Penetration Testing as a Service
Location:
Washington, District of Columbia, United States
Posted on:
Deadline:
Summary:
The Washington, DC government is requesting penetration testing services for its IT systems, including ethical hacking, web application security evaluation, and social engineering simulation.
Get full access to this RFP
Download the full RFP document and use Settle's AI to analyze requirements, estimate budget, and draft winning responses in minutes.
The government authority in Washington, DC seeks a vendor to provide penetration testing as a service for its IT core systems. The scope includes mission–system and application testing in pre–production environments to uncover vulnerabilities, design anti–patterns, and coding or configuration errors that may introduce security risks.
Services required include ethical hacking activities such as internal network scanning, port scanning, system fingerprinting, service probing, exploit research, manual vulnerability testing, and verification. Web application testing will evaluate risks including injection, broken authentication and session management, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, and API/web services vulnerabilities.
Social engineering techniques are also part of the engagement and may include phishing, vishing (voice phishing), smishing (SMS phishing), and the use of AI emulation and simulation to support testing operations. The contract will be for a one-year period.
Questions regarding this RFP must be submitted no later than March 9, 2026.
Best-fit vendors:
• Experienced cybersecurity firm specializing in penetration testing
• Proven track record with government or public sector clients
• Expertise in ethical hacking, web application security, and social engineering
• Ability to deliver testing and remediation guidance within a one-year contract period
