Lead Pen Testers with NV1 clearance

ZSoft Technologies Pty Ltd


Date: 1 day ago
City: Canberra, Australian Capital Territory
Contract type: Full time
Lead Pen Testers with NV1 clearance - Canberra- 2 weeks

About the Role

As part of our ongoing cybersecurity assurance initiatives and in compliance with Australian Government information security standards, we are seeking an experienced Lead Penetration Tester to conduct a comprehensive assessment of a cloud-hosted web application deployed within the Microsoft Azure environment.

The engagement includes the penetration testing of both User Acceptance Testing (UAT) and Production environments, with a focus on identifying vulnerabilities across the external attack surface, including unauthenticated and authenticated vectors. The role requires close collaboration with internal security, cloud, and development teams to assess web-layer exposures, application logic flaws, and security configurations across integrated Azure services.

Scope of Work

  • Conduct comprehensive penetration testing of the application's web interface and associated backend infrastructure.

  • Focus on both unauthenticated and authenticated access vectors.

  • Test associated Azure components, including:

    • Azure App Service

    • Azure SQL Database

    • Azure Key Vault

    • Azure Storage Accounts

    • Private Endpoints

  • Assess embedded third-party integrations (e.g., Chatpa code in web forms).

  • Provide actionable findings, technical analysis, and risk-based remediation recommendations.


Essential Criteria

1. Penetration Testing – SFIA Level 5

  • Demonstrated ability to plan, lead, and execute penetration testing within a secure enterprise environment.

  • Provide expert-level insights on security posture, vulnerability impact, and defence effectiveness.

  • Accountable for the integrity and accuracy of test results, coordinating execution and ensuring adherence to standards.

  • Advises stakeholders on best practices, mitigation strategies, and emerging testing techniques.


2. Penetration Testing & Simulated Attack Exercises – CIISEC Level 5

  • Capable of conducting complex penetration testing and exploitation using both commercial and bespoke tools with minimal supervision.

  • Experience undertaking simulated attack exercises, including adversarial emulation under direction.

  • Holds relevant certifications such as:

    • CHECK Team Leader

    • CREST Certified Tester (Infrastructure or Web Applications)

    • Or equivalent industry-recognised credentials


Technical Requirements

  • Proven expertise in:

    • Web application security

    • Azure-based cloud infrastructure security

    • Authentication/authorization mechanisms

    • Secure integration assessment

  • Familiarity with:

    • OWASP Top 10

    • Azure Security Center, Key Vault, and role-based access

  • Hands-on experience with industry-standard penetration testing tools (e.g., Burp Suite, Nmap, Metasploit, etc.)


Other Requirements

  • Must hold NV1 clearance (active)

  • Availability for short-term engagement with immediate start

  • Ability to work on-site in Canberra

  • Strong documentation, reporting, and presentation skills


Deliverables

  • Formal penetration test plan (PTP)

  • Final security assessment report with executive summary, technical findings, and risk ratings

  • Debrief session with internal stakeholders


#PenetrationTesting #DevSecOps #CyberSecurityJobs #AzureSecurity #NV1Clearance #CanberraJobs #CREST #CHECKTeamLeader #WebAppSecurity #CloudSecurity #InformationSecurity #RedTeam #SecurityTesting #AustralianGovernmentJobs #ContractJobs #SecurityEngineer #AzureDevOps #CyberContractors #australiajobs #canberrajobs

Post a CV

See more jobs in Canberra, Australian Capital Territory