Lead Pen Testers with NV1 clearance
Lead Pen Testers with NV1 clearance
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Lead Pen Testers with NV1 clearance - Canberra- 2 weeks
About the Role
As part of our ongoing cybersecurity assurance initiatives and in compliance with Australian Government information security standards we are seeking an experienced Lead Penetration Tester to conduct a comprehensive assessment of a cloud-hosted web application deployed within the Microsoft Azure environment.
The engagement includes the penetration testing of both User Acceptance Testing (UAT) and Production environments with a focus on identifying vulnerabilities across the external attack surface including unauthenticated and authenticated vectors. The role requires close collaboration with internal security cloud and development teams to assess web-layer exposures application logic flaws and security configurations across integrated Azure services.
Scope of Work
-
Conduct comprehensive penetration testing of the applications web interface and associated backend infrastructure.
-
Focus on both unauthenticated and authenticated access vectors.
-
Test associated Azure components including:
-
Azure App Service
-
Azure SQL Database
-
Azure Key Vault
-
Azure Storage Accounts
-
Private Endpoints
-
-
Assess embedded third-party integrations (e.g. Chatpa code in web forms).
-
Provide actionable findings technical analysis and risk-based remediation recommendations.
Essential Criteria
1. Penetration Testing SFIA Level 5
-
Demonstrated ability to plan lead and execute penetration testing within a secure enterprise environment.
-
Provide expert-level insights on security posture vulnerability impact and defence effectiveness.
-
Accountable for the integrity and accuracy of test results coordinating and ensuring adherence to standards.
-
Advises stakeholders on best practices mitigation strategies and emerging testing techniques.
2. Penetration Testing & Simulated Attack Exercises CIISEC Level 5
-
Capable of conducting complex penetration testing and exploitation using both commercial and bespoke tools with minimal supervision.
-
Experience undertaking simulated attack exercises including adversarial emulation under direction.
-
Holds relevant certifications such as:
-
CHECK Team Leader
-
CREST Certified Tester (Infrastructure or Web Applications)
-
Or equivalent industry-recognised credentials
-
Technical Requirements
-
Proven expertise in:
-
Web application security
-
Azure-based cloud infrastructure security
-
Authentication/authorization mechanisms
-
Secure integration assessment
-
-
Familiarity with:
-
OWASP Top 10
-
Azure Security Center Key Vault and role-based access
-
-
Hands-on experience with industry-standard penetration testing tools (e.g. Burp Suite Nmap Metasploit etc.
Other Requirements
-
Must hold NV1 clearance (active)
-
Availability for short-term engagement with immediate start
-
Ability to work on-site in Canberra
-
Strong documentation reporting and presentation skills
Deliverables
-
Formal penetration test plan (PTP)
-
Final security assessment report with executive summary technical findings and risk ratings
-
Debrief session with internal stakeholders
#PenetrationTesting #DevSecOps #CyberSecurityJobs #AzureSecurity #NV1Clearance #CanberraJobs #CREST #CHECKTeamLeader #WebAppSecurity #CloudSecurity #InformationSecurity #RedTeam #SecurityTesting #AustralianGovernmentJobs #ContractJobs #SecurityEngineer #AzureDevOps #CyberContractors #australiajobs #canberrajobs
Employment Type
Full Time
