Lead Penetration Tester

Job details

Penetration Testers analyse IT systems to determine configuration weaknesses and faults that would impact on security and business then produce reports detailing the findings and recommendations for improved network security.


Background

Our client is seeking a highly skilled and dedicated Penetration Tester to join our elite cyber security branch. In this role, you will play a critical part in safeguarding digital assets by conducting internal, in-depth security assessments on government networks, applications, and systems on a global scale. Working with other cyber security teams, you will simulate advanced cyber attacks to identify vulnerabilities that could be exploited by hostile entities, ensuring that our defence mechanisms are resilient and effective.

Key duties and responsibilities

• Conduct in-depth security assessments on networks, applications, and systems to identify vulnerabilities.
• Simulate advanced cyber-attacks to test the resilience of defence mechanisms.
• Perform detailed vulnerability assessments and participate in red team operations.
• Collaborate with intelligence analysts to integrate the latest threat intelligence into testing methodologies.
• Collaborate with cyber defence analysts to uplift the security posture of the department.
• Prepare comprehensive reports for business and senior executive, translating complex technical findings into clear, actionable recommendations.

Highly desirable certifications include OSCP, GPEN, CEH, or equivalent, with additional qualifications in government-specific cyber security programs.

• Experience: Minimum 3 years' experience in penetration testing, vulnerability assessment, or related fields within a government context.
• Technical Expertise: Advanced proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, and custom-developed tools.
• In-depth knowledge of government cyber security standards, such as the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM). Extensive knowledge of the MITRE ATT&CK, and similar knowledge bases.

• Scripting: Strong scripting abilities in languages such as Python, Bash, or PowerShell to develop and automate testing processes.
• Emerging Threats: Awareness of emerging security threats and vulnerabilities, and familiarity with various security testing methodologies and frameworks to assess these threats.
• Experience with cloud and container technologies like AWS, Azure, or Kubernetes will be beneficial.
• Knowledge: Extensive knowledge of OWASP Top 10, network protocols, secure communication methods, operating systems (Windows, Linux, macOS), and security for critical infrastructure.

If you wish to apply for this position, please submit your resume by clicking the 'Apply Now' button. For further information please contact Abhi Naik at Clicks IT Recruitment on +61 427 997 851.

At Clicks, we embrace diversity, inclusion, and equal opportunity.