About the role:

The Principal Cyber Security - Penetration Testing role will be responsible for conducting penetration testing and vulnerability assessments, in collaboration with the Manager, Enterprise Cybersecurity Operations. The role will lead the development and management of penetration testing and vulnerability assessment activities, including the production of cyber security risk reports with findings and recommendations.

The role will assist in the implementation of technical risk treatments, regularly review penetration testing tools and services, and update vulnerability configurations. This includes developing new vulnerability assessment schedules as required. The role will also support the implementation of security controls and coordinate their deployment across a range of predominantly cloud-based platforms and environments.

Additionally, the role will be responsible for performing information security risk assessments, conducting gap analyses, and coordinating security remediation activities across the department.

About us:

At the Victorian Department of Health we want a future where Victorians are the healthiest people in the world. A Victoria where our children and people thrive, our workplaces are productive and safe, and our communities are more connected.

We see it as our job to support Victorians to stay healthy and safe. And to deliver a world-class healthcare system that ensures every single Victorian can access safe, quality care that leads to better health outcomes for all.

About you:

Do you have experience in?

• Conduct penetration testing and vulnerability assessments in collaboration with the Manager, Enterprise Cybersecurity Operations.
• Lead the development and ongoing management of penetration testing and vulnerability assessment activities.
• Prepares technical reports at an authoritative level
• Develops briefs on highly complex issues that provide options for decision within an organisation
• Initiates and manages negotiations with peers (internal and external to work unit) to gain commitment to projects, and delivery of activities to meet timelines
• Proficiency with industry-standard penetration testing and vulnerability assessment tools (e.g., Burp Suite, Metasploit, Nessus, Nmap, Kali Linux).

Qualifications / Specialist Expertise

Qualifications

• A tertiary qualification relevant to ICT, Information Security, or similar would be highly advantageous.

Specialist Expertise

Additionally completed following certifications

• CEH - Certified Ethical Hacker and/or
• OSCP - Offensive Security Certified Professional

• Proven experience in penetration testing, ethical hacking, and vulnerability assessments across complex and cloud-based environments.
• Demonstrated experience in cyber security risk analysis and reporting, including development of mitigation recommendations.
• Proficiency with industry-standard penetration testing and vulnerability assessment tools (e.g., Burp Suite, Metasploit, Nessus, Nmap, Kali Linux).
• Strong understanding of cloud security (Microsoft Azure, AWS), secure coding practices, and system hardening techniques.
• Familiarity with regulatory standards and frameworks such as ISO 27001, NIST, OWASP Top 10, ASD ISM (Information Security Manual), and the Essential Eight.
• Experience coordinating remediation efforts and advising on technical risk treatments across multiple teams or departments

What we offer:

• The opportunity to perform meaningful work, making direct contributions toward enabling Victorians to be the healthiest people in the world.
• A wide range of growth and development opportunities within the department and wider Victorian Public Service & Sector.
• A strong commitment to work-life balance, including a diverse array of flexible working arrangements.

How to apply:

Applications should include a resume and a cover letter. Click the ‘Apply' button to view further information about the role including key contact details and the advertisement closing date.

We are committed to developing and supporting a workforce that is well equipped and highly motivated to provide responsive and quality services to all Victorians. We continue to build an inclusive workplace that embraces diversity of backgrounds and differences to realise the potential of our employees for innovation and delivering services aimed at enhancing the lives of all Victorians. All roles can be worked flexibly and we encourage applications from Aboriginal people, people with disability, LGBTIQ+ and people from culturally diverse backgrounds. Please contact us if you require any adjustments to participate in the recruitment process at [email protected]. For more information on our commitment to inclusion and diversity see inclusion and diversity at the Department of Health.

If you have any queries in relation to recruitment processes at Health, or experience any issues in applying, please feel free to email [email protected]. Please note that unsolicited applications will not be replied to. If you have questions regarding the role specifically, we would advise you to reach out to the contact listed on the advertisement directly.

Preferred applicants may be required to complete a police check and other pre-employment checks. Information provided will be treated in the strictest confidence in line with our Privacy Policy.