Job Description

Direct Client: STATE OF VERMONT

Job Title: Cybersecurity Systems Penetration Testing

Duration: Need to propose

Start Date: ASAP

Location: 133 State St, Montpelier, VT 05602/Remote

Position Type: Contract

Interview Type: Webcam

Requirement ID: SVT_PENT098_SS

Department: Agency of Digital Services

SCOPE OF WORK

BACKGROUND: The Agency of Digital Services is seeking a contractor to provide cybersecurity penetration testing services for the Public Service Department (PSD) Data Project serving the PSD and the Public Utilities Commission (PUC). The Data Project is an internally hosted database for additional analytics. The contractor should be a computer security services provider, exceptionally well-versed in all facets of penetration testing to test the PSD Data Project to ensure it is secured from malicious actors.

REQUIREMENTS:

1. The selected contractor will work closely with ADS and selected vendor personnel as required during this engagement.
2. Endpoint penetration testing. One REST endpoint (provided at project launch)
3. Perform penetration tests including "black box" testing on the database defined above to assess the extent of a compromise an attacker can achieve by identifying and exploiting any vulnerabilities. Also testing as an "authenticated user" for three (3) user roles.
4. Comprehensive report of risk-ranked vulnerabilities/findings and associated exploits.
5. Following each penetration test and remediation of specific identified vulnerabilities, a retest will be performed specifically to determine whether the vulnerabilities were successfully remediated.
6. The contractor will log and trace every packet sent to the database as part of the test and shall provide log files to ADS as an addendum to the report deliverable(s).
7. Attestation of destruction of any information obtained by the contractor resulting from these penetration tests.
8. Penetration testing must be conducted from the continental US. All data obtained in the course of this engagement must always remain on continental US. If this is not possible, please explain.
9. The contractor will produce an initial report of any findings within 5 business days following the completion of the initial testing.
10. Contractor is authorized to perform this test during the testing period between 8:00 am and 4:30 pm EST (blackout update dates/give as much time necessary/but not touch update windows).
11. The contractor will provide the State with a draft report of any findings and results within 10 business days after the penetration testing is completed.
12. The report will include all identified vulnerabilities, criticality levels, steps to reproduce or screenshots and recommended corrective methods and actions.

PROJECT MANAGEMENT

PROJECT MANAGEMENT APPROCH

The Contractor shall follow project management methodologies that are consistent with the Project Management Institute's (PMI) Project Management Body of Knowledge (PMBOK) Guide.

Contractor staff will produce project deliverables using Microsoft Office products in v2007 or newer (Word, Excel, Project, Visio, etc.), and Adobe PDF, or other formats acceptable to the State.

PROJECT DELIVERABLES

Describe required deliverables in detail. Under no circumstance should a SOW be developed or an SOW RFP be released where the deliverables are not quantified or the criteria for acceptance are not defined. Be clear and concise. The deliverables identified here should be directly tied to payment provisions.

PROJECT DELIVERABLES

ID Deliverables Expected Completion

PUC/PSD DBMS 1 Finalized project approach, plan
and/or schedule for PSD Data
Project. Within 5 business days
of executed SOW
Agreement PUC/PSD DBMS 2 Initial penetration test of PSD Data
Project and initial report of found
vulnerabilities. Vendor to propose PUC/PSD DBMS 3 Retest of PSD Data Project as well
as final report of found
vulnerabilities Within (vendor to
propose) notification by
DPS that remediations
are completed. PUC/PSD DBMS 4 All log files as described in
Requirement #6 and attestation of
destruction of all information
obtained as part of the executed
penetration tests. Within 5 business days
of final report (PSD
Data Project #3)

Proposed Services Work Plan

• Proposed Services: A description of the Contractor's proposed services to accomplish the specified work requirements, including dates of completion.
• Risk Assessment: An assessment of any risks inherent in the work requirements and actions to mitigate these risks.
• Proposed Tools: A description of proposed tools that may be used to facilitate the work.
• Tasks and Deliverables: A description of and the schedule for each task and deliverable, illustrated by a Gantt chart. Start and completion dates for each task, milestone, and deliverable shall be indicated. Must include deliverables specified in SOW-RFP as well as other deliverables that Contractor may propose.
• Work Breakdown Structure: A detailed work breakdown structure and staffing schedule, with labor hours by skill category that will be applied to meet each milestone and deliverable, and to accomplish all specified work requirements.

________________________________________________________________
V Group Inc. is an IT Services company that supplies IT staffing, project management, and delivery services in software, network, help desk, and all IT areas. Our primary focus is the public sector ,including state and federal contracts. We have multiple awards/ contracts with the following states: CA, FL, GA, IL, MD, MI, NC, NJ, NY, OH, OR, PA, SC, TX, VA, and WA. If you are considering applying for a position with V Group, or in partnering with us on a position, please feel free to contact me for any questions you may have regarding our services and the advantages we can offer you as a consultant.

Please share my contact information with others working in Information Technology.

Website:

Twitter:

Facebook:

Job Tags

Contract work, For contractors, Work at office, Immediate start, Remote work,

Similar Jobs