Are you looking for an awesome place to work, where you can proudly be your authentic self, and be part of #oneteam?
We are looking for a passionate team player who aligns with our values and culture, takes pride in their unique contributions, and can challenge the status quo with disruptive thinking. If this sounds like you, come and join us!
The Opportunity
Reporting to the Security Lead - Offensive, the Senior Security Analyst – Offensive (can be based in Melbourne, Sydney, or Perth) , is a hands-on offensive operator who is capable of independently planning and executing red team, purple team and penetration testing operations, with a focus on execution, professionalism and documentation. Beyond this, you will support the efforts to operationalise exposure & vulnerability management capabilities designed to keep Vocus safe and secure.
This position supports the delivery of the SSG strategy pillars to be Threat Led & adapt to evolving external threats by adopting a shift-left approach for Vocus security.
What you’ll be responsible for in this role
The key responsibilities of the role are listed below. These may change in response to your personal growth and business demands.
- Concept, plan and execute penetration Testing, Red and Purple Team assessments, including end-to-end ethical adversarial emulation of cyber-attacks against in-scope assets and other technical cyber security assessments, including risk and remediation recommendations.
- Produce and disseminate offensive security reporting with meaningful and actionable recommendations to stakeholders within required deadlines.
- Provide Cybersecurity Guidance such as advising IT operations team, business stakeholders and security leadership on how to embed best practices to enhance organisational security.
- Conduct threat modeling initiatives (STRIDE/MITRE hybrid over DFDs) and provide sufficient collaboration with architecture and project teams. As Vocus increasingly shifts into an AI world, you will explore and recommend AI specific methodologies and frameworks to suit such as ATLAS, MAESTRO and OWASP.
- Drive security outcomes related to exposure management and proactive threat reduction related to vulnerabilities, exploits and /or detection gaps.
- Support the development of custom tools and automation for offensive operations (e.g., Python, C++, Bash, Powershell, VBA)
- Contribute to the offensive security roadmap alongside the Security Lead – Offensive and Head of Security Operations, embedding in the SSG strategy pillars.
- Engage in self-learning via training, certifications, lab environments and conferences.
What you'll bring to the role
- 4+ years of hands-on experience as a pen tester, red team member or IT security analyst with strong proficiency in industry recognised tools and/or knowledge and experience in deploying effective attack chains against technology, people and processes during a threat emulation/simulation exercises.
- Strong demonstrated experience in evaluating, explaining and reporting cyber security risks identified in offensive security operations and exercises. Particularly how they could impact a critical infrastructure provider and/or a customer centric service provider.
- Understanding AI systems and their security weaknesses and the ability to communicate to the business how to improve the organisation’s security posture in the face of emergent threats.
- Capable of working independently and meeting deadlines for delivery of outcomes and products to stakeholders with effective prioritisation of work.
- Strong knowledge in offensive tools, tactics and techniques that reflect the real-world threat landscape. As required, this position should have the technical competency to create custom tooling, exploits and implants with programming languages such as Python, PowerShell, Bash, C++, etc.
- Demonstrated senior skill set in areas such as network protocols, web applications, threat intelligence analysis, security operations and/or secure development within IaaS (AWS)
- Excellent presentation, written and verbal communication skills, with the ability to convey complex security concepts and findings to technical and non-technical stakeholders.
- Strong knowledge of operating systems, networking fundamentals, web technologies and security concepts such as defense in depth, CIA triad, and information security concepts. Including knowledge of detection, monitoring, and security controls.
- You are a passionate self-starter who owns initiatives and is curious about technology and its security boundaries and enjoy sharing that passion with others.
- A demonstrated understanding of general cyber security principles, compliance mandates and regulations relevant to critical infrastructure such as SOCI.
- Desired qualifications and certifications such as:
- Offensive Security Certified Professional (OSCP), GIAC Red Team Professional (GRTP), GIAC Penetration Testing (GPEN), GIAC Exploit researcher and Advanced Penetration Tester (GXPN) or equivalent certifications
- Educational Qualifications: Tertiary qualifications in computer science, information security, or a relevant IT field.
What We Offer
Working at Vocus will give you rewarding experiences and the opportunity to do extraordinary work. You will enjoy:
- Diverse and dynamic teams with a supportive and inclusive culture.
- Supportive career development plans with comprehensive ongoing training, support, and development opportunities.
- Flexible hours and a hybrid working environment
- Generous discounts on power, gas, mobile and internet; plus, discounts to over 400 retailers.
- Competitive leave options, including anniversary leave, purchased leave, parental leave, volunteering leave, study leave, and 5 extra days of Vocus leave each year, plus more.
- Study assistance programs to excel your personal growth, learning and development.
- Health and wellness offerings, including access to our wellbeing initiatives that can help you from a financial, psychological, and physical perspective.
Working at Vocus is never just a job – it’s personal. We’re crazy about our customers and believe our people are the difference. Our wonderfully diverse team and a vibrant culture define us. We care about the impact we have on our people, our customers, and our communities and are committed to operating as a responsible, ethical business.
We pride ourselves on setting audacious and ambitious goals and believe that we can play our part in changing the Australian telecommunications landscape and make a fundamental difference to people’s lives.
With us, you’ll have the opportunity to lead and inspire teams, work on projects that are shaping the future of telecommunications and become part of a culture that thrives on creativity, encourages new ideas, and provides a collaborative and inclusive environment.
About Us
As Australia’s specialist fibre and network solutions provider, we own and operate 25,000km of secure, high-capacity fibre connecting people, businesses, governments, and communities across Australia to the world. Through our well-known retail brands, we deliver simple and affordable broadband, mobile, voice and energy services with the purpose of Building Critical Connections . Enabling Better Possibilities.
Ready to take the next step?
If you like the sound of this role and think you’d do a great job, but are worried you don’t tick every box, we encourage you to back yourself – we know that diverse groups are less-likely to apply for roles they’re not 100% qualified for, but just as likely to succeed at them!
We are a proud equal opportunity employer committed to providing a safe, diverse, and inclusive working environment where all our team members feel like they belong. We know diversity makes us stronger and we encourage applications irrespective of background, age, origin, gender, sexual orientation, identity, or ability.
If you feel comfortable, please let us know if you have any accessibility requirements upon application, so we can make any adjustments required to support you throughout our recruitment process.