Tenders Are Invited For Service Provider To Conduct Penetration Testing (Pentesting) To Assess The Resilience Of Its Infrastructure And Applications Against Cyber Threats
Tenders Are Invited For Service Provider To Conduct Penetration Testing (Pentesting) To Assess The Resilience Of Its Infrastructure And Applications Against Cyber Threats
Arab World1,Middle East,Middle East and North Africa, MENA
06-02-2026
Work Detail
Tenders are invited for Service Provider to Conduct Penetration Testing (Pentesting) to Assess the Resilience of its Infrastructure and Applications against Cyber Threats. Given the sensitive nature of financial data and client information, Al Majmoua seeks to engage a qualified service provider to conduct penetration testing (Pentesting) to assess the resilience of its infrastructure and applications against cyber threats. Consultancy Objectives The main objective of this assignment is to perform a thorough external only penetration test to: - Identify vulnerabilities in Al Majmouas IT infrastructure, including cloud and on-prem systems. - Evaluate the resilience of the MajFin MIS and other web applications. - Assess the strength of network configurations, VPNs, and firewalls. - Provide prioritized recommendations for remediation. Scope of work The Pentesting will include, but not be limited to, the following areas: a. Network Penetration Testing - External network penetration test of Azure-hosted systems. - VPN security testing (SSL VPN). - Firewall configuration review b. Application Penetration Testing - Web applications (MajFin MIS, client portals, staff tools). - Authentication and authorization mechanisms. - API security testing - OWASP Top 10 vulnerability testing. c. Infrastructure Security - Azure environment configuration review (IAM, identity protection, MFA, conditional access). Deliverables The service provider will be responsible for the following deliverables: 1. Inception Report (detailing methodology, tools, and testing schedule). 2. Interim Updates (alerts for critical/high vulnerabilities found during testing). 3. Final Report including: - Executive Summary. - Detailed findings with severity ratings (Critical, High, Medium, Low). - Exploited vulnerabilities and proof of concept (screenshots, evidence). - Risk impact assessment. - Recommendations and remediation roadmap. 4. Presentation to Management to summarize findings and answer questions Confidentiality : All findings and data must remain confidential. A Non-Disclosure Agreement (NDA) will be signed before the engagement. Duration of the Assignment The assignment is expected to last 24 weeks from contract signing. The assignment is expected to start mid-February 2026 and end in April 2026. Qualifications and Experience - Proven experience in penetration testing for financial institutions. - Certified professionals (OSCP, CEH, GPEN, CISSP, etc.). - Experience with Microsoft Azure security testing. - Familiarity with hybrid environments (cloud + on-prem). Tender Link : https://www.daleel-madani.org/calls-for-proposal
We takes all possible care for accurate & authentic tender information, however Users are requested to refer Original source of Tender Notice / Tender Document published by Tender Issuing Agency before taking any call regarding this tender.
