Logo
V Group Inc.

Penetration Tester Job at V Group Inc. in Montpelier

V Group Inc., Montpelier, VT, United States, 05604

Save Job

Get AI-powered advice on this job and more exclusive features.

This range is provided by V Group Inc.. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

$70.00/hr - $75.00/hr

Direct message the job poster from V Group Inc.

Presales | Business Growth | Client Relationship | Vendor Aquisition | Recruitment Process | Open Networker

Duration: TBD based on Deliverable & Time Line

The Vermont Department of Motor Vehicles (DMV) is seeking a contractor to conduct cybersecurity penetration testing services on the following two distinct solutions.

The DMV seeks a cybersecurity contractor with extensive expertise in penetration testing to rigorously assess the security of VT TRIPS, with a focus on the Driver Services component, and VT Haul Pass, ensuring robust protection against potential cyber threats.

Penetration Testing Requirements:

  • Black-box testing (unauthenticated + authenticated)
  • External web app and REST endpoint testing
  • Risk-ranked vulnerability report
  • Retesting after remediation
  • Destruction attestation of test data
  • U.S.-based testing & data residency
  • Daily testing window: 8:00 AM–4:30 PM EST

REQUIREMENTS:

  • The selected contractor will work closely with ADS, AOT, Fast and ProMiles personnel as required during this engagement.
  • External web application penetration testing of VT TRIPS and VT Haul against their “production-like” environments. URLs provided at project launch.
  • VT TRIPS - two REST endpoints (provided at project launch)
  • VT Haul Pass – one REST endpoint (provided at project launch)
  • Perform penetration tests including “black box” testing on the web site(s) / endpoints defined above to assess the extent of a compromise an attacker can achieve by identifying and exploiting any vulnerabilities. Also testing as an “authenticated user”:
  • VT TRIPS – authenticated users, un-authenticated users (sites to be provided at project launch)
  • VT Haul Pass - authenticated users, un-authenticated users (sites to be provided at project launch)
  • Comprehensive report of risk-ranked vulnerabilities/findings and associated exploits.
  • Following each penetration test and remediation of specific identified vulnerabilities, a retest will be performed specifically to determine whether the vulnerabilities were successfully remediated.
  • The contractor will log and trace every packet sent to Fast Enterprises for VT TRIPS and ProMiles VT Haul Pass as part of the test and shall provide log files to DMV/ADS as an addendum to the report deliverable(s).
  • Attestation of destruction of any information obtained by the contractor resulting from these penetration tests.
  • Penetration testing must be conducted from the continental US. All data obtained in the course of this engagement must always remain on continental US. If this is not possible, please explain.
  • The contractor will produce an initial report of any findings within 5 business days following the completion of the initial testing.
  • Contractor is authorized to perform this test during the testing period between 8:00 am and 4:30 pm EST. (blackout update dates/give as much time necessary/but not touch update windows.)
  • The contractor will provide the State with a draft report of any findings and results within 5 business days after the penetration testing is completed.
  • The report will include all identified vulnerabilities, criticality levels, steps to reproduce or screenshots and recommended corrective methods and actions.

PROJECT MANAGEMENT

PROJECT MANAGEMENT APPROACH

The Contractor shall follow project management methodologies that are consistent with the

Project Management Institute’s (PMI) Project Management Body of Knowledge (PMBOK)

Guide.

Contractor staff will produce project deliverables using Microsoft Office products in v2007

or newer (Word, Excel, Project, Visio, etc.), and Adobe PDF, or other formats acceptable to

the State.

PROJECT DELIVERABLES

Describe required deliverables in detail. Under no circumstance should a SOW be developed or an SOW RFP be released where the deliverables are not quantified or the criteria for acceptance are not defined. Be clear and concise. The deliverables identified here should be directly tied to payment provisions.

PROJECT DELIVERABLES – VT TRIPS

ID

Expected Completion:

VT TRIPS -1

Finalized project approach, plan and/or schedule for VT TRIPS

Within 5 business days of executed SOW Agreement

VT TRIPS -2

Initial penetration test of VT TRIPS and initial report of found vulnerabilities.

The State is requesting this occur Oct 6th – 15th.

VT TRIPS-3

Retest of remediated findings from VT TRIPS as well as final report of found vulnerabilities

Within (vendor to propose) notification by DMV/ADS that remediations are completed.

VT TRIPS-4

All log files as described in Requirement #7 and attestation of destruction of all information obtained as part of the executed penetration tests.

Within 5 business days of final report (ID# VT TRIPS-3)

ID

Expected Completion:

Finalized project approach, plan and/or schedule for VT Haul Pass

Within 5 business days of executed SOW Agreement

Initial penetration test of VT Haul Pass and initial report of found vulnerabilities.

Retest of remediated findings from VT Haul Pass as well as final report of found vulnerabilities

Within (vendor to propose) notification by DMV/ADS that remediations are completed.

All log files as described in Requirement #7 and attestation of destruction of all information obtained as part of the executed penetration tests.

Within 5 business days of final report (ID# VT Haul-3)

Proposed Services – Work Plan

  • Proposed Services: A description of the Contractor’s proposed services to accomplish the specified work requirements, including dates of completion.
  • Risk Assessment: An assessment of any risks inherent in the work requirements and actions to mitigate these risks.
  • Proposed Tools: A description of proposed tools that may be used to facilitate the work.
  • Tasks and Deliverables: A description of and the schedule for each task and deliverable, illustrated by a Gantt chart. Start and completion dates for each task, milestone, and deliverable shall be indicated. Must include deliverables specified in SOW-RFP as well as other deliverables that may be proposed by Contractor.
  • Work Breakdown Structure: A detailed work breakdown structure and staffing schedule, with labor hours by skill category that will be applied to meet each milestone and deliverable, and to accomplish all specified work requirements.

_____________________________________________________________________________________________

V Group Inc. is an IT Services company which supplies IT staffing, project management, and delivery services in software, network, help desk and all IT areas. Our primary focus is the public sector including state and federal contracts. We have multiple awards/ contracts with the following states: AR, CA, DE, FL, GA, IL, KY, MD, ME, MI, NC, NJ, NY, OH, OR, PA, SC, TX, VA, and WA. If you are considering applying for a position with V Group, or in partnering with us on a position, please feel free to contact me for any questions you may have regarding our services and the advantages we can offer you as a consultant.

Please share my contact information with others working in Information Technology.

  • Website: www.vgroupinc.com
  • Facebook: www.facebook.com/VGroupIT
  • Twitter: www.twitter.com/VGroupITService

Seniority level

  • Seniority level

    Mid-Senior level

Employment type

  • Employment type

    Contract

Job function

  • Job function

    Quality Assurance and Information Technology

  • Industries

    IT System Testing and Evaluation and IT Services and IT Consulting

Referrals increase your chances of interviewing at V Group Inc. by 2x

Get notified about new Penetration Tester jobs in Montpelier, VT.

Senior Application Security Engineer (Remote - USA)

Vermont, United States $139,900.00-$304,200.00 1 week ago

Security Customer Experience Engineer Manager

Vermont, United States $119,800.00-$258,000.00 2 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr