AddressMust have a Negative Vetting 2 Security Clearance.
SFIA- SCTY 5
Technical Vulnerability Assessor – System vulnerability assessment and/or penetration testing, testing the security effectiveness of system implementation through passive and active scan and penetration activities; and Technical Vulnerability Assessors must be familiar with the Australian Government Information Security Manual (ISM) as the basis for cyber security risk treatments across government.
Each Technical Vulnerability Assessor’s responsibilities are inclusive of the following activities:
- stakeholder engagement, management, risk triage, and strategic mission support;
- providing expertise in evangelising CSAA’s approach to the assessment and reporting of cyber risk;
- supporting mission through the triage and prioritisation of assessments;
- assessment and assurance administration and reporting;
- assisting CSAA management with holistic risk reporting;
- Department Chief Information Security Officer requests;
- Freedom of Information requests; and
- Senate Estimates support.
Qualifications, Skills and Experience
Technical Vulnerability Assessors must have one or more of the following qualifications, skills and experience:
- Tertiary qualifications in Cyber Security;
- Experience in risk assessment and reporting of complex/varied array of ICT systems;
- CISM – Certified Information Security Manager;
- CISSP – Certified Information Systems Security Professional;
- GSLC – GIAC Security Leadership Certificate;
- CISA – Certified Information Systems Auditor;
- CRISC – Certified in Risk and Information Systems Control;
- GSNA – GIAC Systems and Network Auditor;
- ISO 27001 Lead Auditor;
- PCI QSA – PSI Qualified Security Assessor.
