US Citizen
Green Card
EAD (OPT/CPT/GC/H4)
H1B Work Permit
Corp-Corp
W2-Permanent
W2-Contract
Contract to Hire
Consulting/Contract
UG :- - Not Required
PG :- - Not Required
No of position :- ( 1 )
Post :- 8th Apr 2024
1. The selected contractor will work closely with ADS and PACE Scheduler personnel as required during this engagement.
2. External web application penetration testing, of the Scheduler against their “production like” environments. URLs Provided at project launch.
3. Endpoint penetration testing. One REST endpoint (provided at project launch)
4. Perform penetration tests including “black box” testing on the web site(s) / endpoints defined above to assess the extent of a compromise an attacker can achieve by identifying and exploiting any vulnerabilities. Also testing as an “authenticated user”
for three (3) user roles.
5. Comprehensive report of risk-ranked vulnerabilities/findings and associated exploits.
6. Following each penetration test and remediation of specific identified vulnerabilities, aretest will be performed specifically to determine whether the vulnerabilities were successfully remediated.
7. The contractor will log and trace every packet sent to PACE Scheduler as part of the test and shall provide log files to ADS as an addendum to the report deliverable(s).
8. Attestation of destruction of any information obtained by the contractor resulting from these penetration tests.
9. Penetration testing must be conducted from US soil. All data obtained in the course of this engagement must always remain on US soil. If this is not possible, please explain.
10. The contractor will produce an initial report of any findings within 5 business days following the completion of the initial testing.
11. Contractor is authorized to perform this test during the testing period between 8:00 am and 4:30 pm EST.
12. The contractor will provide the State with a final report of any findings and results within 5 business days after the penetration testing is completed.
13. The report will include all identified vulnerabilities, criticality levels, steps to reproduce or screenshots and recommended corrective methods and actions.