Vulnerability Assessor (PROJ-4635)

Key duties and responsibilities

• Perform forensically sound security investigations on a wide array of assets and devices that directly relate to security infrastructure; in accordance with established procedures. 
• Conduct investigations which may be as the result of a security incident or by direction of senior leadership. 
• Assess and explain threat profiles of a variety of electronic devices.
• Communicate and provide advice and guidance on strategies to improve ASD ICT security and mitigate risk of devices compromising that security. 
• Interpret and comply with relevant policy governing ICT security in ASD; both internal and whole of government, including legislation that underpins digital security and online privacy. 
• Evaluate and assist with the application and compliance of security controls and review information systems for actual or potential security vulnerabilities. 
• Use appropriate system design methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches and ensure they are applied effectively. 
• Design, code, verify, test, document, amend and refactor complex programs/scripts as required. 

Technical skills

• Certification in CREST Registered Penetration Tester or CREST Registered Threat Intelligence Analyst desirable.

Essential criteria

• Demonstrated experience in undertaking threat intelligence/modelling tasks or threat assessments.
• Experience undertaking penetration testing and providing insights into vulnerabilities, effectiveness of defences and mitigating controls.
• Experience in the creation and maintenance of executive and/or business reporting relating to threat assessment analysis and mitigation strategies.