Lead Penetration Tester

Services Australia is at the frontline of government service delivery, supporting millions of Australians, and is front and centre of a vision to be a world leader in government service delivery. It’s using cutting-edge technology to build world class platforms and capabilities to help Australians get on with their lives.

The Lead Penetration Testers will analyse IT systems to determine configuration weaknesses and faults that would impact on security and business then produce reports detailing the findings and recommendations for improved network security.

Cyber Security Penetration Testers conduct complex penetration testing and highly sensitive vulnerability assessment activities. They simulate different types of cybersecurity attacks and develop penetration testing methodologies.

Key duties and responsibilities - Oversee the execution of test cases using in-depth technical analysis of risks and typical vulnerabilities.

- Lead cyber penetration testing and vulnerability assessments using relevant tools and methods against a variety of technologies.

- Conduct and lead complex threat simulation activities to identify weaknesses and/or opportunities in technical security controls.

- Oversee the catalogue of test findings and potential measures.

- Oversee and approve security testing plans.

- Provide highly technical subject matter expertise to system owners and stakeholders to improve system security posture.

- Conduct highly complex analysis and research to identify improvements to cyber threat tools, techniques and procedures.

- Manage and coordinate a variety of risk analysis and assessments on cyber security matters.

- Perform web application and mobile penetration testing against complex enterprise platforms using a variety of technologies.

- Conduct infrastructure penetration testing against enterprise grade systems.

- Collaborate with system owners to develop test scope and preparation for testing ensuring remediation has been completed effectively.

- Review reports, briefs and documentation and communicate technical findings and recommendations

- Transfer highly technical skills and knowledge to other staff through continuous coaching and on-the-job training to support succession planning.

- Lead and support the operations of a team, including setting priorities and managing performance, resources and workflows.

- Exercise delegations in line with legislation and guidelines.

Desirable qualifications but not mandatory - CompTIA Security +, CompTIA PenTest +, Certified Ethical Hacker, CREST Registered Penetration Tester, Offensive Security Certified (OSCE3), GIAC Penetration Tester.

Essential Criteria - Penetration testing: Level 5 (SFIA) - Plans and drives penetration testing within a defined area of business activity. Delivers objective insights into the existence of vulnerabilities, the effectiveness of defences and mitigating controls. Takes responsibility for the integrity of testing activities and coordinates the execution of these activities. Provides authoritative advice and guidance on all aspects of penetration testing. Identifies needs and implements new approaches for penetration testing. Contributes to security testing standards.

- Penetration Testing and conducting Simulated Attack Exercises: Level 5 (CIISEC) - Uses commercial and bespoke tools to conduct complex penetration testing without close supervision and/or leads teams undertaking complex penetration tests. Undertakes penetration exploits as part of a simulated attack exercise under direction. Appropriate and relevant certifications include CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications) or equivalents.

#J-18808-Ljbffr