Why this role exists
We support energy and critical infrastructure organisations addressing cybersecurity risk across operational and regulated environments.
We're looking for a senior cybersecurity consulting lead to own high-impact
consulting engagements across Australia and internationally, guiding customers through assessment, design, and implementation of cyber defenses for energy assets.
This is a hands-on senior role with autonomy, influence, and exposure to complex, real-world environments.
What you'll do
In this role, you will:
* Manage a small team of consultants, deliver strategy and regulatory advisory exercises, develop threat modelling and risk management plans, oversee red team/pen test exercises, and advise executives and engineering leaders on risk, resilience, and regulatory alignment. Expect a practical mix of OT/ICS and cloud security, threat detection, and incident response.
* Play a key role as a subject matter expert and solution engineer for the product business, helping to shape the use cases and supporting capabilities that are important to our customers.
* Lead engagements end-to-end by scoping, planning, and delivering security architecture risk assessments, roadmaps, and remediation programs; own client outcomes and stakeholder communication.
* Perform GRC reviews against a range of control frameworks, with AES-CSF and IEC 62443 experience beneficial.
* Design segmented OT networks, secure remote access, identity & access controls (including privileged access), monitoring & logging, and zero-trust patterns bridging IT/Cloud and OT.
* Guide secure patterns on AWS/Azure/GCP (landing zones, IAM, network controls, key/cert management, vulnerability management, container/Kubernetes, data protection).
* Build and review attacker-centric threat models for wind/solar/storage sites, substations, SCADA/DCS/PLC environments; map detections and use-cases for SIEM/XDR/OT detection platforms and tune alert quality.
* Develop IR runbooks and playbooks, conduct tabletops and purple-team drills, coordinate with SOC/MSSP partners.
* Plan/supervise pen tests and red/purple team exercises, ensure safe operations in live OT, translate findings into actionable remediation.
* Mentor consultants, set quality bars, perform reviews, and support hiring/onboarding.
* Produce concise guidance, patterns, client briefs, and present at industry forums and feed product feedback to CAPA engineering.
Must-have experience
* 10+ years in cybersecurity, with 5+ years focused on OT/ICS in energy, utilities, or critical infrastructure.
* Strong consulting fundamentals, including executive-level communication, structured problem solving, polished written communication across executive briefs, client reports, and SOW/proposal development, and effective stakeholder and expectation management.
* Experience supervising penetration testing and red/purple team activities, and translating offensive findings into prioritised, risk-based remediation.
* Experience leading small consulting teams, including managing delivery workload and forecasting.
Nice to have
* Experience in advisory around GRC (Governance, Risk and
Compliance), strategy and regulation, standards and cybersecurity controls frameworks
* Deep technical exposure across IT/OT security domains (detection, threat intelligence, forensics, incident response)
Why join us
* High trust environment with clear decision making
* Interesting and complex client problems across energy and critical infrastructure
* Competitive salary and bonus framework
How to apply
Apply via LinkedIn or reach out with a brief summary of your background.