Job Description:
Contract period: 3 to 6 months
Location: NSW, VIC
Security Clearance: AGSVA Baseline clearance
About the Role:
SoftLabs is seeking a CREST certified Penetration Tester for ICT Labour hire at their technology consulting based in Canberra and Vitoria
Testing approach:The testing will be performed as a grey box testing approach
The testing should seek to validate the following criteria:
- Event logs are correctly generated to detect unwanted behaviour performed by testing, and are recorded within the AAT logging mechanism
- Event logs generation, transfer and processing is immutable (i.e., cannot be tampered with via modification, deletion or adding information to the audit log trail).
- Services and applications provide as little information as possible when queried directly
- System components cannot be effectively enumerated so far as to provide an adversary details of the architecture
- Only necessary services are enabled on the appropriate interfaces
- System administrative planes have robust controls to prevent/detect exploitation
- All data ingress and egress paths are controlled as per the system designs
- At minimum, all data transmitted over untrusted networks is encrypted using ISM compliant configuration
- The segmentation between the management, data and physical security system planes can’t be circumvented
- Malicious software/file/web/email resource delivery is prevented and/or detected
- Citizen facing services misuse/exploitation (using OWASP Top 10) is prevented/detected
- All object/resource access requests are attributable to an identity
- The system equipment is hardened in accordance with vendor guidance
- The AAT’s public internet domain name service is hardened against misuse or abuse
Deliverables:
- Agreed testing plans, scenarios, timelines, timeframes, and methodology agreement
- A detailed technical report delivered at the completion of bundle of testing
- A final executive report to be delivered to Senior management i.e., Executive report
- A re-test of remediated vulnerabilities disclosed in the initial penetration testing
Scope of Work:
The selected tester will conduct targeted penetration test aimed at validating the security controls implemented for the AAT SASE system and the AAT’s SIEM system
Essential Criteria:
(based on - The testing should seek to validate the following criteria)
- The proposed resources and qualifications of each resource
- The proposal should address all aspects outlines above
Personnel Requirements:
- hold a Baseline clearance or higher
- be CREST certified
- be named
- sign Deeds of confidentiality agreements
- be Located onshore in Australia
Application Deadline: Friday, 01 March2024
Job Type: Contract
If you are interested in this position, please click Apply with your resume in WORD and send your details for review. If you wish to have a confidential discussion,call us on02 6108 3***or 0410 756 ***for more information