This project is to develop a web based compliance portal for companies that are required to comply with standards such as SOXS, HIPPA, PCI DSS, GLBA, COBIT or ISO 17799. We are looking for a web developer/team with a proven track record in creating modular portal based websites. The website will be a functional business tool and therefore must be as responsive as a traditional thick client application. Use of asynchronous and dynamic coding techniques such as AJAX will be required. The design of the portal must be documented in a formal way such as MVC or UML. The portal should be built on a modular framework allowing for the easy addition of new modules – both internally developed or developed by third parties. This may mean using an SOA architecture. The language and platform are not set so the developer/team will have constructive input into those decisions. The portal will require user input (usually text) in many locations so integrating the portal with a backend database will be required. The portal will also need to be able search, retrieve and display this data in a user friendly and intelligent way.
The overall design and look of the portal will be reviewed by a graphic designer who may provide example bitmap templates of how screens should look like from aesthetic perspective. The graphic designer may provide these templates in advance or after reviewing portions of the portal that have already been developed. This may result in some iteration to the look and feel of the portal.
- Must be capable of working independently and solving problems as they arise requiring minimal management involvement.
- Must be fully fluent in English (writing, reading, speaking)
- Must have high-speed connection, computer and software.
- Must have Skype to communicate on a regularly basis, or as needed.
- Must produce design documentation as part of the delivery.
- Must be creative and capable of solving problems
- Must write clean code (well commented)
- A formal job interview via Skype will be required prior to hire.
- An NDA/Non-Compete will be required if selected.
- Please provide a schedule of your availability.
- Please provide any links necessary to confirm your experience.
- Please provide 3 references (name telephone address) that you have done contract work for in the last 12 months.
Non Functional Requirements
Configuration – Ensure that essential and critical configuration parameters are configurable and not hard coded. Provide a standardized method for configuration management, storage and user friendly GUI and text based accessibility.
Language – Design the portal so it is easy to translate both the static and dynamic content into many different languages.
Confidentiality – Since the portal is a shared platform ensure that by design there is strict separation of data and access between users. This can be further enforced through the use of encryption and hashing.
User Access – The portal must be designed to use a role based access mechanism and access to all content in the portal must be capable of being enforced with the chosen mechanism.
Scalability - Ensure that with minimal modifications to the systems technologies such as load balancing, clustering or DR site can be easily achieved.
Security – Knowledge of the OWASP Top Ten project and demonstration that secure coding and development methodologies are used. Regression and other testing that validates the security assumptions in the design must be conducted.
Continuity – Select products and technologies, which are industry standard and widely deployed, have an active support community in their respective industry and arena.
Upon successfull completion of the inital framework and modules there is scope for further development and expansion of the portal as a addtional project.
Added sequence diagrams and use case examples document to help scope the time frame, resources and development tools.