AAT Managed Service Penetration Testing

• Contract period: 3 to 6 months
  
• Location: NSW VIC
  
• Security: AGSVA Baseline clearance
  

Personnel Requirements:

• hold a Baseline clearance or higher
  
• be CREST certified
  
• be named
  
• sign Deeds of confidentiality agreements
  
• be Located onshore in Australia
  

About the Role:

SoftLabs is seeking a CREST certified Penetration Tester for ICT Labour hire at their technology consulting based in Canberra and Vitoria

Testing approach:

The testing will be performed as a grey box testing approach

The testing should seek to validate the following criteria:

• Event logs are correctly generated to detect unwanted behaviour performed by testing and are recorded within the AAT logging mechanism
  
• Event logs generation transfer and processing is immutable (i.e. cannot be tampered with via modification deletion or adding information to the audit log trail).
  
• Services and applications provide as little information as possible when queried directly
  
• System components cannot be effectively enumerated so far as to provide an adversary details of the architecture
  
• Only necessary services are enabled on the appropriate interfaces
  
• System administrative planes have robust controls to prevent/detect exploitation
  
• All data ingress and egress paths are controlled as per the system designs
  
• At minimum all data transmitted over untrusted networks is encrypted using ISM compliant configuration
  
• The segmentation between the management data and physical security system planes can t be circumvented
  
• Malicious software/file/web/email resource delivery is prevented and/or detected
  
• Citizen facing services misuse/exploitation (using OWASP Top 10) is prevented/detected
  
• All object/resource access requests are attributable to an identity
  
• The system equipment is hardened in accordance with vendor guidance
  
• The AAT s public internet domain name service is hardened against misuse or abuse
  

Deliverables:

• Agreed testing plans scenarios timelines timeframes and methodology agreement
  
• A detailed technical report delivered at the completion of bundle of testing
  
• A final executive report to be delivered to Senior management i.e. Executive report
  
• A retest of remediated vulnerabilities disclosed in the initial penetration testing
  

Scope of Work:

The selected tester will conduct targeted penetration test aimed at validating the security controls implemented for the AAT SASE system and the AAT s SIEM system

Essential Criteria: (based on The testing should seek to validate the following criteria)

• The proposed resources and qualifications of each resource
  
• The proposal should address all aspects outlines above
  

Application Deadline: Friday 01 March2024

Job Type: Contract

Rate: As per Australian Market Standards

If you are interested in this position please click Apply with your resume in WORD and send your details for review. If you wish to have a confidential discussioncall us on0orfor more information