Senior Security Vulnerability Specialist

About Future Fund

At the Future Fund, we're for future minds – like yours. The new investors and creators who thrive on different thinking and doing it together. Those who glimpse opportunity before it strikes and step up every day to grab it.

The Future Fund is Australia's Sovereign Wealth Fund, managing over $310 billion across seven public asset funds with the same purpose: growing Australia's future. We are a global investor and work closely with world leading investment organisations to access the best investment ideas.

Where others see challenges, we see more interesting investment experiences. Every person, every skillset, every mindset is an asset. We've got every future generation to consider, yet our approach to investing is incredibly pure: we think about it deeply, and daily. Ours is a culture where great people grow the future together, with the rare ability to work collaboratively, think freely, and make a real difference.

Are you Futureminded? Let's create what's next.

The Opportunity

Reporting to the Security Operations Manager, the Senior Specialist, Security Vulnerability will lead our vulnerability management program and drive uplift in the Agency's technology security posture. This key position partners closely with Technology and business stakeholders to support the secure implementation, operation, and continual improvement of systems and infrastructure. The successful applicant will shape platform enhancements, deliver risk insights, and help embed leading vulnerability management practices across the Agency.

The position is offered on a full-time basis in Melbourne. The Future Fund operates a hybrid work model, with employees typically combining remote and in-office work to support flexibility, collaboration, and high performance, in line with organisational needs. Employees are expected to be in the office a minimum of three days/week in the office, with Tuesday and Wednesday being anchor days.

Key Responsibilities

AS Senior Specialist, Security Vulnerability, you will:

• Lead and govern the Agency's vulnerability management program, including strategy execution, improvement initiatives, and platform (Qualys) administration.

• Collaborate with Technology teams and business stakeholders to triage, resolve, and escalate vulnerabilities and incidents, ensuring effective remediation and compliance with standards.

• Automate vulnerability scanning and reporting processes and ensure integration with associated security tools and workflows.

• Generate timely, tailored reporting for technical, business, and executive audiences; track and communicate key security metrics, mitigation actions, and remediation trends.

• Mentor and support Agency teams in uplift of vulnerability management capability; socialise processes and provide training on using the platform.

• Maintain and continually enhance documentation of all vulnerability management processes, standards, and best practices.

• Monitor the security threat landscape; recommend and drive integration of relevant enhancements to improve the Agency's risk posture.

• Contribute to agency-wide governance, policy, and incident management activities as required.

About You

The ideal candidate will demonstrate comprehensive expertise in the Qualys enterprise vulnerability management platform, with hands-on experience across one or more core modules. They will have a solid grounding in Microsoft Defender Vulnerability Management and a strong understanding of how to interpret and prioritise vulnerability risk using standard frameworks such as CVSS and related security metrics. Technical proficiency should span multiple environments—from public cloud platforms like AWS and Microsoft Cloud to operating systems including Windows 11, Windows Server, Linux, and containers—with a working knowledge of patch management processes and solutions. In addition, the candidate will have deep experience performing host, cloud, web application, and network vulnerability assessments, and will be comfortable triaging and investigating multiple, often complex, findings.

Familiarity with industry standards and benchmarks (for example, ISM, ACSC, CIS) is required, with exposure to ServiceNow ITSM solutions considered advantageous. Beyond technical proficiency, they must be credible, risk-conscious, and outcome-oriented, with strong analytical skills and the ability to communicate and collaborate effectively across technical and non-technical colleagues.

A passion for continual learning, rigorous documentation, and maintaining awareness of emerging threats and relevant controls is essential, with a proven ability to drive secure implementation, uphold best practice standards, and support the organisation's investment and operational objectives. Candidates should be able to obtain AGSV Baseline clearance.

Please note that this opportunity is only open to Australian Citizens.

We Are For Everyone

At Future Fund, we are better for our differences. Every person, every skillset, every mindset is an asset. We want everyone to feel comfortable bringing their authentic selves to work. Which is why we're looking for future minds like yours. Your past experiences help us expand our collective knowledge, add value and create something better. When doing your job means Australia has more money to invest in renewables, education, healthcare and medical breakthroughs – there's a tangible impact to what we do. And we want you to be part of it.

Are you Futureminded? Learn more about us at our LinkedIn Life page.

The Future Fund acknowledges the Traditional Custodians of the lands and waters on which we live and work. We pay respect to Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples as we work to create meaningful change for reconciliation.

Job Posting End Date