5 Lead Penetration Testers
Services Australia
About the Role
Penetration Testers analyse IT systems to determine configuration weaknesses and faults that would impact on security and business then produce reports detailing the findings and recommendations for improved network security.
Cyber Security Penetration Testers conduct complexpenetration testing and highly sensitive vulnerability
assessment activities. They simulate different types of cybersecurity attacks and develop penetration testing
methodologies.
Key duties
a) oversee the execution of test cases using in-depth technical analysis of risks and typical vulnerabilities.
b) lead cyber penetration testing and vulnerability assessments using relevant tools and methods against a
variety of technologies.
c) conduct and lead complex threat simulation activities to identify weaknesses and/or opportunities in technical
security controls.
d) oversee the catalogue of test findings and potential measures.
e) oversee and approve security testing plans.
f) provide highly technical subject matter expertise to system owners and stakeholders to improve system security
posture.
g) conduct highly complex analysis and research to identify improvements to cyber threat tools, techniques and
procedures.
h) manage and coordinate a variety of risk analysis and assessments on cyber security matters.
i) perform web application and mobile penetration testing against complex enterprise platforms using a variety of
technologies.
j) conduct infrastructure penetration testing against enterprise grade systems.
k) collaborate with system owners to develop test scope and preparation for testing ensuring remediation has been
completed effectively.
l) review reports, briefs and documentation and communicate technical findings and recommendations
m) transfer highly technical skills and knowledge to other staff through continuous coaching and on-the-job training to
support succession planning.
n) lead and support the operations of a team, includingsetting priorities and managing performance, resources
and workflows.
o) exercise delegations in line with legislation and guidelines.
Desirable qualifications but not mandatory:
CompTIA Security +, CompTIA PenTest +, Certified Ethical Hacker, CREST Registered Penetration Tester, Offensive
Security Certified(OSCE3), GIAC Pentration Tester
Requirements
Criteria
The buyer has specified that each candidate must provide a one page pitch to address all criteria specified. This is equal to 5000 characters.
Essential
1. Plans and drives penetration testing within a defined area of business activity.
Delivers objective insights into the existence of vulnerabilities, the effectiveness of defences and mitigating controls.
Takes responsibility for the integrity of testing activities and coordinates the execution of these activities. Provides authoritative advice and guidance on all aspects of penetration testing.
Identifies needs and implements new approaches for penetration testing. Contributes to security testing standards.
2. Uses commercial and bespoke tools to conduct complex penetration testing without close supervision and/or leads teams undertaking complex penetration tests. Undertakes penetration exploits as part of a simulated attack exercise under direction. Appropriate and relevant certifications include CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications) or equivalents.
Additional requirements
1. A security clearance will be required for the role. Does the candidate have the required Clearances, or the ability to obtain and maintain?
2. To identify potential conflicts of interest, is the candidate a director/owner/account manager/partner of a Seller registered on BuyICT? If so, provide the Position Title, Seller Name and Seller ABN.
3. Provide details (e.g. manager, branch) of candidate's previous worked history either as a contractor or employee for the Buyer including its former agencies such as the Department of Human Services.
4. Seller has obtained the Candidate’s consent to be exclusively represented by the Seller for this RFQ. (Note: The Buyer does not want the same candidate submitted by multiple Sellers).
5. Provide 2 referee details for candidate (name and contact details) who can confirm the candidate’s skills/knowledge to fulfill this role. Referees can be a previous manager (within the last 4 years).
6. The Seller acknowledges the Quote Validity Period for this RFQ is 12 months from RFQ Closing date. The Seller agrees that its Quote will remain valid for the Quote Validity Period.
7. The Seller acknowledges that being identified as a Preferred/suitable Seller does not guarantee that the Buyer will procure Services from the Seller during the Quote Validity period.
8. The Seller acknowledges that being identified as a Preferred/suitable Seller does not prevent the Buyer from obtaining similar services from other Sellers during the Quote Validity Period.
9. The Seller acknowledges that being identified as a Preferred/suitable Seller does not indicate that a contract may be formed between the Buyer and Seller during the Quote Validity Period.
10. The Seller acknowledges that if candidate is willing to travel for this role, they must be willing to work at the RFQ location for the duration of the contract.
11. Seller acknowledges Buyer’s amendment to Part C1 clause13.6.2 - if a seller seeks a Rate Increase, the seller may only apply within 30 days after receiving buyer’s notice to extend the contract.
12. Seller acknowledges Buyer’s amendment to Part C1 item 13.6.5 - applications made by the seller under clause 13.6.2, the seller’s price will be adjusted from specified date in the Contract Variation.
Indicative Rate
Rate on application
If there is mutual interest, we will talk you through the rate structure and next steps in more detail.
Apply for this role
Submit your resume and any supporting information you would like us to consider. If there is a fit, we will be in touch to discuss the role further.