
Interested candidates should submit the following:
- A brief cover letter explaining their interest and qualifications for the role.
- Company profile and relevant certifications.
- Detailed Technical proposed approach (methodology, tools, work plan).
- Work plan with timelines.
- Financial proposal (itemized costs)
- References from at least 3 organizations of similar scope.
- References from previous clients.
- Registration Fiscal number.
A financial proposal using the table below along with the suggested split of payments
No.
Description
Rate in USD
1
Consultancy fees
Noting that: If the consultant does not have a fiscal number, Al Majmoua will deduct the consultancy tax for a percentage of 8.5% from the consultancy fees.
Total
Please fill the table taking into consideration all points related to the application process and send your offer back to us by COB Friday the 6th of February 2025 by mail to procurement@almajmoua
You can address questions for clarifications at the following email address procurement@almajmoua.org until the 30th of January 2026