• Perform penetration testing and vulnerability research on complex proprietary software, hardware, and client service environments.
• Identify and assess vulnerabilities in systems and applications using manual and automated testing methods, including the discovery and exploitation of code flaws,
misconfigurations, and insecure components.
• Build, maintain, and support Red Team testing infrastructure and simulation capabilities.
• Build, maintain, and operate Red Team infrastructure to support advanced testing and simulation activities.
• Support the enhancement of vulnerability assessment practices, penetration testing procedures, secure development practices, and automation initiatives.
• Contribute to uplifting the security posture of government digital services through advanced testing techniques, knowledge transfer, and continuous improvement
initiatives.
• Monitor and keep cybersecurity knowledge current by tracking the latest security threats, vulnerabilities, and attack trends.
• Prepare and deliver clear, comprehensive penetration testing and vulnerability assessment reports, including findings, risk impact, technical evidence, and remediation
recommendations.
• Provide technical advisory support to teams to assist in remediation and risk-mitigation activities.
• Develop and deliver internal training materials and knowledge-transfer sessions to upskill cybersecurity staff.
The Consultant shall provide, at minimum, the following deliverables:
• Penetration testing and vulnerability assessment reports
• Red Team testing outputs and technical artefacts (where applicable)
• Remediation and risk-mitigation recommendation reports
• Internal training and knowledge-transfer materials
• Periodic progress and activity status reports, as required
Technical Specification
Use internationally recognized cybersecurity and testing frameworks such as:
ISO 27001, ISO 22301, NIST SP-800-53, NIST SP-800-115, MITRE ATT&CK, OWASP Testing Framework, PTES, OSSTMM.
• Apply structured and repeatable methodologies for:
o Penetration testing
o Vulnerability assessment and validation
o Security hardening and configuration review
• Use evidence-based assessment and reporting approaches supported by logs, screenshots, samples, or technical proof-of-concepts.
Education and Professional Certifications
• Offensive Security Certified Professional (OSCP)
• SANS 542 – Web Application Penetration Testing
• SANS 560 – Network Penetration Testing and Ethical Hacking
