The Role

The Assistant Director of Threat and Vulnerability Assessment is responsible for conducting vulnerability assessments and penetration testing for systems across Defence’s Groups and Services. The role is key to uncovering attack paths and discovering vulnerabilities within systems and measuring them against defensive controls. The role will be key to recommending effective counter measures to defend against an ever-evolving threat landscape. The role will:

• Design and execute in-depth technical assessments to discover potential attack paths and vulnerabilities.
• Exercise sound decision making and provide expert security advice.
• Undertake complex problem solving and perform detailed or time sensitive work in support of operational and strategic outcomes for Defence.
• Lead and manage an operational team responsible for coordination, planning and conducting of Vulnerability Assessments and Penetration Tests of complex ICT and Operational Technical environments.
• Be responsible for building team capability through coaching, feedback, and mentoring activities to build resiliency and technical competency within a high performing team in an operational environment.

About our Team

DCIAB plays a leading role in securing, assuring and defending Defence’s systems to support Defence’s mission. We are a multi-disciplined team consisting of APS, ADF, and contractors that work with all Groups and Services to support the protection of Defence information system capabilities.

The Directorate of Cyber Security Assessments and Authorisation is responsible for cyber risk assessment, and the conduct of certification and accreditation of Defence ICT Systems to enable the provision of effective security controls and support system owners and accountable officers to make informed risk-based decisions for cyber risk and management of cyber security controls. They are a multi-disciplinary team comprised of APS, ADF and contractors that perform Cyber Risk Assessment, Vulnerability Assessments and Penetration Testing, Supply Chain Risk Assessment and technical evaluations of hardware and software products to verify and validate their security posture.

The Directorate supports a wide customer base across all Defence Groups and Services and collaborates closely with other government agencies and international partners.

Our Ideal Candidate

Our ideal candidate will:

• Have hands-on expertise with leading vulnerability management solutions like Qualys, Nessus, Rapid 7 etc.
• Lead the Vulnerability Assessment Program and be the main point of contact for all vulnerabilities, mitigation strategies, and patching initiatives.
• Understand various attack vectors and technical security controls, including any gaps, to mitigate potential attacks at all levels of the Cyber Kill Chain and stages of the MITRE ATT&CK Model.
• Have experience in stakeholder engagement, confident and persuasive communicator with the ability to explain complex concepts and risk in plain language.
• Have an understanding of vulnerability management frameworks, CVSS, CVE and MITRE ATT&CK.
• Have the ability to understand and report on threat landscape, correlate vulnerabilities with in-the-wild exploitation of threats, and present mitigations to relevant threats.
• Be proficient in identifying and exploiting common vulnerabilities across systems, networks, web, mobile apps, and APIs.
• Perform security tests, provide reports, and work on technical improvements

Application Closing Date: Thursday 22 August, 2024.

For further information please review the job information pack, reference JCG/06338/24 on https://defencecareers.nga.net.au/?jati=4B8CFE4D-2ADC-915A-BEA8-DAF069E505A0