1. ONI seeks a fixed price quote inc GST for the following service.

To adequately understand the threats to our external facing Open Source Portal, ONI seeks a qualified (recognised industry qualification) and suitably experienced cyber security professional (SFIA 8 PENT 5) to perform a Vulnerability Assessment (VA) for our Open Source Portal. The Open Source Portal is a customer-facing web portal, based on Drupal and hosted on Amazon Web Services infrastructure.

The VA is required to analyse all aspects of the Open Source Portal, with a focus on Internet-accessible services. This will provide ONI with details of how an external adversary (or malicious insider) might leverage areas of weakness to cause a cyber security event, for example, to gain unauthorised access or otherwise interfere with the Open Source Portal functionality. The aim of the VA is to produce a report that identifies a complete list of vulnerabilities associated with the new Open Source Portal capability, each with an explanation, criticality weighting and proposed remediation action(s) that would eliminate the vulnerability.

Proposed candidates should have a minimum Baseline clearance. Access will be provided to required system documentation, source code and user account(s) in order to facilitate the VA process.

The VA work and report is to consume at most 15 business days and conclude by 15 April 2022.

2. ONI may require additional cyber security assistance subsequent to the VA. To facilitate this, an hourly rate inc GST should also be included.