- Drive program of offensive penetration testing/red teaming activities
- Stakeholder engagement and applying the art of communicating to non-technical audiences
- Join EnergyAustralia as we navigate through an exciting energy sustainability transformation
- Immediate start with key career growth both technical and leadership arenas
The energy industry is undergoing a radical transformation. As one of Australia’s largest generators of electricity, we are stepping up to ‘light the way’ towards a cleaner energy future. EnergyAustralia form part of the CLP Group. Cyber Security is ranked as one of the groups highest priorities. This role reports through to EnergyAustralia’s Chief Information Security Officer and is based in our Melbourne EnergyAustralia office. This is a small and dynamic team with a critical mandate.
About the role
Reporting to the Technical Assurance Manager the key purpose and overall responsibility is to assist in the design and implementation of a program of offensive penetration testing/red teaming campaigns to identify weaknesses in EnergyAustralia's detective and protective controls. This role will work closely with the cyber team executing red team operations and penetration testing of the company in both Technology (IT) and Operational Technology (OT) domains.
Key accountabilities will include but not be limited to:
- Required to assist in the development and execution of red teaming campaigns and assessments that target CLP’s security seeking to extract information, infiltrate systems and breach perimeters whilst avoiding detection
- Analysing the Tools, Techniques and Procedures (TTPs) of threat actors and using this information to design campaigns to specifically test CLP’s IT and OT environments and the supporting technologies and processes.
- Collaborate with key stakeholders (site-based IT staff and service providers) to provide advice and guidance on changes to configuration and processes to reduce vulnerability risks and with business personnel to reduce the risk of open-source intelligence (OSINT) leakage
- Partner and align with Group Cyber Operations, IT operations, OT Operations, business operations and external parties
- Engage our business to give advice on the development and maintenance of information security policy, standards, procedures, and governance frameworks
What we’re looking for:
- Extensive experience with manual and automated pen testing tools including RAPID7, NMAP, Metasploit and Burpsuite.
- Some IT experience with Microsoft enterprise technologies including but not limited to Windows, Active Directory, TMG, IIS etc.; Open source technologies such as Linux; virtualization technologies such as VMware and Hyper-V; and hands-on experience in TCP/IP networking, firewalls, VPN, intrusion prevention systems, network security monitoring, network vulnerability scanning.
- Familiar with best-in-class IT & ICS security technologies by leading suppliers such as Cisco, Checkpoint, Palo Atos, Symantec, FireEye, and Juniper. Certifications such as OSCP/CREST is viewed positively.
- Strong written and verbal communication skills, including the ability to gather and critically evaluate information and prepare written documents that clearly and concisely identify the issues presented and their proposed resolution.
- Ability to explain technical issues to non-technical stakeholders and build positive workplace relationships.
How to Apply
If you share our passion for making customers a priority, doing the right thing, leading change and want to be part of an organisation focused on making a positive impact, click the 'Apply’ button to submit your application.
We’re committed to providing an inclusive culture so our employees can bring their whole selves to work and have a sense of belonging. From our PRISM network that creates a positive culture for LGBTI employees to our Reconciliation Action Plan that has commitments to strengthen relationships with Aboriginal and Torres Strait Islander people and organisations, it’s a workplace where everyone’s welcome.