The Role

Assessment and Authorisation section is expanding and seeking to fill multiple positions across ICT Cybersecurity Assessor roles. The section is looking to recruit people with experience or passion to learn security threat modelling, security risk assessments and mitigations.

Examples of the types of things you will do are:

• Perform threat modelling and assessments of highly sensitive and critical systems.
• Conduct ICT risk assessments by utilising frameworks such as ASD information security manual (ISM) and Essential Eight
• Undertake site visits to assess and validate control implementation against documented controls.
• Consult internal teams to validate security posture of specific products and systems, and suitability of alternative controls.
• Develop reports that support senior executives, highlighting key findings of ICT risk assessments and proposed mitigations.
• Respond to inquiries from stakeholders by liaising with ASD teams and subject matter experts.
• Deliver regular reports regarding assessment activities.

ASD 4 ICT Cybersecurity Assessor:

• With supervision, perform assigned modular tasks and respond to inquiries from stakeholders.
• Proactively report and escalate any issues with ongoing assessments.
• Develop knowledge of cyber security frameworks and technologies.
• Actively engage in ongoing self-improvement and professional development.

ASD 5 ICT Cybersecurity Assessor:

• With limited supervision, deliver assigned broader tasks and provide guidance to stakeholders.
• Actively liaise with key stakeholders to identify relevant expectations and concerns.
• Develop a sound understanding of cyber security frameworks and technologies.
• Proactively identify training needs and engage in ongoing self-improvement and professional development

ASD 6 ICT Cybersecurity Assessor:

• Take responsibility for end-to-end delivery of assigned projects, by coordinating with internal and external stakeholders.
• Build, extend and sustain positive relationships with key stakeholders and interdisciplinary ASD teams.
• Identify process improvement opportunities and take initiatives to drive change within the team.
• Function as a subject matter expert in one or more security domains, and continue to engage in ongoing self-improvement and professional development.

ASD’s Mitigation Evaluation and Governance is responsible for:

• Providing expert support, advice and assistance to government agencies, the ADF and Defence major capability programs when implementing new or existing HA solutions into the secure communications environment as part of the ASD’s HA evaluations program.
• Providing certification duties to ensure CC evaluations are completed in accordance with the international CC standard and ASD’s policies and processes and to participate in the development of standards to uplift security in ICT products.

ASD 4/5 ICT Information Security Technologist:

• Under supervision, perform assigned technical tasks such as technical evaluation of products.
• Contribute to threat modelling and risk evaluation activities.
• Develop knowledge of cyber security frameworks and technologies.
• Actively engage in ongoing self-improvement and professional development.

ASD 6 ICT Information Security Technologist:

• Take responsibility for delivering in-depth technical evaluation of products, by coordinating with internal and external stakeholders.
• Prepare advice to inform and harden products, based on results of in-depth technical evaluations.
• Identify products/technologies for in-depth evaluation based on the section’s priorities to delivery advice.
• Supervise guide junior staff and commit to their and own ongoing self-improvement and professional development.

About our Team

This information pack details information on two position titles at ASD’s Assessment and Authorisation (AA) and Mitigation Evaluation and Governance (MEG) Sections.

ASD’s AA section conducts assurance activities of classified systems to support authorised operation of such systems as defined in the Protective Security Policy Framework (PSPF). In performing these assurance activities, we conduct threat modelling, risk assessments and provide guidance on various security topics to our stakeholders, leading to authorisations of these systems.

ASD’s MEG section provides technical advice and evaluations in relation to the use of High Assurance (HA) products and Common Criteria (CC) standards.

ASD’s AA and MEG teams play a significant role in allowing our stakeholders to operate classified systems in a secure manner. It is a multidisciplinary team with diverse skills, background and experience, comprised of people who have joined from industry and government. The team values collaboration, knowledge sharing, creativity in thinking and perseverance. All team members are supported in ongoing professional development, training and provided opportunities to develop skillsets to keep pace with evolving priorities and technological advancements. Successful applicants may also have opportunities to travel. The team culture supports flexible work practices so that people can balance their work and what is important to them outside of work.

Our Ideal Candidate

We are looking for candidates who either are or have the potential to be ICT Risk and Compliance Assessors and or Information Security Technologist.

This includes candidates with experience in any of the following areas:

• ICT governance, risk and compliance (GRC)
• ICT auditing and consulting – e.g. Essential Eight, ISM and NIST
• ICT and security strategy and operations
• Enterprise risk management
• System Administration
• Telecommunications
• Networking

The most important characteristics you will display are:

• Perseverance and resilience in the face of difficult problems.
• The drive to continuously learn (from others and independently).
• Desire to work collaboratively and conscientiously with the team.

ASD is seeking applicants to fill current and anticipated vacancies and to create a merit pool for future vacancies. In line with the Australian Public Service Commissioner’s Direction 2022, upon completion of the recruitment activity, the merit pool will be available to locations across Australia.

Application Closing Date: Sunday 12 October, 2025

For further information please review the job information pack, reference ASD/07825/25 on Careers | Australian Signals Directorate.