- Contract period: 3 to 6 months
- Location: NSW VIC
- Security: AGSVA Baseline clearance
Personnel Requirements:
- hold a Baseline clearance or higher
- be CREST certified
- be named
- sign Deeds of confidentiality agreements
- be Located onshore in Australia
About the Role:
SoftLabs is seeking a CREST certified Penetration Tester for ICT Labour hire at their technology consulting based in Canberra and Vitoria
Testing approach:
The testing will be performed as a grey box testing approach
The testing should seek to validate the following criteria:
- Event logs are correctly generated to detect unwanted behaviour performed by testing and are recorded within the AAT logging mechanism
- Event logs generation transfer and processing is immutable (i.e. cannot be tampered with via modification deletion or adding information to the audit log trail).
- Services and applications provide as little information as possible when queried directly
- System components cannot be effectively enumerated so far as to provide an adversary details of the architecture
- Only necessary services are enabled on the appropriate interfaces
- System administrative planes have robust controls to prevent/detect exploitation
- All data ingress and egress paths are controlled as per the system designs
- At minimum all data transmitted over untrusted networks is encrypted using ISM compliant configuration
- The segmentation between the management data and physical security system planes can t be circumvented
- Malicious software/file/web/email resource delivery is prevented and/or detected
- Citizen facing services misuse/exploitation (using OWASP Top 10) is prevented/detected
- All object/resource access requests are attributable to an identity
- The system equipment is hardened in accordance with vendor guidance
- The AAT s public internet domain name service is hardened against misuse or abuse
Deliverables:
- Agreed testing plans scenarios timelines timeframes and methodology agreement
- A detailed technical report delivered at the completion of bundle of testing
- A final executive report to be delivered to Senior management i.e. Executive report
- A retest of remediated vulnerabilities disclosed in the initial penetration testing
Scope of Work:
The selected tester will conduct targeted penetration test aimed at validating the security controls implemented for the AAT SASE system and the AAT s SIEM system
Essential Criteria: (based on The testing should seek to validate the following criteria)
- The proposed resources and qualifications of each resource
- The proposal should address all aspects outlines above
Application Deadline: Friday 01 March2024
Job Type: Contract
Rate: As per Australian Market Standards
If you are interested in this position please click Apply with your resume in WORD and send your details for review. If you wish to have a confidential discussioncall us on0orfor more information
The selected tester will conduct targeted penetration test aimed at validating the security controls implemented for the AAT SASE system and the AAT s SIEM system