This is a 12 Month Fixed Term Contract (FTC) position based in Mel/Syd/Brisbane/Adelaide/Perth.
AEMO at the Heart of Energy
We are the Australian Energy Market Operator (AEMO), committed to designing and operating a sustainable energy system that delivers safe, reliable, and affordable electricity and gas. Our mission includes facilitating the transition to a net-zero energy system by 2050, working collaboratively with industry partners to achieve 100% renewable generation capability by 2025. We have the once-in-a-lifetime opportunity to co-design the future of our energy systems, and our core values revolve around Character, Commitment, and Connection.
Join us, as we contribute to this significant mission in the energy sector!
About the Team & the Position
As the nation's energy market operator, AEMO is a recognised leader and exemplar of effective cyber security within the energy sector domestically and internationally. AEMO is prepared for and resilient to foreseeable cyber threats.
As the Senior Cyber Testing and Assurance, you will work with peers in cyber security, digital and across the broader business to scope, plan and execute penetration testing independently and/or in collaboration with external vendors, report and monitor the test findings with remediation teams and advice the remediation actions.
This role plays an important part in delivering secure future energy and market systems that will be delivered under a range of energy sector initiatives. Success in this role requires outstanding communication skills as well as experience with and knowledge of contemporary adversary tradecraft, defensible architecture principles and control and maturity frameworks.
Position Responsibilities
* Work with project teams, security/solution architect, application owners to develop penetration test scope that include relevant threat scenarios.
* Plan and drive penetration testing within a defined area of business activity.
* Record and analyse actions and results and modify tests if necessary. Provide reports on progress, anomalies, risks, and issues associated with the overall project.
* Deliver objective insights into the existence of vulnerabilities, the effectiveness of defences and mitigating controls.
* Identify needs and implement new approaches for penetration testing. Contribute to security testing standards.
* Develop and maintain a program of periodic pen testing activity for critical business applications and infrastructure.
* Create testing calendar for already deployed systems and execute testing calendar.
* You will apply your advanced cyber assurance and cyber risks skills to:
o Interpret information assurance and security policies and applies these to manage risks.
o Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards, and guidelines.
o Plan, organise, and conduct information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain.
o Contribute to the development of policies, standards, and guidelines related to cyber testing and assurance.
o Maintain documentation of risks, threats, vulnerabilities, and mitigation actions.
Position Requirements
Skills & Experience:
* Detailed understanding of contemporary adversary tradecraft, effective controls, and models for adversary emulation (including Mitre ATT&CK)
* Demonstrated experience in successfully working with external vendors to perform the penetration testing. Knowledge of technological trends and developments in information security and risk management.
* Demonstrated experience in the application of security control and maturity frameworks such as ISM, NIST-CSF, AESCSF, CIS 18 / NIST800-53, NIST 800-82
* Demonstrated technical knowledge of a broad range of IT and security technologies, including:
o Identity and Access Management
o Contemporary endpoint detection and response, vulnerability detection and management.
o Next generation web proxies, email gateways and firewalls.
o TCP/IP, Network Switches and Routers Network Firewalls and WAF's, Active Directory, Microsoft Servers, Linux Servers, VMware --Servers, --Web Servers, Database Servers, Messaging Systems, IAM systems, PKI, Encryption.
o SIEM, Security Log Analysis, Microsoft Sentinel, Incident Response Tooling, Forensic Tooling, Virtual security analysis environments.
o Microsoft Azure and Microsoft defender security capabilities, tooling, and practices.
* The position has a national focus and may require interstate travel and the ability to work flexible hours. Relevant industry certifications will be viewed favourably.
* Good experience in a technical cyber security testing and assurance function preferably with critical infrastructure in the Energy Sector
Education/ professional Certifications:
* Tertiary qualifications in computer science or technology-related field, or equivalent work or education-related experience.
* OSCP or other relevant certifications desirable.
In return some of our benefits to you
* Flexible working: work from home, part time, job share, hybrid options, and additional leave options
* Professional development via projects, industry networks, job rotation, study assistance and more.
* Give back with up to 4 days of volunteering leave per year.
* Embrace a healthier you with our wellness program, discounted health insurance, gym perks and our comprehensive Employee Assistance Program (EAP).
About Our Process
AEMO values diversity and inclusivity in the workplace, welcoming applications from all backgrounds without regard to age, disability, gender, sexual orientation, parental status, race, or religion.
If you would like to know more about working at AEMO, please check out our careers page for more information.