Penetration tester

Job Description

Objectives and Key DeliverablesThe Supplier will provide a monthly report showing progress against each of the Objectives and Key Deliverables. This report will also provide a summary of any Travel and Subsistence claims made in month, along with a cumulative total.Domain and risk identification related to Red Teaming:

• Test Scoping - Contractor will collaborate with the customer in order to identify and plan a penetration test for a given network segment. Such planning may include but not limited to, review of current network deployments, web applicationforms and network enforcement boundaries.

• Reconnaissance - Contractor will utilise active and passive based tools in order to identify and enumerate devices, services and users on a target network zone/zones. Such reconnaissance includes web-based services and applications.

• Vulnerability Identification - Contractor will utilise information gained in the previous phases in identify the presence of vulnerabilities in the services identified from the previous phase. Such identification may include stack basedoverflow injections or web-application injection type weaknesses.

• Validation - Contractor will attempt to validate any identified vulnerability (and disregard) any false positive results and validate other positive results from automated testing should this be a priority for the customer and drive valuein the test. Such validation may include PoC code.

• Exploitation - Contractor will using previous information attempt to exploit identified vulnerabilities in order to understand the extent to which the vulnerability enables unauthorised access to target services and data.

• Escalation and Movement - Contractor will, in accordance with the test aims attempt to escalate any initial access gained to other systems/ services in scope of the test to determine what exploit chains exist and the potential impact ofthese chains.

• Anti-forensics - Contractor will, in accordance with the test aims attempt to remove traces of system access whilst ensuring contemporaneous notes are kept. Examples include modification of audit-based services, data and controls or codemodification to enable evasion of anti-virus type products.

• Re-testing - Contractor is required to re-test vulnerabilities in external devices that are identified as having a risk rating or severity of Medium or higher as classified by automated scanning tools or Contractors risk assignment methodology.Additionally, Contractor will be required to re-test identified vulnerabilities having ANY risk rating or severity at the discretion of the MOD. Re-testing of vulnerabilities is to begin no sooner than 60 days after completion of all phases of the externalnetwork penetration testing engagement; working from an understanding of the operational environment to develop a Threat Statement for the vulnerability.

• Reporting - Contractor will write a report of their activities and findings inline with industry best practice. Report should include mitigations to identified weaknesses and be suitable for both technical and non-technical audiences.

What you will provide

• Provision of SQEP, pre-qualified, Sole UK-national, resource.
• Anything not listed as provision in order to achieve the objectives and deliverables.
• Confirmation of the resources SC clearance availability to Leonardo Security department.
• Confirmation that the candidate is willing to travel, including abroad, if required.
• Confirmation that the candidate is a UK National.
• Confirmation the candidate is PAYE.
• Attendance at any meeting in any location as directed by the Project lead or the Programme Lead.
• Standard internet connection to enable remote working.

Exclusions

• There is no obligation for the Supplier resource to attend any meetings that do not have a direct bearing on the tasks outlined here.
• Except the provision of security-cleared pre-qualified resource, the Supplier is free to direct the manner in which the tasks identified are to be achieved.
• The Supplier retains the right to replace the resource with a like-for-like individual for any reason. However, given the secure nature of the work, Leonardo must be given 30 calendar days notice to be allowed sufficient time to pre-qualify the resourceand enable Security checks to take place.
• The resource that is provided by the Supplier remains free to supply services to others provided that this contract is fulfilled

Location

• Based out of Whyton, Cambridgeshire, with potential for travel to customer site at Corsham and Leonardo Site in Bristol.
• Some tasks may require site visits to other locations, and these will be at the discretion of the Leonardo Project Lead in conjunction with the MOD PM.
• Some travel abroad may be required.
• There may be a requirement to undertake a Contractor Deploying on Operations (CONDO) course.
• Travel and Subsistence costs are to be pre-agreed by the Purchaser and are to be invoiced separately to the fixed fee.

Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talentin the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.