Close×

Our client URGENTLY requires an External and Internal Security Assessor for an initial Short-term Fixed Price Contract to conduct external vulnerability and penetration tests as well as Internal network penetration tests.

The threat model for an external vulnerability assessment and penetration test is an unauthorised outsider attempting to conduct reconnaissance in order to potentially gain access to internal systems. Examples of this class of attacker include hackers and activists. 

The goal of the simulated attacker performing a vulnerability assessment is to enumerate all exposed services and identify vulnerabilities on the network. Exploitation of identified vulnerabilities is not undertaken in a vulnerability assessment. 

The testing follows a consistent and structured approach covering the following layers of the OSI network model:

  • Network.
  • Transport
  • Application.

The methodology for the testing is as follows:

  • Conduct information gathering.
  • Perform external vulnerability scanning and penetration test from a remote Internet connection.
  • Match identified services to known services; and manually verify the vulnerability.
  • Attempt exploitation of discovered vulnerabilities.

The test findings will be documented in a detailed report. The report will highlight the key risks and recommendations for improvement and risk mitigation. 

The goals of the internal penetration testing are:

  1. To determine whether and how a malicious user can gain unauthorized access. It is expected that the assessor tests against the following:
  • Vulnerability scans across 4 client network segments comprising 30 Data Centre VLANS.
  • Penetration testing against an Active Directory Domain Controller and one other specified server asset per network segment
  1. Assess applicable controls, such as scope, vulnerability management, methodology, and segmentation. 

The testing should attempt to identify methods and vulnerabilities that would result in compromise of critical systems and/or elevation of access allowing full administration of active directory domains or targeted systems.

Testing personnel should have one or more appropriate qualifications which can include:

  • Offensive Security Certified Professional (OSCP)
  • Certificated Ethical Hacker (CEH)
  • Global Information Assurance (GIAC) certifications
  • CREST Penetration Testing Certifications 

Call or email now to find out how you can collaborate further with Quality People on this exciting opportunity. 

David Silverman

Quality People 

National Business Manager 

P:  0433 829 471 

E:  david@qualitypeople.com.au  

W:  www.qualitypeople.com.au 

comments powered by Disqus