Network Penetration Testing Services

The Village of Ossining, New York, is seeking a qualified vendor to provide comprehensive network penetration testing services over a two-year contract period. The agency needs to assess the security of its public-facing perimeter across all Village locations to identify and mitigate potential cyber vulnerabilities. The scope of work covers all externally reachable Village-owned IP addresses, internet-facing services, web applications, remote access portals, VPN endpoints, and externally hosted services operated on behalf of the Village. The requested services include reconnaissance, service and version enumeration, vulnerability identification, authenticated and unauthenticated exploitation attempts where authorized, and password attacks against exposed authentication interfaces. Additionally, the agency requires authorized social engineering testing of Village personnel to assess susceptibility to phishing, pretexting, and similar techniques. All findings, evidence, captured data, screenshots, credentials, and reports generated during the testing will remain the confidential property of the Village. Only onshore organizations based in the United States are eligible to bid on this opportunity. The selected vendor will perform all work offsite. The agency has not disclosed a specific budget and is looking for cost proposals from interested bidders. All questions regarding this opportunity must be submitted no later than June 4, 2026.