Vulnerability Analyst (Software)

Our large federal government is seeking a Vulnerability Analyst to support Australia's Cyber Defences to ensure our essential networks are even more secure and reliable.Long term contracts (12 months+) available.The Program is an automated discovery and reporting process that identifies cyber hygiene issues in federal, state and territory, and local government internet facing IT services. The program assists in understanding and hardening their internet facing attack surface by looking for and reporting on issues such as critical vulnerabilities, open ports and services, encryption and email security configurations and other significant internet facing cyber hygiene issues.We are seeking an experienced technical cyber security resource with a background in either using, or performing analysis on software vulnerabilities.The right candidate may have worked as a penetration tester or SOC analyst and will have experience assessing the likely impact of software vulnerabilities including tasks such assessing and running up proof of concept exploitation code, conducting open-source research to identify and assess emerging vulnerabilities and working to identify systems susceptible to particular software vulnerabilities. Experience in analysing vulnerabilities in ICS/OT devices is highly desirable.The person will possess broad knowledge in:

• The technical mechanisms of different software vulnerabilities,
• Different classes of vulnerabilities including - RCE, LPE.
• Different vulnerability mechanisms including - Deserialisation, path traversal, authentication bypass.
• General technical cyber security skills including potentially skills from either an offensive or defensive perspective.

Essential Critera:

• Experience using and/or analysing software vulnerabilities (particularly remote vulnerabilities).
• Experience building software (scripts etc) to detect and verify software vulnerabilities.
• Experience in vulnerability management/vulnerability triage.
• Experience analysing and searching open source reporting for timely vulnerability information.

Location: This role is based in Canberra, ACT.Contract Terms: The initial contract is for 12 months, with the potential 2 X 12 month extensions.Security Requirements: A minimum AGSVA Baseline clearance is required.Kinexus is the leading recruitment partner to the defence industry in Australia. We support our community in making intelligent connections and create opportunities to help grow careers. If you are interested to learn more about these opportunities or how contracting could be the switch you are looking for, please get in touch for a confidential chat.All applications should include your resume as a word document. For more information, visit our website, or contact Cindace Prasad at 0449 511 324. #LI-CP