Cyber Security Services - Penetration Testing And Vulnerability Assessments

Cyber Security Services - Penetration Testing and Vulnerability Assessments

Overview

Australian Citizens residing in Australia only respond.

Responsibilities

• Undertake security testing activities across the portfolio of projects to understand vulnerabilities, risks and issues, and recommend actions to remediate vulnerabilities and mitigate risks as appropriate.
• Conduct vulnerability assessments, penetration testing and code reviews; the mix of services and detail required will vary with NDIA needs.
• Augment the NDIA project team and be available for face-to-face meetings with the NDIA Cyber Security team located on NDIA premises; remote work offsite in Canberra would be acceptable.
• Document Vulnerability Assessments, Penetration Testing and Code Review activities across the portfolio of projects and report unresolved risks with recommended mitigation steps.

Engagement details

• Contract start 01 November 2023 to 12 months, with 2 x 12 months extensions.
• Location: Canberra, Offsite (occasional face-to-face meetings required).

Candidate requirements

• Certified Information Systems Security Professional (CISSP) and/or Security Manager (CISM) accredited staff or equivalent.
• Experience in a complex cloud and multi-vendor environment.
• Experience applying the Information Security Manual.
• Experience using security tools.

Selection criteria

1. Relevant organisational experience undertaking Vulnerability Assessments and Penetration Testing including Salesforce and cloud-based environments (e.g., Microsoft Azure & Amazon Web Services).
2. Relevant technical capability (including working knowledge of ASD Essentials 8 controls and the Information Security Manual) and experience in delivering similar services.