Job ID :
2204
Company :
State of Ohio
Location :
columbus, OH
Type :
Contract
Duration :
6 Months
Status :
Active
Openings :
1
Posted :
5 years ago
Job Seekers, Please send resumes to resumes@hireitpeople.com or Call: (202) 719-0200 Ext: 127

Short Description:

 

Complete an assessment and penetration tets on agency's external facing infrastructure.

 

Complete Description:

These activities will be conducted from outside the agency network with limited knowledge of the network design and infrastructure.  Based on details required from the assessment efforts and other publically accessible information, the tester will attempt to gain access to agency resources.  Daily progress reports will be required outlining testing details, progress and plans. All major vulnerabilities and/or successful breaches will be reported to agency contact immediately. 

 

Launch a phishing scheme against agency email users; gather statistics and summary data regarding number of emails sent; number of responses received, email addresses of those who respond, and summary data of information obtained. 

 

All tool sets for this testing will be supplied by the tester.

 

Develop executive level reports and detailed technical reports to support testing efforts.  Assessment reports must include details regarding specific methods used in testing, vulnerabilities identified, severity rating and a specific mitigation strategy.

 

Written draft detail reports must be available for review by 12/31/2012; with final reports due by 1/11/2013.

 

Tester will be available to agency technical staff during regular business hours (8 am – 5 pm weekdays), or after hours if over weekends and holidays as needed for detailed technical discussions of findings as necessary and provide expertise in mitigation strategies.

 

All test results are confidential and are the property of the agency.  Tester is required to complete Disclosure Training.

 

Skills:

Bachelors Degree or higher in the area of informaton technology and/or information security/information assurance.

Desired

 

Posses the following certifications in active status: CISSP, CEH

Required 8 Years

 

Information technology experience

Required 10 Years

 

Information security experience

Required 5 Years

 

Assessments, ethical hacking, and penetration testing

Required 2 Years

 

Conducting ethical phishing schemes

Required 10 Years

 

Experience with commerical and open source tools used to conduct testing

Required 10 Years