Job Description - Principal Network Security Engineer (0000BAAG)
Principal Network Security Engineer - 0000BAAG
* Ongoing Full-time
The NSW Police Force (NSWPF) is one of the largest police forces in the western world, with more than 20,000 employees, including more than 4,000 administrative employees who support the sworn officers that provide the range of law and order services 24 hours a day, seven days a week to the diverse community of NSW.
About the role
We have an opportunity for a Principal Network Security Engineer to be part of our Network and Security Platform Services, Technology and Communication Services Command. The role provides strategic leadership and expert guidance in the design and delivery of secure, resilient technology network solutions that safeguard critical policing systems and sensitive information, ensuring network security is embedded into enterprise architecture and digital transformation initiatives, enabling NSWPF to uphold operational integrity, protect public trust, and deliver secure, modern policing services in a dynamic threat landscape.
The Network and Security Platform Services Directorate manage and maintain the overarching connectivity and security requirements for over 550 NSWPF sites.
They are responsible for the connection of users and devices to NSWPF systems, the delivery of data across the entirety of the NSWPF Network, the network management of boundaries, security and dataflow control, NSWPF Telecommunication Services, and the control interoperability and connectivity between NSWPF applications, external services and devices.
The Principal Network Security Engineer is responsible for:
* Design and enforce secure data-in-transit controls (TLS, IPsec, VPNs) across enterprise networks.
* Maintain secure network protocols and firewall policies, eliminating weak ciphers and legacy standards.
* Configure and manage Cisco and Check Point firewalls to enforce segmentation, secure communication, and threat prevention.
* Monitor and respond to transport-layer threats (e.g., MITM, TLS downgrade attacks).
* Integrate firewall and network controls with Zero Trust and identity based access models.
* Support incident response and troubleshooting for connectivity, encryption, and firewall-related issues.
* Lead the design, implementation, and governance of enterprise PAM, HSM, KMS, and cloud security controls, aligned to Zero Trust and least-privilege principles.
* Manage privileged access lifecycle (credential vaulting, session monitoring, just-in-time access) across on-prem and cloud environments.
* Own cryptographic key management, including secure key generation, storage (HSM/KMS), rotation, revocation, and destruction.
* Define and enforce enterprise encryption standards for data at rest, in transit, and in use across networks, applications, and cloud platforms.
* Provide architecture leadership and design assurance for secure network and cloud solutions, integrating with identity, PKI, and native cloud security services.
* Ensure compliance with security frameworks and regulatory requirements (ISO 27001, NIST, ASD Essential Eight), supporting audits and risk management.
* Provide operational ownership of security platforms ensuring high availability, resilience, and performance.
* Align with ITIL processes, including:
o Incident Management: Lead response and resolution of security incidents.
o Problem Management: Perform root cause analysis and implement long-term fixes.
o Change Management: Govern and approve secure changes.
o Service Request Management: Oversee controlled provisioning of transport security services.
* Maintain documentation, operational runbooks, standards, and procedures for security platforms.
* Support 24x7 critical incident response and ensure service continuity and disaster recovery readiness.
What we can offer you
* flexible work options
* opportunity to purchase leave
* annual leave loading
* corporate wellbeing programs including seminars and the Fitness Passport
* salary packaging options via superannuation contributions or a novated vehicle lease
* convenient location for public transport and to shops
* in-house gym facilities
Location
Sydney Region - Sydney - Greater West
Work Type
Full-time
Number of Positions
1
Total Remuneration Package: $196,275 pa. Package includes salary from $165,865 to $173,174 plus employer's contribution to superannuation of 12% and annual leave loading.
Closing Date
31-May-2026, 1:59:00 PM
Job Category
Information and communications technology
We pay respect to the Traditional Custodians and First Peoples of NSW, and acknowledge their continued connection to their country and culture.
We welcome applications from individuals with diverse skills, experiences, and backgrounds.
#J-18808-Ljbffr