Job Description

Perform penetration testing and vulnerability research on complex proprietary software, hardware, and client service environments. Identify and assess vulnerabilities in systems and applications using manual and automated testing methods, including the discovery and exploitation of code flaws,
misconfigurations, and insecure components.


Build, maintain, and support Red Team testing infrastructure and simulation capabilities. Build, maintain, and operate Red Team infrastructure to support advanced testing and simulation activities. Support the enhancement of vulnerability assessment practices, penetration testing procedures, secure development practices, and automation initiatives. Contribute to uplifting the security posture of government digital services through advanced testing techniques, knowledge transfer, and continuous improvement
initiatives.


Monitor and keep cybersecurity knowledge current by tracking the latest security threats, vulnerabilities, and attack trends. Prepare and deliver clear, comprehensive penetration testing and vulnerability assessment reports, including findings, risk impact, technical evidence, and remediation
recommendations.


Provide technical advisory support to teams to assist in remediation and risk-mitigation activities. Develop and deliver internal training materials and knowledge-transfer sessions to upskill cybersecurity staff.

The Consultant shall provide, at minimum, the following deliverables:

Penetration testing and vulnerability assessment reports Red Team testing outputs and technical artefacts (where applicable) Remediation and risk-mitigation recommendation reports Internal training and knowledge-transfer materials Periodic progress and activity status reports, as required

Technical Specification

Use internationally recognized cybersecurity and testing frameworks such as:


ISO 27001, ISO 22301, NIST SP-800-53, NIST SP-800-115, MITRE ATT&CK, OWASP Testing Framework, PTES, OSSTMM.

Apply structured and repeatable methodologies for:

o Penetration testing


o Vulnerability assessment and validation


o Security hardening and configuration review


* Use evidence-based assessment and reporting approaches supported by logs, screenshots, samples, or technical proof-of-concepts.