Job description:
Overall mission description
We are now looking for an IT security special to the Pension Authority.
The mission includes:
Penetration testing and security reviews of systems, applications, clients and IT infrastructure. During the contract period, various orders for penetration tests are made based on the need. The assignments can be delivered as an individual consultant or as a consulting team.
Enter the scope of the assignment: 500 hours distributed over the contractual period in agreement with the client, hours may be added during the contract period as agreed.
Consultants to be reported with CV:
- Out of the combined delivery capacity, at least five consultants shall be presented with CV, which together has documented experience of delivering solutions in all reported requirements under paragraphs above.
“If the overall delivery capability can demonstrate documented experience in delivering solutions, it is advantageous.
- At least two of the consultants shall be on level five, at least three shall be on level four.
Presentation of the Supplier/Company:
- The supplier shall present the company and their operations
- The supplier should have a high delivery capacity, explaining the number of penetration test consultants
• Scale requirements
The contract from KeyMan must be signed directly with the company the consultant is employed in (no other permitted by PM)
In addition to the basic requirements that apply according to consultancy level five, the consultant must: – Be the principal contact person and principal conductor of the assignment. – Be able to support consultancy level 3 or 4 for less demanding assignments in agreement with the client.
Have at least 3 years of documented experience in security verifications, security reviews, third party providers, scans, penetration tests. – At least 2 years of documented experience in front-end web development framework Java and .NET, JavaScript, http, HTTPS and HTML
In addition to the basic requirements that apply according to consultancy level four, the consultant must have: – at least 2 years of documented experience in security verifications, security reviews, third party providers, scans and penetration tests – at least 1 year documented experience in front-end web development framework Java and .NET, JavaScript, http, HTTPS and HTML
All consultants shall be Ethical Hacker CEHv9 certified or equivalent.
DoD/Leverabler: Digital list to be transferred with high security, as agreed, to the Pensions Authority over found vulnerabilities, deficiencies, bugs, defects configurations, etc. listed in severity.
The vulnerabilities, deficiencies, bugs, defect configurations shall have an explanatory text on the probable/common cause they arise and recommended action. – Documentation on which tests/scenarion have been tested but not given anything to note.
Delivery as soon as possible or as agreed with the client. – Report and presentation of observations including advice and proposals for improvement
• Shoulder requirements
Other requirements
Victims of this mission must be submitted via KeySourcing Tool. Answers via email will receive limited feedback
Attach CV to SVENSKA in Wordformat under the Document tab. CV is an important part of the evaluation of the consultant. It shall clearly demonstrate that the consultant has the skills and experience required for the current assignment.
Please describe in “Comments” in the different requirements how the consultant meets the different requirements.
The assignment requires the consultant to be a Swedish citizen
Register control level 2 (SUA) of the consultant will be conducted. See info in attached documents
Complies with the consulting company with all points in Chapter 13. LOU according to the excerpt from LOU 2016:1145?
Offered hourly rate shall include all costs, such as travel
- and travel time and other costs related to the consultant's stay in Stockholm.
The supplier certifies that the consultant
- and liability insurance covers this type of assignment under industry standards
Personal characteristics
🙂 Other information
Option for extension at the end of December 31, 2027.
The contract shall, without exception, and regardless of the structure of the company, be subscribed between KeyMan AB and the company where the consultant performing/offered/delivered to the assignment has his or her employment. This is a requirement from the Pensions Authority due to the register control (SUA).
For information on Chapter 13 LOU, see attached documents.
In Annex I, ‘General Conditions Consulting Agreement KeyMan AB Rev. D, 2022-01-25’, the point ‘Customer Processing’ is deleted. This does not apply to this mission.
For any questions please contact Ellinor Jakobsson, mobile number 072-529 43 56
* **