Principal Cyber Security Pen Tester, Strategy Cybersecurity

Work Type: Ongoing - Full-time

Salary: $138,631 - $185,518

Grade: VPS 6

Occupation: IT and telecommunications

Location: Melbourne - CBD and Inner Metro suburbs

Reference: VG/DH/EHEALTH/760076

The Department of Health plays a critical role in the Victorian health system and is responsible for shaping it to meet the health needs of all Victorians. We're focused on

supporting Victorians to be as healthy as they can; whether through alerting them to seasonal risks like thunderstorm asthma, notifying them of contact with

communicable diseases, safeguarding their drinking water, developing the best health, wellbeing and care facilities in the world, being at the forefront of mental health and

wellbeing treatment or accelerating medical research. It's all part of the way we partner with the community to help every individual lead a healthy life.

About the role:

The Principal Cyber Security – Penetration Testing role will be responsible for conducting penetration testing and vulnerability assessments, in collaboration with the Manager, Enterprise Cybersecurity Operations. The role will lead the development and management of penetration testing and vulnerability assessment activities, including the production of cyber security risk reports with findings and recommendations.

The role will assist in the implementation of technical risk treatments, regularly review penetration testing tools and services, and update vulnerability configurations. This includes developing new vulnerability assessment schedules as required. The role will also support the implementation of security controls and coordinate their deployment across a range of predominantly cloud-based platforms and environments.

Additionally, the role will be responsible for performing information security risk assessments, conducting gap analyses, and coordinating security remediation activities across the department.

About us:

At the Victorian Department of Health we want a future where Victorians are the healthiest people in the world. A Victoria where our children and people thrive, our workplaces are productive and safe, and our communities are more connected.

We see it as our job to support Victorians to stay healthy and safe. And to deliver a world-class healthcare system that ensures every single Victorian can access safe, quality care that leads to better health outcomes for all.

About you:

Do you have experience in?

• Conduct penetration testing and vulnerability assessments in collaboration with the Manager, Enterprise Cybersecurity Operations.
• Lead the development and ongoing management of penetration testing and vulnerability assessment activities.
• Prepares technical reports at an authoritative level
• Develops briefs on highly complex issues that provide options for decision within an organisation
• Initiates and manages negotiations with peers (internal and external to work unit) to gain commitment to projects, and delivery of activities to meet timelines
• Proficiency with industry-standard penetration testing and vulnerability assessment tools (e.g., Burp Suite, Metasploit, Nessus, Nmap, Kali Linux).

Qualifications / Specialist Expertise

Qualifications

• A tertiary qualification relevant to ICT, Information Security, or similar would be highly advantageous.

Specialist Expertise

• Proven experience in penetration testing, ethical hacking, and vulnerability assessments across complex and cloud-based environments.
• Demonstrated experience in cyber security risk analysis and reporting, including development of mitigation recommendations.
• Proficiency with industry-standard penetration testing and vulnerability assessment tools (e.g., Burp Suite, Metasploit, Nessus, Nmap, Kali Linux).
• Strong understanding of cloud security (Microsoft Azure, AWS), secure coding practices, and system hardening techniques.
• Familiarity with regulatory standards and frameworks such as ISO 27001, NIST, OWASP Top 10, ASD ISM (Information Security Manual), and the Essential Eight.
• Experience coordinating remediation efforts and advising on technical risk treatments across multiple teams or departments

• Additionally completed following certifications

• CEH – Certified Ethical Hacker and/or

• OSCP – Offensive Security Certified Professional

What we offer:

• The opportunity to per form meaningful work, making direct contributions toward enabling Victorians to be the healthiest people in the world.
• A wide range of growth and development opportunities within the department and wider Victorian Public Service & Sector.
• A strong commitment to work-life balance, including a diverse array of flexible working arrangements.

How to apply:

Applications should include a resume and a cover letter. Click the 'Apply' button to view further information about the role including key contact details and the advertisement closing date.

We are committed to developing and supporting a workforce that is well equipped and highly motivated to provide responsive and quality services to all Victorians. We continue to build an inclusive workplace that embraces diversity of backgrounds and differences to realise the potential of our employees for innovation and delivering services aimed at enhancing the lives of all Victorians. All roles can be worked flexibly and we encourage applications from Aboriginal people, people with disability, LGBTIQ+ and people from culturally diverse backgrounds. Please contact us if you require any adjustments to participate in the recruitment process at For more information on our commitment to inclusion and diversity see inclusion and diversity at the Department of Health.

If you have any queries in relation to recruitment processes at Health, or experience any issues in applying, please feel free to email Please note that unsolicited applications will not be replied to. If you have questions regarding the role specifically, we would advise you to reach out to the contact listed on the advertisement directly.

Preferred applicants may be required to complete a police check and other pre-employment checks. Information provided will be treated in the strictest confidence in line with our Privacy Policy.

Applications close Thursday 18 September 2025 at 11.59pm

Posted

4 September 2025