Apply online

Ref.
2025/CTSE/13460

Job offer type
Experts

Type of contract
Service contract

Activity sectors
Système d'information ; Justice

Deadline date
2025/07/10 15:30

Duration of the assignment
Short term

Contract
Freelancer

Duration
8 days

Mission description

EU4Justice, phase II project, funded by the European Union and implemented in Bosnia and Herzegovina, supports the preparation of the introduction of the asset verification system based on the amendments to the HJPC Law, and has been tasked to support the HJPC in enhancing the security and privacy readiness within the HJPC's Assets and Interests Declaration Process (Process).

As per its Work Plan, the Project has conducted a review of existing security audit and risks assessment reports at the HJPC and submitted a preliminary high level assessment report, outlining key findings, recommendations, and areas for deeper investigation.

Based on the above preliminary high level assessment findings, and with support from the Project, the HJPC, with a selected Judicial Institution, has to evaluate and report on the security posture of the process when accessed from external judicial institutions to the HJPC, that are accessing the Process using a secured network. This to be performed by planning and conducting a penetration testing that identify vulnerabilities and deficiency in security measures and controls when access the process from external judicial institutions to the HJPC, and implement the correction measures and controls accordingly.

To support the efficient and good-quality delivery of the above-described activity, the Project decided to assign an international expert, with expertise in cybersecurity and penetration testing, vulnerability assessment, and network and systems security, also in planning, conducting, reporting and debriefing on the findings and the correction measures.

The assignment is expected to apply the following purposes:

·         Assess the external (from selected judicial institutions) /internal security posture of the Process by identifying vulnerabilities in the network, infrastructure, and system components.

·         Perform an external (from selected judicial institutions) and internal penetration test using the industry standards tools and technologies.

·         Identify misconfigurations, security gaps, and weaknesses in firewalls, authentication mechanisms, and encrypted connections in relation to the Process.

·         Assess the Process resilience against unauthorized access, exploitation, and cyber threats.

·         Provide a detailed vulnerability report with risk classifications and recommended corrective measures.

 

Expected results of the assignment

The results expected to be achieved from accomplishing the pursued assignment are summarized as follows:

·         Enhancing the security and privacy readiness within the Process.

·         Ensuring compliance with the Law on the HJPC and the Book of Rules and Principles regulating the Process security and privacy requirements.

 

Description of the assignment

Assignment activities:

Under direct supervision of the Activity Leader, the International Short-Term Expert and following the industry best practices, will conduct the following main tasks:

1)      Plan and discuss the assignment with the Project and the HJPC.

2)      Conduct a joint advanced security assessments and penetration testing from selected external judicial Institutions to assess the effectiveness of the existing measures and report on security weaknesses or deficiency including severity scores, and plan correction measures. An Executive summary report should be developed as a non-technical version of findings for management review.

3)      Present and discuss the report, with the Project and the HJPC, and collect their feedback and take them into consideration to provide a revised version of the report.

4)      Draft and submit a report on the activity to the Project.

Assignment deliverables:

Deliverables

Provisional timetable

Estimated required days

1.       Assignment joint-planning with the Project and the HJPC, outlining the methodology and timetable, tools, and testing scope.

July 21th, 2025

2 days

2.       A revised targeted external penetration testing and security assessment complementary report from external judicial institutions, outlining the necessary technical recommendations for enhancing system/network security posture related to the Assets Declaration and Verification Process. An Executive Summary Report should be developed as a non-technical version of findings for management review.

July 29th, 2025

5 days

3.       Mission report on the activity produced and submitted to the Project

July 31th, 2025

1 day

 

Project or context description

As applicant for EU membership, Bosnia and Herzegovina (‘BiH’) is expected to meet EU justice standards as provided for by several of the 14 key priorities for membership and recalled by the EU Commission in its 2018 Western Balkan Strategy.

 

BiH’s complex and fragmented institutional structure has led the country to a difficult situation, in particular regarding rule of law. No recent progress was made in this field and “lack of commitment to judicial reform from political actors, and the poor functioning of the judicial system continued to undermine the citizen’s enjoyment of rights and the fight against corruption and organised crime”.

 

The cross-cutting objective of this action is to share practical methods with the High Judicial and Prosecutorial Council of BiH (the ‘HJPC’) and other justice sector institutions in BiH in order to increase its capacities to implement its mission to ensure independence and professionalism of the judiciary, promote judicial reform, and enhance the country’s response to organised crime and corruption.

 

This Action aims to support the BiH justice sector in carrying out these changes in order to align the functioning of the BiH judiciary with EU rule of law standards by enhancing professionalism, efficiency and transparency of the BiH justice system for the final benefit of BiH citizens. 

 

Project title: EU4Justice – Phase II

»             Implementation dates: 1/12/2022-30/11/2025

»             Location / intervention areas: Bosnia and Herzegovina – Justice sector

Required profile

Job Outline: The cybersecurity and penetration testing expert is the expert required to complete the joint advanced security assessments and penetration testing from selected Institutions to assess the effectiveness of the existing measures and report on security weaknesses or deficiency and plan correction measures in the Process.

 

Cybersecurity – penetration testing Expert

 

Qualifications and skills:

         Holder of a master degree in Cybersecurity, Computer Science, Computer & Communication Engineering or other related area;

         Holder of professional certificate in areas related to cybersecurity and penetration testing and technologies is a big plus, namely in Offensive Security Certified Professional, Certified Ethical Hacker, Certified Information Systems Security Professional, or GIAC Penetration Tester;

         Strong knowledge of vulnerability scanning and assessment techniques, exploitation framework usage, including launching controlled simulated attacks, in network mapping and port scanning, in packet capture and traffic analysis and in web application security testing

         Excellent report-writing skills and the ability to present assessment findings to both technical and non-technical stakeholders

 

Technical competences and experience

         Competences in passive and active reconnaissance to gather system and network details

         Competences in vulnerability scanning, including network infrastructure scanning, firewalls, VPNs, and web applications for known vulnerabilities.

         Competences in identify unpatched software, misconfigurations, weak authentication methods, and insecure services.

         Competences in exploitation testing, and simulating real-world attack scenario.

         Competences in post-exploitation, escalating privileges and lateral movement analysis.

         A minimum of 5 years of experience in penetration testing and ethical hacking in relation to this assignment.

         Several experiences conducting security assessments and penetration testing in compliance with ISO 27001:2022, NIST 800-115, or OWASP standards.

         Previous experience in the public sector is considered an asset.

         Previous experience in BiH and the Western Balkans is considered an important asset.

 

Ethical Considerations: The Cybersecurity – penetration testing Expert will be required to sign a Non-Disclosure Agreement (NDA) to protect the confidentiality of the HJPC’s data and infrastructure details and responsibility of damage generated by this assignment. All findings and reports will remain the property of the HJPC.

Selection criteria for applications

The selection process for candidates will be based on the following criteria :

  • Candidate’s experiences linked with the expert mission

Deadline for application : 2025/07/10 15:30

File(s) attached : A2.1.2 ToR CyberSecurityPenTestExpert_July 2025_v0.5.pdf

Expertise France is the public agency for designing and implementing international technical cooperation projects. The agency operates around four key priorities :

  • democratic, economic, and financial governance ;
  • peace, stability, and security ;
  • climate, agriculture, and sustainable development ;
  • health and human development ;

In these areas, Expertise France conducts capacity-building initiatives and manages project implementation, leveraging technical expertise and acting as a project coordinator. This involves combining public sector expertise with private sector skills to drive impactful results. 

This website uses cookies to ensure that we give you the best experience on our website. If you continue we assume that you consent to receive all cookies on all websites.
For further information, please click here >>.