Job title: Lead Security Specialist Vulnerability Assessors
Job type: Contract
Emp type: Full-time
Pay interval: Hourly
Pay rate: negotiable
Job published: 11/05/2026

Job Description

Job Title: Lead Security Specialist Vulnerability Assessors

Security Clearance: Must have TSPV

Duration: Initial 12 months with 2 x 12-month extensions

Industry: Information Technology

Functional Expertise: Cyber Security

Sub-functional Expertise: Penetration Testing, Threat Intelligence, Vulnerability Assessment

Location of work: ACT

Closing date: 9AM Wednesday, 13 May 2026

Description:

Our client is seeking an experienced Lead Security Specialist Vulnerability Assessor to identify, assess, and prioritise threat vulnerabilities identified through penetration testing and provide recommendations to improve security architecture and enhance risk awareness.

The successful candidate will lead complex investigations, conduct penetration testing activities, assess threat profiles, and provide expert guidance on ICT security strategies and risk mitigation. The role also involves evaluating security controls, reviewing system vulnerabilities, and supporting the secure integration of technologies across ICT environments.

The role requires advanced technical expertise, leadership capability, and strong stakeholder engagement skills, operating at an EL1 equivalent level.

Responsibilities:

  • Lead and perform forensically sound complex investigations on a wide array of assets and devices related to security infrastructure.
  • Assess and explain highly complex threat profiles of electronic devices.
  • Lead analytical processes to identify and recommend actions to maintain and improve ICT infrastructure integrity.
  • Communicate and provide advice and guidance on strategies to improve ICT security and mitigate risk.
  • Evaluate and assist with the application and compliance of security controls.
  • Review information systems for actual or potential security vulnerabilities.
  • Review, assess, and manage risks associated with system designs to ensure appropriate technology selection, efficient resource use, and secure integration of systems and technologies.

Requirements:

  • Demonstrated experience planning and driving penetration testing activities within complex environments.
  • Ability to deliver objective insights into vulnerabilities, security controls, and defensive effectiveness.
  • Experience coordinating penetration testing activities and implementing new approaches to security testing.
  • Demonstrated experience conducting complex penetration testing and simulated attack exercises using commercial and bespoke tools.
  • Relevant certifications such as CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications), or equivalent.
  • Demonstrated ability to provide specialist security advice and organisational leadership.
  • Experience maintaining networks of recognised experts and contributing to professional capability development.
  • Demonstrated experience undertaking complex threat intelligence, threat modelling, and threat assessment activities.
  • Relevant certifications such as CREST Certified Threat Intelligence Manager.

Key Capabilities:

  • Penetration testing and vulnerability assessment
  • Simulated attack exercises
  • Threat intelligence and threat modelling
  • ICT security risk assessment
  • Security architecture review
  • Forensic investigation techniques
  • Security governance and compliance
  • Technical leadership and stakeholder engagement
  • Security advisory and guidance capability

Essential Criteria:

  • Penetration testing: Level 5 (SFIA) Plans and drives penetration testing within a defined area of business activity. Delivers objective insights into the existence of vulnerabilities, the effectiveness of defences and mitigating controls. Takes responsibility for the integrity of testing activities and coordinates the execution of these activities. Provides authoritative advice and guidance on all aspects of penetration testing. Identifies needs and implements new approaches for penetration testing. Contributes to security testing standards.
  • Penetration Testing and conducting Simulated Attack Exercises: Level 5 (CIISEC) Uses commercial and bespoke tools to conduct complex penetration testing without close supervision and/or leads teams undertaking complex penetration tests. Undertakes penetration exploits as part of a simulated attack exercise under direction. Appropriate and relevant certifications include CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications) or equivalents.
  • Specialist advice: Level 6 (SFIA) Provides organisational leadership and guidelines to promote the development and exploitation of specialist knowledge in the organisation. Maintains a network of recognised experts (inside and/or outside the organisation) who can deliver expert advice in relevant areas. Provides input into professional development planning across a significant part of the organisation to further the development of appropriate expertise.
  • Threat Intelligence, Assessment and Threat Modelling: Level 5 (CIISEC) Undertakes complex threat intelligence/modelling tasks or threat assessments without supervision. Manages threat intelligence/assessment teams. Appropriate and relevant certifications include CREST Certified Threat Intelligence Manager.

How to apply:

Please submit your application including your resume and a completed application form addressing the essential and desirable criteria. Ensure your application highlights your experience and any relevant certifications.