| Demonstrated experience with Government, or comparable entities, as it relates to the technical and business landscape. |
| Demonstrated experience with cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Testing Standard. |
| Demonstrated experience with cloud security and cloud-based application architecture and different deployment models. |
| Demonstrated experience with penetration testing tools. |
| Demonstrated experience identifying and exploiting vulnerabilities. |
| Demonstrated experience with common attack vectors and techniques, and how to defend against them. |
| Demonstrated experience in regulatory compliance standards and ensuring compliance during penetration testing. |
| Demonstrated experience in static and dynamic application security testing using automated tools and manual techniques. |
| Demonstrated experience with white box testing and black box testing. |
| Demonstrated experience with the ISO 27002:2022, or equivalent, code of practice for information security controls. |
| Demonstrated experience writing and presenting detailed assessment reports. |
| Valid certifications such as Certified Ethical Hacker (CEH) or Certified Information Systems Security Professional (CISSP) are considered significant assets. Related cybersecurity certifications will be considered. |