A government department requires the services of Security Penetration Tester – Offsite. Candidate must be Australian citizen.
The Department is seeking independent security penetration testing of a new online portal and related services ahead of launch to a live environment. The penetration test shall take a ‘black box’ approach to test the relevant digital assets where the penetration tester has no previous information about the target system.
The supplier will be required to provide the following:
• A plan for the penetration test, ensuring that required services and digital assets are sufficiently defined and understood.
• An initial penetration test, followed by the preparation and provision of a report detailing the vulnerabilities and issues ranked by criticality, and recommendations on remediation steps.
• A second retest to be undertaken at a time after the remediation work has been completed. The scope of the penetration test shall cover: The new Portal and all related digital assets, including:
• Account registration
• Portal dashboard
• Application guidance tool
• Case search tool
• Case details screen
• Documents storage and access from the Portal
• Account settings screen and password reset features
• A document submission service
• Integration of a number of online forms
• An online lodgement form
• A new landing page that houses the online services. Due to the nature of the work it is expected that the testing will be undertaken offsite. However, meetings may be onsite in one of the office. The department has offices in most major capital cities in Australia.
1. Demonstrated experience in the delivery of quality security penetration testing services.
2. Awareness of, and adherence to, industry best-practice standards.
3. Have an understanding of the technical landscape in which the work will be carried out. Qualifications 4. Formal security qualifications but not limited to (CISSP, CEH, GIAC)
5. Quote is proportional to the scope of work and consistent with industry rate.
• Cultural Fit and Communication
6. Ability to work with AAT representatives to deliver the stated objectives.
7. Preparation of a well-documented written report that contains:
- Issues and vulnerabilities ranked by criticality.
- Potential impact of identified issues and vulnerabilities.
- Actionable outcomes. 8. Evidence of cleared police background check
Australian Citizens only.
Length of Contract: 10 days
The role closes 2pm 6th December 2019