Career Pathfinder (CP) is an APSC website that promotes different professions and career options in the Australian Public Service (APS). CP will shortly be transferred to an AWS environment. Prior to the transfer and other updates being finalised, it is timely to perform a thorough series of tests on the platform and its environment to identify and mitigate cyber security risks. Testing will be of the STAGING environment, before it enters PRODUCTION.

The successful vendor will undertake a cyber-security assessment consisting of; penetration test, code review and vulnerability assessment of CP and its environment to identify any vulnerabilities and any work that is required to be undertaken to achieve the desired Essentials 8 maturity of Level 2 (and other ISM controls as appropriate).

The series of tests (and associated documentation) must be to the standards of the Information Security Manual and broader best practice to ensure that CP is secure.

In addition to the reports for the assessments (penetration test, code review and vulnerability assessment), the vendor must produce a Security Risk Management Plan, System Security Plan and any required Standard Operating Procedures.