- Perform penetration testing and vulnerability research on complex proprietary software, hardware, and client service environments.
- Identify and assess vulnerabilities in systems and applications using manual and automated testing methods, including the discovery and exploitation of code flaws,
misconfigurations, and insecure components.
- Build, maintain, and support Red Team testing infrastructure and simulation capabilities.
- Build, maintain, and operate Red Team infrastructure to support advanced testing and simulation activities.
- Support the enhancement of vulnerability assessment practices, penetration testing procedures, secure development practices, and automation initiatives.
- Contribute to uplifting the security posture of government digital services through advanced testing techniques, knowledge transfer, and continuous improvement
initiatives.
- Monitor and keep cybersecurity knowledge current by tracking the latest security threats, vulnerabilities, and attack trends.
- Prepare and deliver clear, comprehensive penetration testing and vulnerability assessment reports, including findings, risk impact, technical evidence, and remediation
recommendations.
- Provide technical advisory support to teams to assist in remediation and risk-mitigation activities.
- Develop and deliver internal training materials and knowledge-transfer sessions to upskill cybersecurity staff.
The Consultant Shall Provide, At Minimum, The Following Deliverables
- Penetration testing and vulnerability assessment reports
- Red Team testing outputs and technical artefacts (where applicable)
- Remediation and risk-mitigation recommendation reports
- Internal training and knowledge-transfer materials
- Periodic progress and activity status reports, as required
Technical Specification
Use Internationally Recognized Cybersecurity And Testing Frameworks Such As
ISO 27001, ISO 22301, NIST SP-800-53, NIST SP-800-115, MITRE ATT&CK, OWASP Testing Framework, PTES, OSSTMM.
- Apply structured and repeatable methodologies for:
- Penetration testing
- Vulnerability assessment and validation
- Security hardening and configuration review
- Use evidence-based assessment and reporting approaches supported by logs, screenshots, samples, or technical proof-of-concepts.
Education and Professional Certifications
- Offensive Security Certified Professional (OSCP)
- SANS 542 Web Application Penetration Testing
- SANS 560 Network Penetration Testing and Ethical Hacking
