About this Position:
Job Title: Penetration Tester
Assessment Goal:
- Obtain sensitive data from County database (Anonymize data in documentation/reports).
- Compromise of an intermediary device used by privileged users to access the Database, Web, and or systems.
- Obtain sensitive data or compromise of Domain, Web Servers, and/or DBA with privileged user credentials.
- Elevated Privilege compromise of the systems and servers.
- No exploitation of system(s) will be conducted without express written permission from the ISO team.
Deliverables & Knowledge Transfer:
- The Consultant will provide comprehensive reports of findings, artifacts of the compromise, clean-up and prioritized recommendation on how to resolve and or mitigate any identified weakness.
- The Consultant will provide documentation of the cleanup and destruction of obtained county data.
- The Consultant will participate in a post engagement meeting with the team to discuss findings, compromise Tactics, Techniques and Procedures clean-up and recommendations.
- The Consultant will provide a work plan timeline for completion of project milestones.
Requirement:
- Black box testing methodology required.
"No phone calls please."
