OverviewCyber Security Services - Penetration Testing and Vulnerability AssessmentsAustralian Citizens residing in Australia only respond.EngagementContract start 01 November **** to 12 months, with 2 x 12 months extensions.
Australian Citizen, Canberra, Offsite (Occasional face to face meetings will be required) role.ResponsibilitiesThe services of suitably qualified and experienced candidates are required to undertake security testing activities across the portfolio of projects to help understand security vulnerabilities, risks and issues, and where appropriate recommend actions to remediate vulnerabilities and mitigate risks and issues.The NDIA is undertaking a number of projects involving development of critical business systems as well as a cloud-based desktop environment.The successful candidate will provide a mix of vulnerability assessments, penetration testing and code reviews.
The mix of services and detail required will vary with NDIA needs.DeliverablesKey Deliverables and Acceptance: conduct and document Vulnerability Assessments, Penetration Testing and Code Review activities across the portfolio of projects to help understand any unresolved risks or issues, and where appropriate recommend steps to mitigate those risks and issues.
The following deliverables will be required for each assignment:The successful candidates will augment the NDIA project team (comprising NDIA engaged resources and external suppliers) and are expected to be available for face-to-face meetings with the NDIA Cyber Security team located at NDIA premises at 274 Reed St, Greenway, ACT.
Remote work offsite in Canberra would be acceptable.The Candidate must demonstrate appropriate technical capability to perform cyber security testing.
This may include:Certified Information Systems Security Professional (CISSP) and/or Security Manager (CISM) accredited staffExperience in a complex cloud and multi-vendor environmentExperience applying the Information Security ManualExperience using security toolsQualifications / Selection CriteriaEvery application requires addressing the selection criteria as part of submission.Relevant organisational experience undertaking Vulnerability Assessments and Penetration Testing including Salesforce and cloud-based environments (e.g., Microsoft Azure & Amazon Web Services) 40%Relevant technical capability (including working knowledge of ASD's Essential 8 controls and the Information Security Manual) and experience in delivering similar services 25%
#J-*****-Ljbffr