Application Security Specialist - NV1

Role Title

Application Security Specialist

Location

Canberra, hybrid arrangement

Working Arrangement

40 hours per week

Clearance required

NV1 (minimum; clearances will not be upgraded)

Company overview

The Department of Prime Minister and Cabinet requires skilled Application Security Specialists across multiple streams to assess the deployment of systems into a new environment. The organisation is focused on uplifting capability in application security, secure development practices, secure coding and compliance with governance frameworks. The role involves working closely with infrastructure, cloud and application development teams, alongside business stakeholders and system owners, to support broader technology initiatives.

Job Description

The Application Security Specialist will provide expertise across penetration testing, secure code review, secure development practices and adherence to government cybersecurity frameworks. The role requires strong offensive security capability and close collaboration with technical and business teams to ensure systems are validated, secure and ready for deployment.

Duties and Responsibilities

• Scope, plan and execute penetration tests across web applications, cloud services, end user compute, domain environments and custom applications.
• Conduct and manage cyber threat emulation, control validation and threat modelling exercises.
• Develop penetration testing artefacts including test plans, vulnerability reports and mitigation recommendations.
• Create automated processes to improve the efficiency of testing activities.
• Perform dynamic and static code analysis using black box, grey box and white box methodologies.
• Apply knowledge of new attack vectors, techniques and evasion methods to maintain current testing standards.
• Use commercial and open-source security tools and vulnerability scanners.
• Prioritise identified security issues and provide clear communication on severity and impact in line with established frameworks.
• Provide actionable recommendations to treat vulnerabilities and enhance the hosting environment's security.
• Consult with application development, security and internal teams regarding findings and remediation strategies.
• Build and maintain strong relationships with internal and external stakeholders.

Knowledge/Skills required

• Experience in penetration testing, secure code review, vulnerability identification and offensive security tools.
• Proficiency in scripting and programming to develop or modify testing tools and frameworks.
• Knowledge of PTES, MITRE ATT&CK, OWASP ASVS and broader application security methodologies.
• Strong written reporting skills and the ability to communicate effectively with technical and non-technical stakeholders.
• Strong scripting skills across Python, Bash, PHP, PowerShell and JavaScript, with deep knowledge of languages such as C, C++, Java and .NET/C#.
• Experience using tools including Burp Suite, Nmap, Metasploit, Cobalt Strike, Kali Linux, BloodHound, Ghidra and IDA.
• Relevant certifications such as OSCP, CRT, CRTP, GPEN, HTB CTPS or similar are desirable.

Diversity and Inclusion

We value diversity and are committed to creating an inclusive environment for all employees.

Veterans

Defence and Federal Government industry experience is highly desirable. We strongly encourage veterans and individuals with Defence experience to apply. Your unique skills and background are highly valued, and we are committed to supporting your transition into this role.

About Cleared

At Cleared, we provide tailored recruitment solutions to individuals seeking their next opportunity and to organisations searching for talent within Defence Industry, Intelligence and National Security.