2 Lead Penetration Testers / Senior Security ConsultantsCanberra, Australia | Posted on 10/06/2025Security Clearance: Australian Citizen with Minimum NV1 clearanceMaximum hours: 7 hours per daySecurity clearance: Must be able to obtain Negative Vetting Level 1Penetration Testers analyze IT systems to determine configuration weaknesses and faults that could impact security and business, then produce reports detailing findings and recommendations for improved network security.Key duties and responsibilities: As part of our ongoing security assurance efforts, and in alignment with Australian Government cybersecurity standards, we seek external penetration testing services for a cloud-hosted web application deployed within Microsoft Azure infrastructure. The assessment will cover both UAT and Production environments, focusing on identifying vulnerabilities across the external attack surface, including both unauthenticated and authenticated access vectors. The testing should specifically assess web-layer exposures and associated backend services, including Azure App Service, Azure SQL Database, Azure Key Vault, private endpoints, and Azure Storage Accounts. No API testing is required, but the application includes third-party integrations such as Chatpa code embedded within a web form, which should be included in the assessment scope.You must provide a one-page pitch addressing all criteria specified. This should be up to 5000 characters.RequirementsPenetration testing: Level 5 (SFIA). Plans and drives penetration testing within a defined area of business activity. Delivers objective insights into vulnerabilities, defenses, and mitigating controls. Responsible for the integrity of testing activities and coordinates their execution. Provides authoritative advice on all aspects of penetration testing. Identifies needs and implements new approaches. Contributes to security testing standards.Penetration Testing and Simulated Attack Exercises: Level 5 (CIISEC). Uses commercial and bespoke tools to conduct complex penetration testing without close supervision and/or leads teams undertaking such tests. Conducts penetration exploits as part of simulated attack exercises under direction. Relevant certifications include CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications), or equivalents.
#J-18808-Ljbffr