- Contract period: 3 to 6 months
- Location: NSW, VIC
- Security: AGSVA Baseline clearance
- hold a Baseline clearance or higher
- be CREST certified
- be named
- sign Deeds of confidentiality agreements
- be Located onshore in Australia
SoftLabs is seeking a CREST certified Penetration Tester for ICT Labour hire at their technology consulting based in Canberra and Vitoria
Testing approach:
The testing will be performed as a grey box testing approach
The testing should seek to validate the following criteria:
- Event logs are correctly generated to detect unwanted behaviour performed by testing, and are recorded within the AAT logging mechanism
- Event logs generation, transfer and processing is immutable (i.e., cannot be tampered with via modification, deletion or adding information to the audit log trail).
- Services and applications provide as little information as possible when queried directly
- System components cannot be effectively enumerated so far as to provide an adversary details of the architecture
- Only necessary services are enabled on the appropriate interfaces
- System administrative planes have robust controls to prevent/detect exploitation
- All data ingress and egress paths are controlled as per the system designs
- At minimum, all data transmitted over untrusted networks is encrypted using ISM compliant configuration
- The segmentation between the management, data and physical security system planes can’t be circumvented
- Malicious software/file/web/email resource delivery is prevented and/or detected
- Citizen facing services misuse/exploitation (using OWASP Top 10) is prevented/detected
- All object/resource access requests are attributable to an identity
- The system equipment is hardened in accordance with vendor guidance
- The AAT’s public internet domain name service is hardened against misuse or abuse
- Agreed testing plans, scenarios, timelines, timeframes, and methodology agreement
- A detailed technical report delivered at the completion of bundle of testing
- A final executive report to be delivered to Senior management i.e., Executive report
- A re-test of remediated vulnerabilities disclosed in the initial Penetration Testing
The selected tester will conduct targeted penetration test aimed at validating the security controls implemented for the AAT SASE system and the AAT’s SIEM system
Essential Criteria: (based on - The testing should seek to validate the following criteria)
- The proposed resources and qualifications of each resource
- The proposal should address all aspects outlines above
Job Type: Contract
Rate: As per Australian Market Standards
If you are interested in this position, please click Apply with your resume in WORD and send your details for review. If you wish to have a confidential discussion,call us on02 6108 3980or 0410 756 040for more information