Principal Cyber Security Pen Tester, Strategy Cybersecurity

**About the role**:
The Principal Cyber Security - Penetration Testing role will be responsible for conducting penetration testing and vulnerability assessments, in collaboration with the Manager, Enterprise Cybersecurity Operations. The role will lead the development and management of penetration testing and vulnerability assessment activities, including the production of cyber security risk reports with findings and recommendations.

The role will assist in the implementation of technical risk treatments, regularly review penetration testing tools and services, and update vulnerability configurations. This includes developing new vulnerability assessment schedules as required. The role will also support the implementation of security controls and coordinate their deployment across a range of predominantly cloud-based platforms and environments.

Additionally, the role will be responsible for performing information security risk assessments, conducting gap analyses, and coordinating security remediation activities across the department.

**About us**:
At the Victorian Department of Health we want a future where Victorians are the healthiest people in the world. A Victoria where our children and people thrive, our workplaces are productive and safe, and our communities are more connected.

We see it as our job to support Victorians to stay healthy and safe. And to deliver a world-class healthcare system that ensures every single Victorian can access safe, quality care that leads to better health outcomes for all.

**About you**:
**Do you have experience in?**
- Conduct penetration testing and vulnerability assessments in collaboration with the Manager, Enterprise Cybersecurity Operations.
- Lead the development and ongoing management of penetration testing and vulnerability assessment activities.
- Prepares technical reports at an authoritative level
- Develops briefs on highly complex issues that provide options for decision within an organisation
- Initiates and manages negotiations with peers (internal and external to work unit) to gain commitment to projects, and delivery of activities to meet timelines
- Proficiency with industry-standard penetration testing and vulnerability assessment tools (e.g., Burp Suite, Metasploit, Nessus, Nmap, Kali Linux).

**Qualifications / Specialist Expertise**

**Qualifications**
- A tertiary qualification relevant to ICT, Information Security, or similar would be highly advantageous.

**Specialist Expertise**
- Proven experience in penetration testing, ethical hacking, and vulnerability assessments across complex and cloud-based environments.
- Demonstrated experience in cyber security risk analysis and reporting, including development of mitigation recommendations.
- Proficiency with industry-standard penetration testing and vulnerability assessment tools (e.g., Burp Suite, Metasploit, Nessus, Nmap, Kali Linux).
- Strong understanding of cloud security (Microsoft Azure, AWS), secure coding practices, and system hardening techniques.
- Familiarity with regulatory standards and frameworks such as ISO 27001, NIST, OWASP Top 10, ASD ISM (Information Security Manual), and the Essential Eight.
- Experience coordinating remediation efforts and advising on technical risk treatments across multiple teams or departments
- Additionally completed following certifications
- **CEH** - Certified Ethical Hacker and/or
- **OSCP** - Offensive Security Certified Professional

**What we offer**:

- The opportunity to perform meaningful work, making direct contributions toward enabling Victorians to be the healthiest people in the world.
- A wide range of growth and development opportunities within the department and wider Victorian Public Service & Sector.
- A strong commitment to work-life balance, including a diverse array of flexible working arrangements.

**How to apply**:
Applications should include a resume and a cover letter. Click the 'Apply' button to view further information about the role including key contact details and the advertisement closing date.

Preferred applicants may be required to complete a police check and other pre-employment checks. Information provided will be treated in the strictest confidence in line with our Privacy Policy.