External Penetration Testing of Web Application and Network Infrastructure tender at Irembo Ltd
Website :
108 Days Ago
Linkedid Twitter Share on facebook

Request for Proposal (RFP) - External Penetration Testing of Web Application and Network Infrastructure.

1. Introduction:

Irembo Ltd is a technology company in the gov-tech and fin-tech spaces that designs and develops digital products focused on users in Africa, starting with Rwanda.

At Irembo, we recognize the importance of proactive cybersecurity measures and undergo an annual external penetration test to understand our security posture.  To achieve this, we are seeking proposals from qualified and experienced cybersecurity firms to conduct an external penetration test on our web application and infrastructure. The objective is to identify vulnerabilities, assess risks and provide recommendations for improving our security posture.

2. Scope of Work

  • Conduct a comprehensive Web Application & API Penetration Test
  • Conduct an External Network Penetration Test

Provide detailed reports from the above which should include:

  • An executive summary
  • Technical findings with severity ratings
  • Proof-of-concept for identified vulnerabilities
  • Risk assessment and Impact analysis
  • Tools and methodologies (commands, etc) used during the engagement
  • Remediation recommendations
  • All test cases considered during the engagement and findings

3. Requirements

The Proposal shall contain the following:

Letter of Technical Proposal Submission

Methodology

  • Methodology of how each test in scope will be carried out, including a graphical representation of your network and application penetration test methodology
  • The portion of testing that is manual as opposed to automated testing
  • The minimum number of hours to be performed on each testing activity
  • Graphical representation of network and application testing methodology

Company profile including, but not limited to, the following details

  • Number of years of experience in Security Testing and relevant consultation services (Vulnerability Analysis, Penetration Testing, Social Engineering, Red Teaming, technical audits, assessments, training, and forensics) to Essential Service providers and Critical Infrastructure Institutions  
  • Past Experience with projects of Security Testing and relevant consultation services (Vulnerability Analysis, Penetration Testing, Social Engineering, Red Teaming, technical audits, assessments, training, and forensics) to Institutions  
  • Certified resources on payroll
  • Comprehensive details of bidder, present clientele, and projects of comparable stature;
  • A redacted copy of previous penetration test reports (Web Application and External Network)
  • The details of the team assigned to the project
  • Suggested timelines

The selected bidder must possess at least ten (10) years of experience providing the proposed IT security assessment consulting services for critical infrastructure and experience with large organisations in government and private industries.

The selected bidder must demonstrate that their staff collectively possess recent experience conducting IT security assessment services described below:

  • Vulnerability Assessments: Demonstrated experience in leading and participating in vulnerability assessments that include web applications, networks, and source code Qualifications should consist of combinations of the following certifications:
  • The number of certified professional Certified resources on the payroll as mentioned below:  Licensed Penetration Tester (LPT) / Certified Ethical Hacker (CEH) / Computer Hacking Forensic Investigator (CHFI) / Certified Information Systems Security Professional (CISSP) / GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) / Offensive Security Certified Expert (OSCE)/ Offensive Security Certified Professional (OSCP) / Offensive Security Exploitation Expert (OSEE) / Offensive Security Web Expert (OSWE) / GIAC Penetration Tester (GPEN) / GIAC Web Application Penetration Tester (GWAPT) / Certified Expert Penetration Tester (CEPT) certified / Certified Information System Auditor (CISA)

The selected bidder shall certify that no Respondent employee providing services to the state shall have been convicted of (a) a felony; or (b) a misdemeanour involving violence, sexual misconduct, or dishonesty. A Respondent who does not meet these minimum qualifications will be deemed nonresponsive and not receive further consideration. 

4. Deliverables

The successful bidder will be required to submit the following after the engagement.

  • A detailed report with security status and discovered vulnerabilities, weaknesses, and misconfigurations with associated risk levels and actions for risk mitigation.
  • A presentation of findings to key stakeholders
  • Retesting after remediation efforts

SUMMARISED TABLE FOR REQUIREMENTS & MARKS  

REQUIREMENTS

DESCRIPTION

MARKS

Company profile – 50PTS

Experience in Security Testing and relevant consultation services

10 years of experience in Security Testing and relevant consultation services (Vulnerability Analysis, Penetration Testing, Social Engineering, Red Teaming, technical audits, assessments, training, and forensics) to Essential Service providers and Critical Infrastructure Institutions  

15Pts

Reference of projects of Security Testing and relevant consultation services

Past Experience with projects of Security Testing and relevant consultation services (Vulnerability Analysis, Penetration Testing, Social Engineering, Red Teaming, technical audits, assessments, training and forensics) to Institutions  

10Pts

A redacted copy of previous penetration test reports (Web Application and External Network)

 

15Pts

The details of the team assigned to the project

Certified resources on payroll Comprehensive details of the bidder, present clientele, and projects of comparable stature

5Pts

Suggested timelines

 

5Pts

Team breakdown (certified professional certified resources) -  20PTS

Certified Ethical Hacker (CEH)

 

1Pt

Certified Information Systems Security Professional (CISSP)

 

1Pts

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN

 

2Pts

Offensive Security Certified Expert (OSCE)

 

3Pts

Offensive Security Certified Professional (OSCP)

 

2Pts

Offensive Security Exploitation Expert (OSEE)

 

2Pts

Offensive Security Web Expert (OSWE)

 

3Pts

GIAC Penetration Tester (GPEN)

 

2Pts

GIAC Web Application Penetration Tester (GWAPT)

 

3Pts

Certified Expert Penetration Tester (CEPT) certified

 

1Pts

METHODOLOGY – 20PTS

Methodology of how each test in scope will be carried out

 

10Pts

The portion of testing that is manual as opposed to automated testing

 

3Pts

Minimum number of hours to be performed on each testing activity

 

2Pts

Graphical representation of network and application testing methodology

 

5Pts

TOTAL

100 POINTS

 All qualified and interested bidders should submit their proposals electronically through Irembo’s e-procurement portal no later than 30th September 2024 at 5 PM. Consulting firms will be required to sign up or register if they don’t have an account already. This tender is listed under the “IT Hardware and Software” service category; be sure to include it on your profile. 

After registration, our team will review your profile. You will only be allowed access after your account has been approved.

Upon successful login, navigate to “Tenders” and locate Tender Number 1100012. More guidelines can be found on the signup page. All inquiries related to this tender are to be addressed to procurement@irembo.com 5 calendar days before the bidding deadline.

Job Info
Job Category: Tenders in Rwanda
Job Type: Full-time
Deadline of this Job: Monday, September 30 2024
Duty Station: Kigali
Posted: 09-09-2024
No of Jobs: 1
Start Publishing: 09-09-2024
Stop Publishing (Put date of 2030): 09-09-2064
Apply Now
Notification Board

Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.

Caution: Never Pay Money in a Recruitment Process.

Some smart scams can trick you into paying for Psychometric Tests.