Application closing date: Friday, 05 June 2026 • 11:59pm, Canberra time
Estimated start date: Monday, 03 August 2026
Location of work: VIC
Working arrangements: Full-time onsite for the first 6 weeks. A hybrid WFH arrangement, usually a minimum of 3 days/week onsite, will be considered from the location of their capital city.
Length of contract: 12 months
Contract extensions: Up to a maximum of 24 months
Security clearance: Must be able to obtain NV1 clearance
Rates: $90 - $120 per hour (inc. super)
Services Australia is at the frontline of government service delivery, supporting millions of Australians, and is front and centre of a vision to be a world leader in government service delivery. It's using cutting-edge technology to build world class platforms and capabilities to help Australians get on with their lives.
The Lead Penetration Testers will analyse IT systems to determine configuration weaknesses and faults that would impact on security and business then produce reports detailing the findings and recommendations for improved network security.
Cyber Security Penetration Testers conduct complex penetration testing and highly sensitive vulnerability assessment activities. They simulate different types of cybersecurity attacks and develop penetration testing methodologies.
Key duties and responsibilities:
- Oversee the execution of test cases using in-depth technical analysis of risks and typical vulnerabilities.
-
Lead cyber penetration testing and vulnerability assessments using relevant tools and methods against a variety of technologies.
-
Conduct and lead complex threat simulation activities to identify weaknesses and/or opportunities in technical security controls.
-
Oversee the catalogue of test findings and potential measures.
-
Oversee and approve security testing plans.
-
Provide highly technical subject matter expertise to system owners and stakeholders to improve system security posture.
-
Conduct highly complex analysis and research to identify improvements to cyber threat tools, techniques and procedures.
-
Manage and coordinate a variety of risk analysis and assessments on cyber security matters.
-
Perform web application and mobile penetration testing against complex enterprise platforms using a variety of technologies.
-
Conduct infrastructure penetration testing against enterprise grade systems.
-
Collaborate with system owners to develop test scope and preparation for testing ensuring remediation has been completed effectively.
-
Review reports, briefs and documentation and communicate technical findings and recommendations
-
Transfer highly technical skills and knowledge to other staff through continuous coaching and on-the-job training to support succession planning.
-
Lead and support the operations of a team, including setting priorities and managing performance, resources and workflows.
-
Exercise delegations in line with legislation and guidelines.
Desirable qualifications but not mandatory:
-
CompTIA Security +, CompTIA PenTest +, Certified Ethical Hacker, CREST Registered Penetration Tester, Offensive Security Certified (OSCE3), GIAC Penetration Tester.
Essential Criteria
- Penetration testing: Level 5 (SFIA) - Plans and drives penetration testing within a defined area of business activity. Delivers objective insights into the existence of vulnerabilities, the effectiveness of defences and mitigating controls. Takes responsibility for the integrity of testing activities and coordinates the execution of these activities. Provides authoritative advice and guidance on all aspects of penetration testing. Identifies needs and implements new approaches for penetration testing. Contributes to security testing standards.
Penetration Testing and conducting Simulated Attack Exercises: Level 5 (CIISEC) - Uses commercial and bespoke tools to conduct complex penetration testing without close supervision and/or leads teams undertaking complex penetration tests. Undertakes penetration exploits as part of a simulated attack exercise under direction. Appropriate and relevant certifications include CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications) or equivalents.
-
HOW TO APPLY
Please provide an updated CV (a maximum of 3-5 pages) to reflect your suitability to the role based on the job description. You will also need to complete a one page pitch to address the essential and desirable criteria which is no more than 5000 characters in total. Your application will be reviewed based on ability to demonstrate, or potential to develop, the capabilities required.
