Skip to main content

Pentesting

Given the sensitive nature of financial data and client information, Al Majmoua seeks to engage a qualified service provider to conduct penetration testing (Pentesting) to assess the resilience of its infrastructure and applications against cyber threats.

Consultancy Objectives

The main objective of this assignment is to perform a thorough external only penetration test to:

- Identify vulnerabilities in Al Majmoua’s IT infrastructure, including cloud and on-prem systems.

- Evaluate the resilience of the MajFin MIS and other web applications.

- Assess the strength of network configurations, VPNs, and firewalls.

- Provide prioritized recommendations for remediation.

Scope of work

The Pentesting will include, but not be limited to, the following areas:

             a. Network Penetration Testing

- External network penetration test of Azure-hosted systems.

- VPN security testing (SSL VPN).

- Firewall configuration review

b. Application Penetration Testing

- Web applications (MajFin MIS, client portals, staff tools).

- Authentication and authorization mechanisms.

- API security testing

- OWASP Top 10 vulnerability testing.

c. Infrastructure Security

- Azure environment configuration review (IAM, identity protection, MFA, conditional access).

Deliverables

The service provider will be responsible for the following deliverables:

1. Inception Report (detailing methodology, tools, and testing schedule).

2. Interim Updates (alerts for critical/high vulnerabilities found during testing).

3. Final Report including:

   - Executive Summary.

   - Detailed findings with severity ratings (Critical, High, Medium, Low).

   - Exploited vulnerabilities and proof of concept (screenshots, evidence).

   - Risk impact assessment.

   - Recommendations and remediation roadmap.

4. Presentation to Management to summarize findings and answer questions

Confidentiality :

All findings and data must remain confidential. A Non-Disclosure Agreement (NDA) will be signed before the engagement.

Duration of the Assignment

The assignment is expected to last 2–4 weeks from contract signing.

The assignment is expected to start mid-February 2026 and end in April 2026.

Qualifications and Experience

- Proven experience in penetration testing for financial institutions.

- Certified professionals (OSCP, CEH, GPEN, CISSP, etc.).

- Experience with Microsoft Azure security testing.

- Familiarity with hybrid environments (cloud + on-prem).

 

Call Type
Call for Consultancies
Remuneration Range
3000 to 4000 (USD)
Intervention Sectors
Science & Technology
Duration of Contract
3 Months
How to Apply

Application Process

Interested candidates should submit the following:

  • A brief cover letter explaining their interest and qualifications for the role.
  • Company profile and relevant certifications.
  • Detailed Technical proposed approach (methodology, tools, work plan).
  • Work plan with timelines.
  • Financial proposal (itemized costs)
  • References from at least 3 organizations of similar scope.
  • References from previous clients.
  • Registration Fiscal number.

A financial proposal using the table below along with the suggested split of payments

No.

Description

Rate in USD

1

Consultancy fees

 

Noting that: If the consultant does not have a fiscal number, Al Majmoua will deduct the consultancy tax for a percentage of 8.5% from the consultancy fees.

 

 

 

Total

 

 

Please fill the table taking into  consideration all points related to the application process and send your offer back to us by COB Friday the 6th of February 2025 by mail to procurement@almajmoua

You can address questions for clarifications at the following email address procurement@almajmoua.org until the 30th of January 2026

Deadline
Countries
Lebanon