Ethiopia Digital ID for Inclusion and Services Project

Expression of Interest (EOI)

(CONSULTING SERVICES – INDIVIDUAL CONSULTANT)

MOSIP Platform Architect to support the National ID Program at the Digital ID for Inclusion and Services Project (P179040).

The Federal Democratic Republic of Ethiopia,

DIGITAL ID PROJECT

1. Background

In Dec 2023, the Government of Ethiopia and the World Bank Group signed the financial agreement for the Ethiopia Digital ID Project. Digital ID is a USD 350 million, five-year initiative (2023-2029). The Ethiopia Digital ID for Inclusion and Services Project (P179040) will support the Government of Ethiopia (GoE) to roll out Fayda, an inclusive and trusted digital foundational ID system and other digital public infrastructure. The Project will improve access to and delivery of public and private sector services and economic opportunities, especially for the most vulnerable, and to boost national resilience.

The project pursues a holistic and multi-sectoral approach to digital development towards building a safe digital economy through five components. Component 2 focuses on Establishing Scalable and Secure Fayda ICT infrastructure, which includes software and biometric technologies.

2. Objective

NIDP has developed a digital identification platform named Fayda based on the Modular Open Source Identification Platform (MOSIP). The project is ongoing and scaling up its operations. As part of expanding the existing technical capabilities, the NIDP is seeking an experienced MOSIP Platform Architect for hands-on work on the tools and technologies used as building blocks for the IDMS including core service modules and their customizations.  This includes the biometric solutions (hardware and software) at both the client side and server (backend) side.

3. Main Responsibilities

Overall, the Platform Architect will lead and assist the NIDP technical team working on different parts of the platform for developing and integrating efficient components and maintaining a reliable platform. The Platform Architect will also take responsibility that the three key quality requirements of the platform (performance, accuracy and scalability) should be consistently adhered to by all existing and new developments. All shared back end (server side) service components and modules that, already developed and planned, should follow the existing MicroServices Architectural Model followed by container-based implementation targeting a Kubernetes based run time orchestration platform. Accordingly, this role is expected to take the front line in the design and implementation stages of shared services of the platform including their APIs.  Leading the practical work during the preparation of a repeatable model and process for integration with external (relying party) systems as well as solutions delivered by 3rd party solution providers including ABIS.

Specific responsibilities for the Platform Architect will include, but are not limited to, the following activities:

• Review existing customizations and design documents linked to the Fayda IDMS platform against best practices and assist in making the improvements.
• Based on  selected alternative implementation for planned modules (updates), assist the technical team while developing corresponding components and solutions
• Lead the realization/implementation of approved design improvements on different core subsystems of the Fayda platform (such as the Registration Processor, ID Authentication, Key Management, and Data-sharing Infrastructure). This includes making optimizations on the underlying open source technologies such as Kubernetes, Kafka, ActiveMQ, WebSub hub, and PostGreSQL.
• Assist the effort of developing and implementing better alternatives to technologies utilized for tasks outside the main functions such as Messaging, Access control, Auditing, and Printing
• Mentor and equip the senior technical staff on the best practices on the development of efficient and sustainable modules and usable products while adhering to the fundamental design principles of MOSIP (Fayda).
• Practically assist (hands on) the NIDP technical team in maintaining a stable transition to the MOSIP LTS (V1.2) version of the platform. This includes making progressive improvements until the system becomes satisfactorily stable. 
• Lead and implement the effort to make Fayda based third party system authentication (such as “Sign in with Fayda”).
• Develop optimal approaches and tools (solutions) that simplify complexity during integration such as a reference implementation as a lesson for multiple relying parties.
• Assist the technical team to ensure that the time run configuration of modules both on the Kubernetes cluster (eg: # of replicas) and outside of it in terms of proportional instance and cluster composition and distribution.
• Provide Code Review on the modules developed and different teams provided feedback on improvements. 
• Provide hands-on support on the process of establishing a scalable and sustainable ID Authentication subsystem that responds to requests on a near real-time basis.
• To address and realize different scenarios for integration, the Platform Architect will develop/customize integration API’s that can address important variations among registration and authentication partners. 
• Implement approved design improvements on the current partner management module considering all partners other than Relying Parties (such as Authentication Service Providers)
• Directly follow-up the technical team’s day-to-day work and ensure that all technology teams (including database team) develop seamlessly aligned products and through a proper change management process.
• Review and update the technical design documentation of key platform components and their composition towards a harmonized and sustainable solution.
• Ensure the utilization of provided infrastructure from multiple Data Centers and a Local Cloud for better performance and availability of different services of Fayda
• Work closely with the SI, the ABIS Provider as well as client side biometric technology providers to maintain a stable end to end platform while entertaining variations from different vendors.

4. Qualifications Requirements

The ideal candidate for the role of Platform Architect will bring the following competencies and skills:

• Bachelor Degree in a relevant technical discipline, including Computer Science, Computer Engineering, Systems Engineering.
• At least 15 years of comprehensive experience in the Software Industry, specializing in Java technology, coupled with 12+ years of focused expertise in Information & Data Security.
• Possess 4 years of hands-on experience in designing and developing multiple core components within MOSIP and supporting country implementation teams.
• Successful contribution to various biometric based identification projects, including biometric device management (registration and authentication).
• Experience as lead on the development, integration and implementation of an Identification platform based on MOSIP or a similar platform.
• A strong working experience on Agile Project and Program Management Methodologies and experience with relevant tools such as Atlassian Jira and Confluence.
• Demonstrated knowledge on integrating a central identification platform with more than one type of Biometric Kit and multiple ABIS technologies
• Strong familiarity and experience with suppliers and vendors in the digital identification ecosystem.
• Familiarity or experience working on international and donor-funded projects is an asset.
• Working knowledge and expertise on the following Areas, Technologies and tools:

o   Languages: Proficient in Java and Python.

o   Framework: Skilled in Core Spring, Spring Security, and Spring Boot.

o   MVC Architecture: Experienced in both Spring MVC

o   Security Component: Knowledgeable in PKCS11, JCE, JCA, and SSL.

o   Security Scan Tools: Proficient in WebScarab, Fortify, Paros, and Burp Suite.

o   HSM (Hardware Security Modules): Familiar with SafeNet (Luna, PSE2), Thales (nChiper), and AWS CloudHSM (Cavium).

o  Databases: Experienced with Oracle, PostGreSQL, MySQL, MS-SQL Server, and MongoDB.

o   Cloud Technologies: Skilled in AWS services such as VPC, EC2, Lambda, etc.

o   Specific Underlying Technologies: Kubernetes, Docker, Kafka, ActiveMQ, KeyCloak,  WebSub Hub.

5. Duration of Consultancy

The Platform Architect will be recruited for an initial period of one year, renewable on the first anniversary subject to performance and organizational needs.  This is a full-time position based in Addis Ababa, Ethiopia.

6. Remuneration

Attractive/Negotiable and depends on qualification and experience of the candidate.

7. Reporting:

The individual consultant will be directly reporting to the Technical Director of the NIDP.

8. Selection Method

The selection method is based on para 7.36 and 7.37 of the World Bank’s Procurement Regulation. The attention of interested individual is drawn to Section III, paragraphs, 3.14, 3.16, and 3.17 of the World Bank’s “Procurement Regulations for IPF Borrowers” July 2016 (“Procurement Regulations”) revised November 2017, August 2018, September 2023, setting forth the World Bank’s policy on conflict of interest

An individual will be selected in accordance with the Selection of Individual Consultant (Section V) method set out in the Procurement Regulations.

Further information can be obtained, by email or through phone at the address below during office hours from 8:30 AM to 5:30 PM Addis Ababa time.

Applicants should send expressions of interest, together with information demonstrating that they have the required qualification and relevant experience to perform the service (description of similar assignments, experience in similar conditions, qualifications, and so forth) by providing CVs, formal application letter, credentials, and all supporting documents to the below by mail, on or before September 05, 2024.

Federal Democratic Republic of Ethiopia,

National ID Program (NIDP)- Digital ID for Inclusion and Services Project

Attn: Project Management Unit (PMU)

Address: Welosefer Bole, Ethio-China St, Addis Ababa, Ethiopia, INSA Building, 15th Floor

Tele- +251 91 165 5340   E-mail: mesfin@id.gov.et

Addis Ababa, Ethiopia