About Us IAG Defence & National Security (DNS) is part of IAG, a specialist advisory firm supporting complex infrastructure, Defence and national security programs across Australia. Our DNS team works closely with Commonwealth agencies and industry partners to deliver specialist expertise into nationally significant programs. Our success depends on our ability to identify, engage and mobilise highly specialised talent quickly and effectively. IAG is recognised as a Veteran Friendly Employer under the Veteran Employment Program. The Role We are seeking an experienced Penetration Tester / Cyber Security Consultant to undertake a short-term security assessment engagement within a complex enterprise environment. Working with a modern technology stack incorporating cloud, identity, networking and endpoint technologies, you will conduct a structured penetration testing exercise to identify vulnerabilities, evaluate existing security controls and provide practical recommendations to strengthen cyber resilience. This opportunity would suit an experienced security professional who enjoys hands-on technical assessment work and delivering meaningful security outcomes for large organisations. Key Responsibilities Assess the effectiveness of existing cyber security controls. Perform external attack surface discovery and infrastructure assessment activities. Conduct network and Wi-Fi security testing from an adjacent attacker perspective. Assess cloud environments and determine resilience against external attack attempts. Undertake grey-box testing activities to identify security vulnerabilities and security improvement opportunities. Test authentication pathways, access controls and potential attack vectors across cloud and collaboration platforms. Identify weaknesses within externally exposed systems and services. Document findings, risks and remediation recommendations in a clear and actionable manner. Support the delivery of a comprehensive penetration testing report upon completion of the engagement. About You Demonstrated experience delivering penetration testing, vulnerability assessments or cyber security assurance activities. Strong understanding of network security, cloud security and identity management concepts. Experience assessing Microsoft cloud environments, enterprise networks and modern workplace technologies. Ability to identify, validate and communicate technical vulnerabilities and associated business risks. Strong report writing and stakeholder engagement skills. Experience conducting security assessments within government, Defence or other highly regulated environments will be highly regarded. Desirable Criteria Experience assessing Microsoft Azure environments. Experience testing Microsoft 365 environments and cloud identity services. Knowledge of enterprise networking and wireless security technologies. Experience conducting infrastructure discovery and attack surface mapping exercises. Relevant cyber security certifications such as OSCP, OSCE, CREST, CISSP, CEH, GPEN or equivalent. Experience producing executive and technical security reports. Additional Information Contract commencement: July 2026. Initial engagement term: 1 month plus 1 month Location: ACT. Working arrangements are primarily onsite during standard business hours. What We Offer With offices in Perth, Brisbane, Melbourne, Sydney and Canberra, we’re a tight-knit team working across some of Australia’s most critical Defence and national security programs. We value expertise, collaboration and flexibility, providing our people with opportunities to contribute to meaningful and technically challenging projects. We can offer great work, great people, great culture, great conditions, and an all-round great time whilst you continue building a rewarding career in the cyber security sector. As part of IAG, you’ll be joining a team of more than 250 professionals. REF: DT 006