Senior Penetration Tester

3 weeks ago

Sydney, New South Wales, Australia Australian Energy Market Operator (AEMO) Full time

Join to apply for the Senior Penetration Tester role at Australian Energy Market Operator (AEMO)

Continue with Google Continue with Google

2 days ago Be among the first 25 applicants

Join to apply for the Senior Penetration Tester role at Australian Energy Market Operator (AEMO)

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

This is a 12 Month Fixed Term Contract (FTC) position based in Mel/Syd/Brisbane/Adelaide/Perth.

AEMO at the Heart of Energy

We are the Australian Energy Market Operator (AEMO), committed to designing and operating a sustainable energy system that delivers safe, reliable, and affordable electricity and gas. Our mission includes facilitating the transition to a net-zero energy system by 2050, working collaboratively with industry partners to achieve 100% renewable generation capability by 2025. We have the once-in-a-lifetime opportunity to co-design the future of our energy systems, and our core values revolve around Character, Commitment, and Connection.

Join us, as we contribute to this significant mission in the energy sector

About The Team & The Position

AEMO is a recognised leader and exemplar of effective cyber security within the energy sector domestically and internationally.

As the Senior Security Analyst - Cyber Testing and Assurance, you will work with peers in cyber security, digital and across the broader business to scope, plan and execute penetration testing independently and/or in collaboration with external vendors, report and monitor the test findings with remediation teams and advice the remediation actions.

This role plays an important part in delivering secure future energy and market systems that will be delivered under a range of energy sector initiatives. Success in this role requires outstanding communication skills as well as extensive experience with and knowledge of contemporary adversary tradecraft, defensible architecture principles and control and maturity frameworks

Position Responsibilities

Assist and coordinate with the design, development, delivery and sustainment of a robust and comprehensive cyber assessment and testing capability.
Select appropriate testing approach using in-depth technical analysis of risks and typical vulnerabilities.
Produce test scripts, materials and test packs and tests new and existing networks, systems, or applications to identify vulnerabilities and non-conformance with standards and patterns. Provides advice on penetration testing to support others.
Work with project teams, security/solution architect, application owners to develop penetration test scope that include relevant threat scenarios.
Plan and drive penetration testing within a defined area of business activity. - Record and analyse actions and results and modify tests if necessary.
Identify needs and implement new approaches for penetration testing. Contribute to security testing standards.

You will apply your advanced cyber assurance and cyber risks skills to:

Interpret information assurance and security policies and applies these to manage risks.
Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards, and guidelines.
Plan, organise, and conduct information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain.
Undertake basic risk management activities. - Maintain documentation of risks, threats, vulnerabilities, and mitigation actions

Position Requirements

Skills & Experience:

Good experience in a technical cyber security testing and assurance function preferably with critical infrastructure in the Energy Sector.Detailed understanding of contemporary adversary tradecraft, effective controls, and models for adversary emulation (including Mitre ATT&CK)Demonstrated experience in successfully working with external vendors to perform the penetration testing.Problem Solving: Within clear organisational policies and business/professional principles jobholder applies analytical thinking to diverse problems. Diagnoses and develops solutions and may carry these through to implementation.Demonstrated experience in the application of security control and maturity frameworks such as ISM, NIST-CSF, AESCSF, CIS 18 / NIST 800-53, NIST 800-82Demonstrated technical knowledge of a broad range of IT and security technologies, including:

Identity and Access Management
Contemporary endpoint detection and response, vulnerability detection and management.
Next generation web proxies, email gateways and firewalls.
TCP/IP, Network Switches and Routers Network Firewalls and WAF's, Active Directory, Microsoft Servers, Linux Servers, VMware Servers, Web Servers, Database Servers, Messaging Systems, IAM systems, PKI, Encryption.
SIEM, Security Log Analysis, Microsoft Sentinel, Incident Response Tooling, Forensic Tooling, Virtual security analysis environments.
Microsoft Azure and Microsoft defender security capabilities, tooling, and practices.
The position has a national focus and may require interstate travel and the ability to work flexible hours.

Must be an Australian citizen with the ability to attain and maintain an appropriate level of national security clearance.

Education/ Professional Certifications

Tertiary qualifications in computer science or technology-related field, or equivalent work or education-related experience
OSCP or other relevant certifications desirable. Relevant industry certifications will be viewed favourably.

Benefits

In return some of our benefits to you

Flexible working: work from home, part time, job share, hybrid options, and additional leave options
Professional development via projects, industry networks, job rotation, study assistance and more.
Give back with up to 4 days of volunteering leave per year.
Embrace a healthier you with our wellness program, discounted health insurance, gym perks and our comprehensive Employee Assistance Program (EAP).

About Our Process

AEMO values diversity and inclusivity in the workplace, welcoming applications from all backgrounds without regard to age, disability, gender, sexual orientation, parental status, race, or religion.

If you would like to know more about working at AEMO , please check out our careers page for more information.Seniority level

Seniority levelMid-Senior level

Employment type

Employment typeFull-time

Job function

Job functionInformation Technology
IndustriesUtilities

Referrals increase your chances of interviewing at Australian Energy Market Operator (AEMO) by 2x

Continue with Google Continue with Google

Sydney, New South Wales, Australia 2 weeks ago

Bankstown, New South Wales, Australia 1 week ago

Sydney, New South Wales, Australia A$140,000 - A$180,000 4 weeks ago

Sydney, New South Wales, Australia 2 weeks ago

Bankstown, New South Wales, Australia 1 week ago

Offensive Security Consultant | Penetration Tester (Junior)

Sydney, New South Wales, Australia 2 weeks ago

Sydney, New South Wales, Australia 51 minutes ago

Security Engineer - Red Team (Open to remote across ANZ)