Acknowledgement of Country CSIRO acknowledges the Traditional Owners of the land, sea and waters, of the area that we live and work on across Australia. We acknowledge their continuing connection to their culture and pay our respects to their Elders past and present. View our vision towards reconciliation . Role highlights Lift CSIRO's cyber maturity by leading high impact security testing capability Run threat informed offensive security across a complex environment Be the trusted technical lead driving measurable remediation outcomes About CSIRO As Australia's national science agency, CSIRO is solving the greatest challenges through innovative science and technology. Many of our iconic innovations were once considered impossible until someone, just like you, joined us and took on the challenge. Visit CSIRO.au for more information. The opportunity CSIRO is seeking an experienced Technical Cyber Security Advisor/ Penetration Testing Lead, to join our Cyber Security Resilience team. This hands-on technical leadership role has no direct reports but is responsible for leading the organisation's penetration testing function, coordinating penetration testing and red teaming activities, as well as uplifting cyber security capability through mentoring and expert guidance. The role suits an adaptable and analytical professional with experience delivering complex testing engagements across diverse environments, who can apply threat-informed testing techniques, including adversary emulation, and translate findings into clear, actionable remediation outcomes. Working closely with internal stakeholders and external vendors, you will provide high-quality security advice in a complex environment, supporting measurable improvements in CSIRO's cyber security maturity under the direction of Cyber Resilience leadership. The key duties of the position include High-level duties include: Lead the planning and coordination of security testing activities (i.e. penetration testing and red teaming activities, including scheduling, stakeholder alignment, and rules of engagement. Perform and oversee penetration tests on web applications, bespoke systems, complex and sensitive infrastructure, and cloud services, ensuring safe execution and minimal operational impact. Document, validate and prioritise findings; produce clear, timely reports and briefings that communicate risk, impact, and practical remediation options to technical and non-technical stakeholders. Develop and maintain testing methodologies, scoping documents, rules of engagement and repeatable playbooks for environments that do not fit standard IT patterns, including threat-informed and adversary emulation approaches. Carry out quality assurance and peer review for testing deliverables, ensuring consistency of evidence, severity ratings, and remediation guidance. Stay current with evolving threats, attacker TTPs, and security trends; evaluate and improve tooling and techniques used by the testing function. Partner with vulnerability management, cyber architecture/engineering and detection/response teams to validate risk, support remediation, and uplift defensive controls through purple-team style collaboration. Role particulars Location and office arrangements: Melbourne (Clayton), Perth (Kensington), Canberra (Black Mountain), Hobart, Brisbane (St. Lucia), Sydney (Marsfield) Salary: AU$135,571 - AU$158,863 per annum (pro rata for part-time), plus 15.4% superannuation Tenure & work schedule: Indefinite Reference: 102720
