Network Penetration Testing

Jacksonville Aviation Authority

Buyer seeks qualified firm to perform comprehensive network penetration testing services. The scope includes both external and internal penetration testing, PCI compliance validation, and assessment of operational technology components. Testing must identify vulnerabilities, perform non-disruptive exploits, and provide detailed reporting with remediation recommendations. All work must follow industry best practices and PCI DSS guidelines.

• 7/1/2025 - RFP Release Date
• 7/17/2025 - Mandatory Pre-Proposal Meeting
• 7/24/2025 - Questions Due
• 8/11/2025 - Proposal Due Date

• Minimum three years penetration testing experience
• Minimum two years experience for PCI Compliance validation
• Primary testing technician must have four years hands-on penetration testing experience
• Primary testing technician must have CEH, OSCP or equivalent certification
• Technicians must pass FDLE CJIS background check and sign NDA

• Perform external and internal network penetration testing
• Conduct PCI Compliance validation testing
• Perform social engineering assessment
• Assess operational technology (OT) components in critical systems
• Identify and document exploitable vulnerabilities
• Perform non-disruptive exploits with documentation
• Conduct a tabletop exercise for cybersecurity incident scenarios
• Perform cloud security analysis
• Prepare comprehensive technical reports with remediation recommendations
• Create executive summary reports excluding sensitive information