Lead Penetration Tester

The Department of Employment and Workplace Relations is looking to engage a Cyber Security Specialist to work in the Cyber Security Section of the Digital Solutions Division (DSD).

The Cyber security Specialist will be part of a wider Tiger Team focusing on uplifting the security posture of different applications across the department. The Cyber security Specialist will lead the identification, analysis, and mitigation of vulnerabilities in critical applications. This role focuses on ensuring the department’s applications are resilient to evolving cybersecurity threats while collaborating with developers and technical specialists to implement effective security solutions.

Collaborate with cross-functional teams to integrate security measures into the design and implementation of new systems and technologies.

Develop strategies to secure technologies including legacy applications.

Conduct cyber security assessments, vulnerability scans and pen testing to identify potential risks and vulnerabilities.

Build infrastructure and tooling to automate and move cyber security activities left.

Collaborate, drive and build a program of work to uplift the way the organisation identifies and makes risk-based decisions for applications

Join our passionate team today and be part of a department that recognises and rewards excellence, values your expertise and provides an environment where your ideas and contributions truly make a difference.

Duties and Responsibilities include:

• Conducting security assessments including code reviews, vulnerability scans, and penetration tests.
• Collaborating with developers and software engineers to remediate vulnerabilities and implement secure coding infrastructure, and architecture practices.
• Designing and implementing secure configurations for applications and their supporting infrastructure.
• Developing and maintaining documentation on vulnerability findings, risk mitigation strategies, and best practices.
• Advising application teams on cybersecurity risks and mitigation approaches.

Criteria

The buyer has specified that each candidate must provide a response to each criterion. Each response is limited to 3000 characters.

Essential criteria

1. Extensive experience in vulnerability management, penetration testing, and secure design.
2. Knowledge of security frameworks such as OWASP, NIST, or ISO 27001.
3. Knowledge and hands-on experience implementing government security standards such as the ISM and PSP.
4. Familiarity with application security tools (e.g., Burp Suite, Nessus, or similar).
5. Strong analytical skills to assess and prioritise vulnerabilities for remediation.
6. Ability to work across diverse technology stacks and environments.

Desirable criteria

1. Certifications such as CISSP, OSCP, or CEH.
2. Experience with cloud and on-premises security models.
3. Knowledge of education or government security requirements.