The Role

The Assistant Director of Technical Vulnerability and Assurance is responsible for conducting vulnerability assessments and penetration testing for systems across Defence’s Groups and Services. The role is key to discovering attack paths and vulnerabilities and will need to recommend effective counter measures and controls to defend against an ever-evolving threat landscape.

The role will:

• Be accountable to perform and achieve complex technical security investigations work within an integrated workforce.
• Design and execute in-depth technical assessments to discover potential attack paths and vulnerabilities.
• Exercise sound decision-making and provide expert security advice.
• Undertake complex problem solving and perform detailed or time sensitive work in support of operational and strategic outcomes for Defence.
• Lead and manage an operational team responsible for coordination, planning and conducting of vulnerability assessments and penetration tests of complex ICT and operational technical environments.
• Be responsible for building team capability through coaching, feedback, and mentoring activities to build resiliency and technical competency within a high performing team in an operational environment.

The additional payment is a Building Defence Capability Payment (BDCP) which enables Defence to provide a premium, in addition to the rate of salary otherwise payable under the Enterprise Agreement (EA) to some or all of the jobs within a critical occupation(s) or discipline within a workplace. Applicants engaged into a BDCP position must consider the following. BDCPs provide remuneration in addition to the Defence Enterprise Agreement (EA). This arrangement is subject to meeting eligibility criteria and is subject to annual review. Should your performance fall beyond requirements or the eligibility criteria not be met, your eligibility for the BDCP may be reviewed and ceased. It may also be ceased should you change positions or the requirement for the BDCP is no longer necessary, as determined by Defence. Should the BDCP be ceased you will be advised and your BDCP additional payment will cease.

About our Team

ICT Security Branch plays a leading role in securing, assuring and defending Defence’s systems to support Defence’s mission. We are a multi-disciplined team consisting of APS, ADF, and contractors that work with all Groups and Services to support the protection of Defence information system capabilities. The Directorate of Cyber Security Assessments & Authorisation is responsible for cyber risk assessment, and the conduct of certification and accreditation of Defence ICT Systems to enable the provision of effective security controls and support system owners and accountable officers to make informed risk-based decisions for cyber risk and management of cyber security controls.

They are a multi-disciplinary team comprised of APS, ADF and contractors that perform Cyber Risk Assessment, Vulnerability Assessments and Penetration Testing, Supply Chain Risk Assessment and technical evaluations of hardware and software products to verify and validate their security posture. The Directorate supports a wide customer base across all Defence Groups and Services and collaborates closely with other government agencies and international partners.

Our Ideal Candidate

Our ideal candidate will be:

• Hands-on expertise with leading vulnerability management solutions like Qualys, Nessus and Rapid 7.
• Lead the Vulnerability Assessment Program and be the main point of contact for all vulnerabilities, mitigation strategies, and patching initiatives.
• Understand various attack vectors and technical security controls, including any gaps, to mitigate potential attacks at all levels of the Cyber Kill Chain and stages of the MITRE ATT&CK Model.
• Experience in stakeholder engagement, confident and persuasive communicator with the ability to explain complex concepts and risk in plain language.
• Understanding of vulnerability management frameworks, CVSS, CVE and MITRE ATT&CK.
• Ability to understand and report on threat landscape, correlate vulnerabilities with in-the-wild exploitation of threats, and present mitigations to relevant threats.
• Proficient in identifying and exploiting common vulnerabilities across systems, networks, web, mobile apps, and APIs.
• Perform security tests, provide reports, and work on technical improvements.

Application Closing Date: Sunday 17 December, 2023

For further information please review the job information pack, reference JCG/11908/23 on https://defencecareers.nga.net.au/?jati=41231363-D5CA-D99B-3CDB-D235B702F1F0