Talent.com
AusNet Services Ltd
Offensive Security LeadAusNet Services Ltd • Victoria, Australia
Offensive Security Lead

Offensive Security Lead

AusNet Services Ltd • Victoria, Australia
5 hours ago
Job description

We bring the energy!

Through purpose and people - not just through the infrastructure we operate, but through the way we show up for each other, our customers’ and our communities. The future of energy is in our hands. Let’s shape it together.

Are you ready to shape the future of energy?

This is a great opportunity for someone who wants to work in critical infrastructure, leading a team of experts in implementing vital policies and establishing and leading AusNet’s Offensive Security capability.

We are looking for an Offensive Security Lead to ensure security controls are continuously assessed against current and emerging threats, driving risk informed remediation and improving the organisation’s cyber resilience through continuous security testing and secure development practices.

The Offensive Security Lead is responsible for establishing and leading AusNet’s Offensive Security capability, providing strategic and technical leadership across penetration testing, red teaming, application security and exposure management to proactively identify, validate and reduce cyber security risk across IT and OT, cloud platforms and applications.

As the technical authority for Offensive Security, the role balances hands-on technical leadership with people leadership, vendor management and strategic planning to ensure security assurance activities deliver measurable reductions in organisational cyber risk.

What you’ll be doing in this role:

  • Lead and oversee the organisation’s penetration testing, red teaming and adversary emulation program, validating the effectiveness of preventative, detective and responsive security controls across IT, OT, cloud and critical business applications.
  • Have accountability of day-to-day operational outcomes of the function, as well as developing and driving the strategic direction, aligning people and processes to achieve business and cyber department goals.
  • Own the Exposure Management capability, including vulnerability management, security validation and remediation governance, ensuring security risks are accurately prioritised, effectively communicated and remediated within agreed risk tolerances.
  • Lead the Application Security function by embedding security-by-design principles throughout the software development lifecycle, providing security guidance, code reviews, testing and developer enablement to reduce software security risk.
  • Develop and maintain an intelligence-led offensive security program, leveraging threat intelligence, adversary tradecraft and frameworks such as MITRE ATT&CK to continuously evolve testing methodologies and emulate relevant threat actors.
  • Technical hands-on red teaming and penetration testing as required, complementing the work provided by our partners.
  • Establish and maintain a differentiated OT security testing methodology, ensuring all penetration testing, red teaming and adversary emulation activity against OT/ICS environments follows a safety-first, non-disruptive approach appropriate to live operational technology. This includes defining clear boundaries between passive and active testing techniques, determining where live-fire testing is and isn't permitted on production OT assets, and establishing mandatory coordination and sign-off with OT Engineering and Asset Management teams prior to any testing activity that could impact operational safety or grid reliability.
  • Partner with Cyber Defence, Network Security, OT Security, Enterprise Architecture, IAM, GRC and technology delivery teams to validate security controls, improve detection capabilities through purple team activities and strengthen the organisation’s overall cyber resilience.
  • Lead the management of third-party security service providers, including penetration testing, application security and vulnerability management partners, ensuring contractual obligations, service levels and quality standards are consistently achieved.
  • Liaise with external entities, such as cybersecurity advisory bodies, threat intelligence entities, law enforcement agencies, and external partners, to maintain a strong security posture and stay ahead of relevant security threats.
  • Provide authoritative technical advice and risk-based recommendations to senior leadership, supporting investment decisions, security architecture, technology initiatives and strategic cyber security programs.
  • Establish and evolve meaningful performance metrics, reporting and dashboards that measure offensive security effectiveness, exposure reduction and remediation performance, providing regular insights to management.
  • Support the development of the cyber security strategy, roadmap, budgetary and business cases.
  • Instil a high-performance, collaborative culture with a “one team” approach with multiple partners, providing leadership, guidance, and technical expertise, and a strong accountability and outcome focus to achieve business outcomes.

You don’t need to check every box, however we’re looking for a good combination of:

  • Extensive experience in cyber security including recent experience as a technical lead in Offensive Security, Penetration Testing, Application Security or Red Team within a large or complex environment.
  • Strong knowledge of offensive security methodologies, adversary emulation, penetration testing, app sec, vulnerability management and exposure management
  • Demonstrated experience leading and developing high-performing technical teams, with 3-5 years of people leadership experience preferred.
  • Experience applying industry frameworks and standards including MITRE ATT&CK, OWASP, NIST, Essential Eight or CIS Controls
  • Experience managing third-party security service providers, commercial contracts and service delivery outcomes
  • Strong analytical problem solving and decision-making skills, with the ability to balance cyber security risk, business priorities and operational requirements.
  • Relevant industry certification such as OSCP, OSCE, GPEN, GWAPT or equivalent for penetration testing and application security; CRTO, CRTP or OSEP for red teaming and adversary emulation; and GICSP or equivalent OT/ICS-specific security training ( SANS ICS courses) given the role's scope across operational technology environments
  • A leadership-oriented certification such as CISSP or CISM is also highly regarded, reflecting the role's dual accountability for technical authority and people leadership.
  • Familiarity with or accreditation against CREST standards is advantageous, given the role's responsibility for quality-assuring third-party penetration testing and application security providers.

In this role you’ll need to demonstrate some key attributes:

  • Proven ability to influence senior stakeholders and communicate complex technical risks and recommendations to technical and executive audiences.
  • Critical thinker with a methodological approach to enterprise architecture.
  • Results-oriented with a focus on achieving measurable business outcomes.
  • Adaptable and resilient in a fast-paced, ever-changing digital landscape.
  • Strong convictions balanced against the need to be a team player.
  • Build and manage positives relationships with business units across the organisation and with our services and technology partners.
  • Build and develop a high-performance team culture, aligned to the AusNet’s values, through effective leadership, support and feedback.
  • Promote and foster collaborative team and stakeholder relationships based on mutual trust, integrity, accountability and inclusion.

The AusNet experience is all about…

  • Growing your impact: We’ll support you to build your career through real opportunities and strong connections.
  • Solving some of the most complex energy challenges of our time: We love unpacking complex challenges in clever ways and looking at things differently.
  • Building an energy future to be proud of: We’re a trusted leader, with deep expertise, driven to do what’s right for our communities and customers.

We’re committed to building an inclusive culture and a diverse workforce. We believe different perspectives are essential to our success, and we encourage all applicants to apply. If you need any adjustments during the recruitment process, we're happy to discuss how we can support you.

At AusNet, we bring the energy! Ready to make your impact? Apply now!

We will not be engaging with Recruitment agencies for this role, so please apply directly.

Create a job alert for this search

Offensive Security Lead • Victoria, Australia

Similar jobs

Associate Director - Operational Risk

Ethos BeathChapmanVIC, AU

Associate Director – Operational Risk & Compliance.Ethos BeathChapman is partnering with a highly regarded and purpose-driven institutional investor to recruit an.Associate Director, Operationa... Show more

DLP and Incident Response Manager

EmmbrVIC, AU

Melbourne or Sydney, Permanent, strong brand and team.Lead incident response and oversee DLP activities.Hybrid working, supportive culture, good package and bonus.A major critical infrastructure bu... Show more

Associate Director - Forensic Technology

KPMGVIC, AU

KPMG Australia's Digital Forensics and Incident Response (DFIR) team includes a substantive eDiscovery practice.We provide tailored eDiscovery solutions to help organisations manage and respond to ... Show more

PMO Lead (contract)

Seven ConsultingVIC, AU

Can you set up a PMO from scratch, spot gaps before they become governance nightmares, and mentor a crew that keeps a $50 million program humming? Step into Seven Consulting as a full-time PMO Lead... Show more

Cyber Security Operations Manager

EmmbrVIC, AU

Melbourne or Sydney, Permanent, strong brand and team.Lead incident response team, hybrid working.A major critical infrastructure business is seeking a Cyber Security Operations Manager to lead a t... Show more

Security Engineer

EmmbrVIC, AU

Join a growing cyber team in a newly created engineering role.Broad experience across security platforms, controls and access needed.Competitive salary, critical environment, genuine scope to impro... Show more

Night Duty Manager

MSS Security Pty LtdVIC, AU

As one of Australia’s leading security companies, MSS Security is built on teamwork, respect, and integrity.We provide long-term career paths, stability, and a workplace where your professionalism ... Show more

Senior DevOps / Cloud & Security Engineer

DIRECTOR, TECHNOLOGYVIC, AU

Senior DevOps / Cloud & Security Engineer.Melbourne (Hybrid) | Full‑time.Senior DevOps / Cloud & Security Engineer.CI/CD pipelines, and security posture.You’ll work closely with engineering... Show more

Security Officer - NV1 Cleared

MSS Security Pty LtdVIC, AU

As one of Australia’s leading security companies, MSS Security is built on teamwork, respect, and integrity.We provide long-term career paths, stability, and a workplace where your professionalism ... Show more

Get Qualified & Start in Security – Funded Training + Job Pathway

MSS Security Pty LtdVIC, AU

As one of Australia’s leading security companies, MSS Security is built on teamwork, respect, and integrity.We provide long-term career paths, stability, and a workplace where your professionalism ... Show more

SECURITY ARCHITECT L1

WiproVIC, AU

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transf... Show more

Security Officer - Events

MSS Security Pty LtdVIC, AU

As one of Australia’s leading security companies, MSS Security is built on teamwork, respect, and integrity.We provide long-term career paths, stability, and a workplace where your professionalism ... Show more

Tech Lead

OPS Garrison Lending Operations Pty LtdVIC, AU

Angle Finance is a leading non-bank asset finance company operating in the rapidly growing intermediary asset finance market.Our signature is Faster, Easier Finance, provided by consistent, predict... Show more

Security Architect

KPMGVIC, AU

KPMG’s Connected Technology Group (CTG).Our work spans internal and client‑facing solutions, partnering closely with technology, cyber, and risk teams across the firm.Security architects influence ... Show more

Security - Control Room Operators

MSS Security Pty LtdVIC, AU

As one of Australia’s leading security companies, MSS Security is built on teamwork, respect, and integrity.We provide long-term career paths, stability, and a workplace where your professionalism ... Show more

AI Security Analyst

Clicks IT RecruitmentVIC, AU

AI Security Analyst - AWS & Cloud.Canberra, Sydney, Melbourne, Brisbane, Adelaide or Newcastle (Hybrid).Join a high-performing, collaborative technology team delivering innovative.You'll work a... Show more

Security Control Room Operator

MSS Security Pty LtdVIC, AU

As one of Australia’s leading security companies, MSS Security is built on teamwork, respect, and integrity.We provide long-term career paths, stability, and a workplace where your professionalism ... Show more

Senior Security Architect

KPMGVIC, AU

KPMG’s Connected Technology Group (CTG).Our work spans internal and client‑facing solutions, partnering closely with technology, cyber, and risk teams across the firm.Security architects influence ... Show more

Senior Security Engineer

EmmbrVIC, AU

Join a growing cyber team in a newly created engineering role.Hands-on PAM deployment/configuration experience highly valued.Competitive salary, critical environment, genuine scope to improve capab... Show more

Infrastructure Team Leader

EmmbrVIC, AU

The organisation operates a hybrid technology environment with on-premises VMware virtualisation and an increasing shift towards cloud deployments, primarily within Azure.The role is to provide tec... Show more