Vulnerability Assessor

Job Description

Vulnerability Assessor RFQ ID: LH-01646 ASD 2025 Due to the nature of clients we work with here at Kinexus and the projects these roles will be based on, an Australian Government Top Secret Positive Vetting (TSPV) clearance is essential.These opportunities do not have the ability to obtain sponsorship for a security clearance (including applicants who currently hold a security clearance seeking to upgrade). ABOUT THIS ROLE Vulnerability Assessors identify, assess and prioritise threat vulnerabilities identified through penetration testing and report findings to improve security architecture and enhance risk awareness.Candidates require an AGSVA TSPV to perform the role. ASD will not sponsor candidates to upgrade their security clearances. Candidates must be willing to undergo ASD's Organisational Suitability Assessment (OSA) prior to engagement. The OSA requires a psychological assessment, which involves a questionnaire and an interview. Before submitting an application for this role, the candidate should consider their preparedness for questions that may include the following topics: personal relationships, living circumstances, personal values, financial situation, physical and mental health history including substance use, and any civil and/or military record.The commencement date is dependent on the successful candidate having a successful outcome to the OSA. The estimated commencement date listed here on BuyICT is 30 May 2025, however is dependant on the time it takes for the OSA outcome. Estimated start date: Friday, 30 May 2025 Initial contract duration: 12 months Extension term: 12 months Number of extensions: 2 Experience level: Lead - EL1 equivalent Location of work: ACT Working arrangements: Onsite. Onsite 5 days a week. Maximum hours: 40 hours per week Security clearance: Must be able to obtain Positive Vetting ABOUT THE COMPANY Australian Signals Directorate (ASD) is the federal agency responsible for foreign signals intelligence, cyber warfare and information security. ASD's purpose is to defend Australia from global threats and help advance our national interests.Situated in Canberra, ASD employs over 2000 TSPV cleared workers. ASD's workforce is growing rapidly. Areas of growth include PMO, cyber security, systems administration and engineering, software development and network engineering.A top-security, complex and highly technical environment, ASD plays a vital role in the defence of Australia. JOB DUTIES AND RESPONSIBILITIES ASD requires a Vulnerability Assessor who will be responsible under broad direction to protect ASD systems and information, meet domestic and international policies and standards, and mitigate risks. Liaise with multiple project and capability stakeholders to assist in design and documentation of ICT system security controls Evaluation Team Contribute to design of ICT Security policy and documentation, and implement practices, technologies and governance. Analyse and assess ICT system security documentation and configuration, including the use of vulnerability assessment tools. Undertake ICT security threat and risk assessment and develop appropriate security documentation to gain certification. Support the operation of the IT security team by providing the following services: IT security education and outreach. Leadership on IT security related matters and issues. Assist in the Continuous improvement processes. Stakeholder engagement on security-related matters. Lead and perform forensically sound very complex security investigations on a wide array of assets and devices that directly relate to security infrastructure, in accordance with the established procedures. Accountable to conduct investigations which may be as the result of a security incident or by direction from senior leadership. Assess and explain very complex threat profiles of a variety of electronic devices, as relevant across the Australian Signals Directorate. Lead analytical processes to identify and recommend actions to maintain and improve the integrity of the ICT infrastructure. Communicate and provide authoritative advice and guidance on strategies to improve the Australian Signals Directorate ICT security and mitigate risk of devices compromising that security. Interpret and comply with relevant policy governing ICT security in the Australian Signals Directorate, both internal and whole-of-Government, including legislation that underpins digital security and online privacy. Evaluate and assist with the application and compliance of security controls and review information systems for actual or potential security vulnerabilities. Adopt and adapt appropriate systems design methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches, and ensure they are applied effectively. Review and make recommendations and assess and manage associated risks of others' systems designs to ensure selection of appropriate technology, efficient use of resources, and integration of multiple systems and technology. Contribute to development of systems design policies and standards and selection of architecture components. SKILLS & EXPERIENCE NEEDED Essential criteria1. Compliance Monitoring and Controls Testing: Level 5 (CIISEC)Leads teams conducting compliance monitoring and/or controls testing, reporting findings to middle management; escalates issues as appropriate.2. Internal and Statutory Audit: Level 5 (CIISEC)Leads teams of auditors conducting internal or external audits. Produces and agrees plans for each audit. Agrees solutions and actions with management.3. Intrusion Detection and Analysis: Level 2 (CIISEC)Can explain the basic principles involved in monitoring network and system activity for anomalous behaviour and how the results can be used. Australian Citizenship and a TSPV security clearance is essential Desirable criteria 1. Risk Assessment: Level 4 (CIISEC)Undertakes complex risk assessments with supervision, either as an individual or a member of a team.2. Security Evaluation and Functionality Testing: Level 5 (CIISEC)Leads Security Evaluation or Functionality Testing teams. BENEFITS Why work for ASD? Work on interesting and prestigious projects vital to the ongoing defence of Australia. Flexible work environment; work the hours that suit you between 7am and 7pm. Low attrition rate: the great variety of projects and opportunities across different business areas ensure few workers leave ASD. Long contracts available. Fantastic growth opportunities available at any stage of your career. Why Kinexus? Kinexus has been supplying TSPV contractors to government panels since 2004 and have a strong relationship with them. We are one of just 9 suppliers Australia-wide. Our experience in managing contractors in defence/national security industries means we understand the requirements from the Commonwealth, insurances and clearances. DISP accredited; we can hold clearances and manage renewals. Dedicated account manager who is your dedicated POC and offers continuous contractor care. Rate negotiation guidance in line with the SFIA framework. Dedicated payroll assistant who facilitates your taxes and super. We proactively chase timesheet approvers to ensure you get paid on-time and error free. Regular visits to Canberra for coffee, lunches and quarterly drinks events. We can facilitate novated car leases, LAFHA or salary sacrifice. We'll keep you up to date with the most appropriate, interesting opportunities in your field. Community matters. Kinexus supports women in Defence through our female mentoring program and rewards referrers through our Referral Rewards scheme. Support for your health and wellness through counselling support (EAP) available for all contractors and their families. Kinexus is the leading recruitment partner to the defence industry in Australia. We support our community in making intelligent connections and create opportunities to help grow careers. All applications should include your resume as a word document. For more information, visit our website, or contact Cindace Prasadat 0449 511 324. #LI-CP #J-18808-Ljbffr