Organisation/Entity: Transport For NSW
Job category: Information & Communication Technology
Job location:
Macquarie Park, NSW, AU, 2113
#job-location.job-location-inline { display: inline; }
Job reference number: 107051
Employment type: Permanent Full-Time
Salary range: $163145.0-$182721.0
.buttontext84e7fa5614fe8498 a{ border: 1px solid transparent; } .buttontext84e7fa5614fe8498 a: focus{ border: 1px dashed #0085b3 !important; outline: none !important; }
You’re agile, keen and open to meaningful work and opportunities that come your way.
Your innovative mindset is key to creating solutions to complex problems. Our systems drive our organisational success and underpin every journey our customers take. This is your opportunity to be part of an expert team who build and refine seamless technology experiences.
In this role, you'll:
Work as part of a team delivering advanced offensive security capability across Transport’s technology environment, this role focuses on penetration testing, red team operations, and adversary emulation to identify vulnerabilities and strengthen cyber resilience.
This role will see you leading and executing offensive security engagements across cloud, enterprise, application, and operational technology environments. You will develop and refine offensive methodologies, tooling, and standards, and translate findings into practical risk reduction, improved detection engineering, and stronger security architecture in a complex, safety-critical setting.
You will identify, validate, and prioritise vulnerabilities, providing clear remediation guidance and verifying fixes. You will also work closely with SOC and cyber defence teams to build detections, threat models, and response playbooks, while driving automation and adversary simulation to uplift security maturity.
For more information on this position and business unit, view the role description and information pack.
About you
You must have a minimum of two years’ hands‑on experience performing end‑to‑end offensive security engagements, from scoping and threat modelling through execution, reporting, and remediation support. Your offensive security expertise developed through delivering penetration testing, red teaming, and adversary emulation activities across large enterprise, government, and critical infrastructure environments will see you excel at identifying systemic weaknesses and translating them into meaningful, risk‑driven security improvements.
You are recognised as a strong technical practitioner with deep, hands‑on capability across web application and API testing; Active Directory and identity‑based attack techniques; and cloud security assessments spanning AWS, Azure, and hybrid environments. You have proven experience conducting both internal and external infrastructure testing, including work within OT and segmented network environments.
You bring an advanced understanding of modern attacker tradecraft, including MITRE ATT&CK, OWASP Top 10, identity and access management weaknesses, and contemporary attack chains involving post‑exploitation, privilege escalation, lateral movement, persistence, and detection evasion. Comfortable working at depth with Windows and Linux internals, enterprise authentication protocols, and complex network architectures, you are confident handling sensitive security artefacts, using offensive security tooling and frameworks, and developing scripts or automation to enhance testing effectiveness.
Critically, you balance offensive testing with operational safety, governance, and business context. You produce high‑quality technical documentation ranging from detailed penetration test reports and attack narratives to clear, prioritised remediation recommendations and are adept at coordinating remediation efforts across diverse systems and stakeholders. Your strong communication skills enable you to clearly articulate complex technical risks and remediation priorities to both technical teams and senior, non‑technical audiences, while continuously adapting your approach to evolving threats and attacker techniques.
Who we are
Transport for NSW provides a safe, integrated, and efficient transport system. We connect people, communities and industry every day.
Join us
Our workforce is as diverse as the community we serve. If you’d like further information on our inclusion and diversity initiatives, visit Transport careers.
Flexible work options may be available. Learn more via Flexible work options and policy
Apply today
Applications close 11:59 PM Friday 31 July 2026
For more information about this role, please contact
[email protected].
Aboriginal people and people living with disability are supported throughout the recruitment process and at work, and we encourage you to apply. Visit Supporting Aboriginal People or Supporting People with Disability for more information or speak to your talent team member to arrange any adjustments to how you interact with us.
Learn more about how to apply via Our recruitment process | Transport for NSW
#LI-Hybrid
Job Segment: Linux, Engineer, Web Design, Developer, Technology, Engineering, Creative