Cyber Security Services - Penetration Testing and Vulnerability Assessments
Job Description:
Australian Citizens residing in Australia only respond.
* Contract start 01 November 2023 to 12 months, 2 x 12 months extensions.
* Australian Citizen, Canberra, Offsite (Occasional face to face meetings will be required) role.
The services of a suitably qualified and experienced candidate are required to undertake security testing activities across the portfolio of projects to help understand security vulnerabilities, risks, and/or issues, and where appropriate recommend actions to remediate vulnerabilities and mitigate any risks and issues.
The NDIA is undertaking a number of projects involving development of critical business systems as well as a cloud-based desktop environment.
The successful candidate will provide a mix of vulnerability assessments, penetration testing, and code reviews. The mix of services and detail required will vary with NDIA needs.
Key Deliverables and Acceptance
The services of a suitably qualified and experienced candidate are required to conduct and document a number of Vulnerability Assessments, Penetration Testing, and Code Review activities across the portfolio of projects to help understand any unresolved risks or issues, and where appropriate recommend steps to mitigate those risks and issues. The following two deliverables will be required for each assignment:
The successful candidates will augment the NDIA project team (comprising NDIA engaged resources and external suppliers) and are expected to be available for face-to-face meetings with the NDIA Cyber Security team located in NDIA's premises at 274 Reed St, Greenway, ACT. Remote work offsite in Canberra would be acceptable.
The candidate must demonstrate appropriate technical capability of their personnel to perform cyber security testing. This may include:
* Certified Information Systems Security Professional (CISSP) and/or Security Manager (CISM) accredited staff,
* Experience in a complex cloud and multi-vendor environment,
* Experience applying the Information Security Manual,
* Experience using security tools.
Every application requires addressing selection criteria as part of the application submission.
1. Relevant organisational experience undertaking Vulnerability Assessments and Penetration Testing including Salesforce and cloud-based environment (i.e., such as Microsoft Azure & Amazon Web Services) 40%
2. Relevant technical capability (including working knowledge of ASD's Essential 8 controls and the Information Security Manual) and experience in delivering similar services 25%
#J-18808-Ljbffr