Cyber Security Services - Penetration Testing And Vulnerability Assessments

Australian Citizens residing in Australia only respond. Contract start 01 November 2023 to 12 months, 2 x 12 months extensions. Australian Citizen, Canberra, Offsite(Occasional face to face meetings will be required) role. Send your responses to ****** Overview The services of a suitably qualified and experience Candidates are required to undertake security testing activities across the portfolio of projects to help understand security vulnerabilities, risks and/or issues, and where appropriate recommend actions to remediate vulnerabilities and mitigate any risks and issues. The NDIA is undertaking a number of projects involving development of critical business systems as well as a cloud-based desktop environment. The successful Candidate will provide a mix of vulnerability assessments, penetration teste and code reviews. The mix of services and detail required will vary with NDIA needs. Key Deliverables and Acceptance The services of a suitably qualified and experience candidates are required to conduct and document a number of Vulnerability Assessments, Penetration Testing and Code Review activities across the portfolio of projects to help understand any unresolved risks or issues, and where appropriate recommend steps to mitigate those risks and issues. The following two deliverables will be required for each assignment: The successful candidates will augment the NDIA project team (comprising NDIA engaged resources and external suppliers); and are expected to be available for face-to-face meetings with the NDIA Cyber Security team located in NDIAs premises at 274 Reed St, Greenway, ACT. Remote work offsite in Canberra would be acceptable. The Candidate must demonstrate appropriate technical capability of their personnel to perform cyber security testing. This may include: Certified Information Systems Security Professional (CISSP) and/or Security Manager (CISM) accredited staff, Experience in a complex cloud and multi-vendor environment, Experience applying the Information Security Manual, Experience using security tools, Every application requires to address selection criteria as part of application submission. Essential Criteria 1. Relevant organisational experience undertaking Vulnerability Assessments and Penetration Testing including Salesforce and cloud-based environment (i.e such as Microsoft Azure & Amazon Web Services) 40% 2. relevant technical capability (including working knowledge of ASDs Essential 8 controls and the Information Security Manual) and experience in delivering similar services 25%