Description: The client is seeking a contractor to provide cybersecurity penetration testing services for the client Buys, a new E Procurement System being implemented by the Department of Buildings and General Services (BGS). Client Buys is a vendor implementation of the Ivalua’s Procurement Platform that has been configured for clients use. The system will support procurement activities across all state agencies and departments resulting in efficiencies for both internal stakeholders and the supplier community. It is a browser-based application with integrations into financial systems at the state. Planned go live is planned as early as 6/15/25.
Required/Desired Skills:
- Work with ADS, BGS, the implementation vendor, and Ivalua personnel.
- Conduct web application penetration testing on a “production-like” environment.
- Test internal (Entra ID) and external (Okta) Single Sign-On (SSO) methods.
- Assess potential compromises by identifying and exploiting vulnerabilities.
- Test penetration as an authenticated user for three distinct roles.
- Notify client Security Team immediately about critical/high findings for remediation.
- Attend virtual meetings with the State, KPMG, and Ivalua to discuss findings and fixes.
- Verify remediated vulnerabilities and test new developments post-Phase I.
- Erase all obtained information after testing.
- Conduct penetration testing within the U.S.; all data must remain in the U.S.
