Address
SalaryAustralian Citizens residing in Australia with the ability to obtain NV1 Clearance only respond.
- Contract start 15 January 2024 to 12 months.
- Australian Citizen, Ability to obtain NV1 Clearance, Brisbane, Sydney, Perth, Geelong, Melbourne or Offsite role.
Overview
As the NDIA is growing to meet the needs of the Australian population, the NDIA requires comprehensive IT systems to support the day to day running of the organisation.
The Platforms, Integration & Data team are responsible for scoping, designing, delivering and maintaining high quality IT systems and applications to support the entire agency and our partner organisations to deliver the National Disability Insurance Scheme to our participants every day.
The Offensive Security Specialist will regularly conduct advanced penetration tests and ethical hacking to identify vulnerabilities in computer systems early thus helping prevent external threats that may inflict damage to NDIS.
As an Ethical Hacker (Offensive Security / Red Team Specialist), you will be a subject matter expert in your field. You'll have the ability to prioritise and take ownership, as well as assist the broader ICT Services Branch your knowledge and experience. You will be comfortable working collaboratively with both technical and non-technical resources with a high aptitude for learning in a fast-paced environment.
We are looking for someone who has a passion and drive for working in a DevSecOps environment, working with the latest tools and technologies. As a cloud focused organisation, security is of paramount importance to us, and we are looking to strengthen our teams capability with this role.
Duties
Performing penetration testing of applications and IT infrastructure
Provide feedback into the design and build phase to ensure security requirements are captured up front,
Validating reported vulnerabilities, recommending appropriate mitigating strategies, and coordinating the follow up with relevant team members
Work with Cyber Security teams and product owners to seek alignment between information
security and business objectives.
Providing strategic advice to the Director and Assistant Director Quality Assurance
Investigate potential complex security issues and engage stakeholders appropriately
Foster a positive culture within the Platforms & Integration team aligned with Agency values
Work with the identify & access management team
Building and maintaining effective working relationships with internal and external stakeholders
Provide insight and integrate to monitoring and compliance tools
Every application requires to address selection criteria as part of application submission.
Essential Criteria
1. Demonstrated experience in offensive security and penetration testing across diverse platforms and technologies, including Web Applications, APIs, Mobile Apps, Kubernetes, Cloud environments, Networks, and Wireless infrastructures
2. Knowledge and practical experience in network protocols
3. Experience in Red Team Operations, conducting adversary emulation exercises
4. Demonstrated high level conceptual, analytical, and problem-solving skills, and the ability to develop creative and innovative solutions to difficult and complex problems
5. Ability to write tools and exploits in one or more languages such as Python, C, Node.js, golang
6. OSCE/OSCP/GWAPT/GXPN/GMOB certification is a distinctive plus (any of those)
Desirable Criteria
1. Demonstrated ability in capture the flag activities
2. Proven ability to define automated testing requirements across multiple platforms
