Our large federal government is seeking a Vulnerability Analyst to support Australia's Cyber Defences to ensure our essential networks are even more secure and reliable.Long term contracts (12 months+) available.The Program is an automated discovery and reporting process that identifies cyber hygiene issues in federal, state and territory, and local government internet facing IT services. The program assists in understanding and hardening their internet facing attack surface by looking for and reporting on issues such as critical vulnerabilities, open ports and services, encryption and email security configurations and other significant internet facing cyber hygiene issues.We are seeking an experienced technical cyber security resource with a background in either using, or performing analysis on software vulnerabilities.The right candidate may have worked as a penetration tester or SOC analyst and will have experience assessing the likely impact of software vulnerabilities including tasks such assessing and running up proof of concept exploitation code, conducting open-source research to identify and assess emerging vulnerabilities and working to identify systems susceptible to particular software vulnerabilities. Experience in analysing vulnerabilities in ICS/OT devices is highly desirable.The person will possess broad knowledge in:
- The technical mechanisms of different software vulnerabilities,
- Different classes of vulnerabilities including - RCE, LPE.
- Different vulnerability mechanisms including - Deserialisation, path traversal, authentication bypass.
- General technical cyber security skills including potentially skills from either an offensive or defensive perspective.
- Experience using and/or analysing software vulnerabilities (particularly remote vulnerabilities).
- Experience building software (scripts etc) to detect and verify software vulnerabilities.
- Experience in vulnerability management/vulnerability triage.
- Experience analysing and searching open source reporting for timely vulnerability information.