Lead Vulnerability Assessor (PROJ-4629)
Job Description
Remote is seeking Lead Vulnerability Assessors to join the team in the Australian Signals Directorate (ASD). The role will lead and conduct forensically sound, complex security investigations across a wide range of assets and devices supporting ASD security infrastructure, responding to security incidents or at the direction of senior leadership. It involves assessing and explaining advanced threat profiles, identifying vulnerabilities and control gaps, and providing authoritative advice to improve ICT security and reduce risk. The Lead Vulnerability Assessor will also contribute to secure system design and assurance activities, including risk-based reviews of system designs, and may develop or refine scripts and tooling to support investigation, testing and remediation outcomes. (LH-05303)
Role Description
Key duties and responsibilities
- Lead and perform forensically sound very complex security investigations on a wide array of assets and devices that directly relate to security infrastructure; in accordance with established procedures.
- Accountable to conduct investigations which may be as the result of a security incident or by direction of senior leadership.
- Assess and explain very complex threat profiles of a variety of electronic devices.
- Lead analytical processes to identify and recommend actions to maintain and improve the integrity of ICT infrastructure.
- Communicate and provide authoritative advice and guidance on strategies to improve ASD ICT security and mitigate risk of devices compromising that security.
- Interpret and comply with relevant policy governing ICT security in ASD; both internal and whole of government, including legislation that underpins digital security and online privacy.
- Evaluate and assist with the application and compliance of security controls and review information systems for actual or potential security vulnerabilities.
- Adapt and adapt appropriate system design methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches and ensure they are applied effectively.
- Review and make recommendations and assess and manage associated risks of others' systems designs to ensure selection of appropriate technology; efficient use of resources; and integration of multiple systems and technology.
- Design, code, verify, test, document, amend and refactor complex programs/scripts as required.
Essential criteria
- Demonstrated experience in undertaking complex threat intelligence/modelling tasks or threat assessments.
- Experience undertaking penetration testing and providing insights into vulnerabilities, effectiveness of defences and mitigating controls.
- Experience with impact analysis on systems designs, including the evaluation of software, to ensure adherence to standards.
- Experience in the creation and maintenance of executive and/or business reporting relating to threat assessment analysis and mitigation strategies.