Lead Penetration Tester
- Position Posted: November 27, 2024
- Lead Penetration Tester
- Department of Foreign Affairs and Trade ACT, Canberra CBD
- Number of Positions: One (1)
Reference: | 1154 |
---|---|
Job Description: | Lead Penetration Tester |
Australian Citizenship | Required |
Security Clearance Level Required: | NV1 |
Length of Contract: | 12 months |
Contract Extension Options: | 2 x 12 months |
Key duties and responsibilities
- Conduct in-depth security assessments on networks, applications, and systems to identify vulnerabilities.
- Simulate advanced cyber-attacks to test the resilience of defence mechanisms.
- Perform detailed vulnerability assessments and participate in red team operations.
- Collaborate with intelligence analysts to integrate the latest threat intelligence into testing methodologies.
- Collaborate with cyber defence analysts to uplift the security posture of the department.
- Prepare comprehensive reports for business and senior executive, translating complex technical findings into clear, actionable recommendations.
Technical skills
Highly desirable certifications include OSCP, GPEN, CEH, or equivalent, with additional qualifications in government-specific cyber security programs.
Essential criteria
1. Experience: Minimum 3 years’ experience in penetration testing, vulnerability assessment, or related fields within a government context.
2. Technical Expertise: Advanced proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, and custom-developed tools. In-depth knowledge of government cyber security standards, such as the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM). Extensive knowledge of the MITRE ATT&CK, and similar knowledge bases.
Desirable criteria
1. Scripting: Strong scripting abilities in languages such as Python, Bash, or PowerShell to develop and automate testing processes.
2. Emerging Threats: Awareness of emerging security threats and vulnerabilities, and familiarity with various security testing methodologies and frameworks to assess these threats.
3. Experience: Experience with cloud and container technologies like AWS, Azure, or Kubernetes will be beneficial.
4. Knowledge: Extensive knowledge of OWASP Top 10, network protocols, secure communication methods, operating systems (Windows, Linux, macOS), and security for critical infrastructure.
Hybrid
3 days in office + 2 days from home or as otherwise agreed at DFAT’s discretion. Remote based candidates will not be considered.
Full response will be required by: | 11 December |
---|
We welcome applications from all sections of the community.