This is a remote position. Clearance level : Must have NV1 security clearance Location : Working arrangements will be determined on a per-engagement basis depending on the specific requirements of the engagement, Penetration Testing may be performed onsite or remotely depending on the requirements of the work package. We are seeking highly experienced Cybersecurity Offensive Security Specialists to deliver advanced offensive security services. These roles play a critical part in ensuring government systems, applications, and internal processes remain resilient against sophisticated real-world cyber threats. This opportunity is best suited to senior practitioners who are comfortable operating in high-trust, high-impact environments , engaging with complex government systems, and responding effectively to short-notice tasking. You will work within the Cyber Prevention team , delivering intelligence-driven testing, threat emulation, and adversarial simulation activities that directly contribute to national security outcomes. About the Team The Cyber Prevention function delivers intelligence-informed, preventative cybersecurity services, including: Strategic, operational, and technical threat intelligence analysis and reporting Investigation support through trend and pattern analysis Identification and assessment of vulnerabilities to inform countermeasures and response timeframes Proactive threat hunting for advanced adversaries capable of evading security controls Penetration testing of applications and networks to inform risk posture Threat emulation exercises to assure detection and response capabilities You will collaborate with highly capable cyber professionals in a mission-focused environment where your expertise directly strengthens defensive capability. Services You Will Deliver Depending on your technical strengths, you will contribute to one or more of the following: Penetration Testing Application and component-level testing of systems and binaries Identification of exploitable intra- and inter-component vulnerabilities Validation of security controls supporting accreditation activities Vulnerability Assessments Systematic assessment of security controls and configurations Identification of security deficiencies and risk exposure Validation of control effectiveness following remediation Red Team Assessments End-to-end adversarial simulations based on real-world threat conditions Assessment of organisational people, process, and technology defences Identification of defence gaps and improvement opportunities Purple Team Assessments Collaborative exercises integrating Red Team techniques with Blue Team controls Close cooperation with defensive teams to maximise detection and response capability Practical uplift of organisational cyber maturity Advanced Threat Emulation Intelligence-driven modelling of specific threat actors Emulation of adversary tactics, techniques, and procedures (TTPs) Validation of detection and response effectiveness against known threats Key Responsibilities Deliver offensive security testing on an ad-hoc and short-notice basis Analyse system documentation and technical information to determine testing priorities Develop and submit Penetration Testing Plans at least 5 days prior to engagement commencement Execute testing activities in accordance with approved scopes and rules of engagement Produce clear, actionable Penetration Test and Assessment Reports within 10 days of test completion Support Security Accreditation Framework activities, Security Risk Assessments, and Security Impact Assessments Conduct targeted testing to verify the operation of critical security controls Contribute to knowledge-sharing, guided testing, and uplift of internal cyber capabilities Requirements Requirements Essential Skills and Experience Extensive hands-on experience in offensive security, penetration testing, red teaming, or threat emulation Strong understanding of modern attack techniques, tooling, and adversary behaviours Proven experience testing complex enterprise or government systems and environments Ability to produce high-quality, defensible technical reports for senior and technical stakeholders Strong analytical skills with the ability to translate technical findings into actionable risk outcomes Experience working within defined scopes, rules of engagement, and governance frameworks Ability to operate autonomously and respond effectively to short-notice engagements Technical Competencies (one or more) Application security testing (web, APIs, binaries) Network and infrastructure penetration testing Active Directory and identity-based attack techniques Red Team and adversary simulation operations Threat actor emulation aligned to real-world intelligence Purple Team collaboration and detection engineering validation Benefits Benefits Opportunity to work on high-impact national security initiatives Engagements within a mission-critical government environment Exposure to complex, real-world threat scenarios and advanced adversary techniques Collaboration with highly skilled cyber professionals across offensive and defensive disciplines Meaningful work where your expertise directly improves Australia’s cyber resilience Competitive engagement-based remuneration aligned with senior specialist capability Flexible, ad-hoc engagement model suitable for experienced practitioners
