17 Security Specialist jobs in Australia

Description
Amazon Web Services (AWS) is the leading cloud service provider, providing virtualised infrastructure, storage, networking, messaging, and many other services to customers all over the world, including government customers. AWS runs a globally distributed environment, operating at massive levels of scale. Businesses, from start-ups to enterprises to large government customers, run their operations and applications on AWS' highly secure infrastructure.
AWS Security is looking for a highly talented and motivated Physical Security Specialist to work with our team, designing the secure facilities to maximize the effectiveness of the physical security program. The duties include extra-low voltage system design and engineering, working with the architectural and engineering teams to assure security best practices are observed, drafting new systems into the design teams build plans, and coordinating with physical security leaders to understand the new build and security system designs, adhering to an approved products list. A successful candidate will be responsible for interpretation of Risk Assessments and Threat Analysis and Physical Security Standards to assure the proper security technologies are selected to meet the unique challenges to be found in a sensitive security program.
Key job responsibilities
This role will be expected to provide in-depth security advice on the physical security architecture for the organisation. You will draw upon your strong knowledge as well as invent and innovate in the course of your duties. Key responsibilities may include:
* Lead the physical security architecture elements on a sensitive program.
* Create and communicate detailed physical security system designs and guidance to ensure compliance with government policies and frameworks.
* Subject matter expertise to support the AWS Security leadership and other security teams, with a focus on physical security.
* Physical / Protective Security Risk, Threat, and Vulnerability Management.
* Management and implement Physical security risk, threat, and vulnerability deliverables - e.g. internal and external audit items, security deliverables annual PSPF Self-assessment and ASD Cyber Survey.
* Preparation of executive level presentation packs, briefings, papers and reports to various internal and external governance bodies and stakeholders.
* Develop, oversee, and review protective security policies, procedures, processes, guidelines, forms and templates relating to protective security and day to day protective security operations.
* Identify vulnerable processes and systems and provide advice and support for the remediation of security risk and reduce exposure to security threats to support the rollout of new assets.
* Engage with and work collaboratively with stakeholders across AWS and externally, in relation to compliance obligations, e.g. PSPF and ISM.
Hold or be able to attain an Australian Government Security Vetting Agency clearance (see day in the life
Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Conflicts should be addressed by listening, finding the best way forward and persuading one's colleagues. Successful engineers in this role will regularly analyze their own performance with a critical eye. A broad understanding of the AWS business and its interconnections is required. This position will also provide training, advice, and mentorship to other engineers throughout AWS.
About the team
About the team
Diverse Experiences
AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
The team is comprised of security professionals with a cross section of national security and private sector experience, providing a range of perspectives required for creative problem solving. We value diversity of thought, creativity, and a strong Bias for Action and Earn Trust. We believe that there are no "perfect" security solutions and we develop and iterate using a continuous improvement process.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do.
Mentorship & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
* Degree in Architectural, Electrical Engineering, or Physical Security or equivalent experience in a related security field.
* 5+ years' experience with one or more drafting technologies such as, AutoCad, BlueBeam and others.
* Proficient with government security frameworks, policies and standards (e.g. PSPF, ISM, DSPF. ASD Essential Eight)
Preferred Qualifications
* Physical Security Design experience in corrections, military, government, or museum environments.
* PSP, CPP, PMP Certification
* CPTED Certification
* Proven ability to not only influence but lead business partners and supporting teams
Acknowledgement of country:
In the spirit of reconciliation Amazon acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.
IDE statement:
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

At Google, we have a vision of empowerment and equitable opportunity for all Aboriginal and Torres Strait Islander peoples and commit to building reconciliation through Google's technology, platforms and people and we welcome Indigenous applicants. Please see our Reconciliation Action Plan ( for more information.
**Minimum qualifications:**
+ Bachelor's degree in Computer Science, Mathematics, a related technical field, or equivalent practical experience.
+ 8 years of experience in customer-facing roles including interfacing with executive stakeholders and managing and delivering IT technical implementations, transformation programs, or related initiatives.
+ Experience in supporting enterprise customers in Cloud Professional Services organizations, IT consulting, or program management organizations.
**Preferred qualifications:**
+ Certification in IRAP qualifications or related Certified Auditor qualification such as SANS, ISO 27001, CRISC, etc.
+ Experience with DISP Security Officer, PSPF and Security Construction and Equipment Committee (SCEC) training, or endorsed SCEC consultant.
+ Excellent partner management, follow-through, resource management and communication skills with attention to detail.
In this role, you will be part of a team of cyber experts that will conduct cyber assurance activities for the private cloud services, data centers and underlying networks for customers in Australia. You will recommend cyber controls and evaluate systems according to the Defence Security Principles Framework (DSPF) Principle 23-ICT Certification and Accreditation, the Information Security Manual (ISM), the Australian Cyber Security Center (ACSC) guidelines, and the Protective Security Policy Framework (PSPF) and other controls in agreement. You will contribute to the identification of cloud related security and compliance design/development/deployment friction points and collaborate across teams to resolve them. You will support Google's Defence Industry Security Program (DISP) membership by maintaining a security program that complies with the DSPF and other related Australian government security obligations as required by legislation or regulation to ensure Google's ongoing compliance in the Australian market. You will hold the role of a Security Officer (SO) for Google Australia's DISP membership.
Google Cloud accelerates every organization's ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google's cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.
**Responsibilities:**
+ Conduct or lead the cyber assessments aligned with DSPF, or ACSC and ISM standards.
+ Support the review of security controls and the development of documentation including System Security Plans (SSPs) and Annex, Security Risk Management Plans (SRMP's) and other Australian government cyber assurance documents.
+ Engage with the government to build rapport and guide the customer on the assessment and authorization journey.
+ Maintain knowledge of frameworks such as DSPF and DISP, ISM, PSPF and the regulatory landscape with emerging threats and security technology.
+ Perform the role of DISP Security Officer, supporting the maintenance of the DISP obligations.
Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also and If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form:

**Introduction**
The Cyber Security SIEM Specialist is responsible for the day-to-day management, monitoring, and analysis of security information and event management (SIEM) tools within the organization. This role requires a highly skilled individual who can leverage SAP ETD and Microsoft Sentinel to detect, respond to, and mitigate cyber threats in real-time, ensuring the confidentiality, integrity, and availability of critical data and systems.
**Your role and responsibilities**
* Monitor, analyse, and manage alerts generated by SAP ETD and Microsoft Sentinel, investigating potential security incidents.
* Develop and maintain effective security policies, procedures, and guidelines related to SIEM operations.
* Utilise SIEM dashboards, reports, and visualizations to communicate security status to stakeholders.
* Conduct regular security audits and assessments to ensure the SIEM solution is optimally configured and aligned with current threat landscapes.
* Drive continuous improvement initiatives to enhance SIEM capabilities and response efficacy.
* Stay updated on the latest cybersecurity threats, attack patterns, and mitigation strategies.
* Ensure compliance with relevant industry regulations and standards
**Required technical and professional expertise**
* Must have an active AGSVA Baseline Clearance, preferred to have AGSVA NV1 Clearance or be eligible to obtain one.
* Must be an Australian Citizen
* Mandatory to be on site 5 days a week.
* Bachelor's degree in Computer Science, Information Security, or a related field.
**Preferred technical and professional experience**
* Minimum of 5 years of professional experience in SIEM administration, ideally with both SAP ETD and Microsoft Sentinel.
* Certified Information Systems Security Professional (CISSP) or similar certifications are strongly preferred.
* Proven expertise in threat detection, incident response, and security event management.
* Strong understanding of network security, cloud security, and cyber threat intelligence.
* Excellent analytical, problem-solving, and communication skills.
* Ability to work independently and as part of a dynamic team, often under pressure and tight deadlines.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

**Do you want your voice heard and your actions to count?**
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
**About the role:**
This role will support the delivery of the Operational Risk Management Framework (ORMF) including:
+ Risk and Control Self-Inspection (RCSA)
+ Issue Management
+ Incident Management
+ Controls Assurance (CA)
+ The banks Self-Inspection regime
+ Associated internal and regulatory reporting
In addition, this role provides support to the Chief Risk Officer (CRO) and wider Risk Management team in the delivery of the risk management framework to the Oceania branch.
**What you'll be doing:**
+ Ensure that risk is appropriately managed and that processes meet applicable risk management standards and/or prudential guidelines.
+ Ensure adequate internal controls are in place to comply with all bank rules, policies and procedures and relevant regulatory prudential standards and requirements for Australia and New Zealand.
+ Continuous drive to improve and strengthen the organisation's operational risk management framework and assist in the enhancement of the ORMF to ensure it keep pace with regulatory expectations in Australia and New Zealand.
+ Manage periodic attestation processes such as ensuring all risk events have been captured, policies and procedures remain up to date and business heads understand the risk profiles of their business.
+ Partner with the business and support functions to provide trusted advice on risk management practices and the development of an effective and efficient risk and control framework.
+ Develop and deliver training and workshops to refresh risk management skills and competencies and educate staff in the in the Oceania business as required.
+ Assist in the tracking and timely resolution of risk events and associated counters measures.
+ Work with the business and support functions to ensure that the countermeasures are fit for purpose and that the controls are well designed and will mitigate identified risks.
+ Preparation of Risk Management Committee agendas and minutes.
+ General administrative duties on behalf of the CRO and Risk Management Team (inc. diary management, arranging travel, filing and archiving.
**What we are looking for:**
This is a fantastic opportunity for someone with a genuine interest and drive to learn about risk management. We will provide you with the knowledge and training to get involved across a broad range of risk management activities.
Ideally you will have 1 years' experience working in an operational risk, enterprise risk or audit function in financial services, with exposure to APRA & RBNZ (or another banking regulatory agency) regulations. However, we will also give consideration for recent graduates (in a related discipline), with a good understanding of operational risk management best practice and a grounding in the Three Lines of Defence principals of risk management.
Outstanding administration skills including use of Word, Excel and PowerPoint are essential.
You will be highly organised and efficient, able to multitask and work autonomously and proactively. Strong attention to detail, accuracy and time management skills are essential, as well as a personable and professional manner.
**What we offer you:**
We offer you a role in one of the largest banks of the world, in a growing and international environment. You'll have various opportunities to develop yourself and we will support you with that by offering training and development possibilities to further your career.
Mitsubishi UFJ Financial Group (MUFG) is an equal opportunity employer. We view our employees as our key assets as they are fundamental to our long-term growth and success. MUFG is committed to hiring based on merit and organsational fit, regardless of race, religion or gender.
At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!
**Our Culture Principles**
+ Client Centric
+ People Focused
+ Listen Up. Speak Up.
+ Innovate & Simplify
+ Own & Execute

Title:
System Engineer - Risk Management
Belong. Connect. Grow. with KBR!
KBR's National Security Solutions team provides high-end engineering and advanced technology solutions to our customers in the intelligence and national security communities. In this position, your work will have a profound impact on the country's most critical role - protecting our national security.
Why Join Us?
+ Innovative Projects: KBR's work is at the forefront of engineering, logistics, operations, science, program management, mission IT and cybersecurity solutions.
+ Collaborative Environment: Be part of a dynamic team that thrives on collaboration and innovation, fostering a supportive and intellectually stimulating workplace.
+ Impactful Work: Your contributions will be pivotal in designing and optimizing defense systems that ensure national security and shape the future of space defense.
This is a contingent position based upon contract award
Who We AreKBR Government Solutions delivers full life cycle professional and technical solutions that improve operational readiness and drive innovation. Our solutions help ensure mission success on land, air, sea, space and cyberspace for the Department of Defense, Intelligence Community, NASA and other federal agencies. KBR's areas of expertise include engineering, logistics, operations, science, program management, mission IT and cybersecurity. KBR strives to create a safer, more secure and sustainable world by bringing together the best and brightest to deliver technologies and solutions that help our customers accomplish their most critical missions and objectives.
The Mission AheadThis role is with KBR's Government Solutions U.S. division. At KBR Government Solutions, we don't just envision a world that's safer, more secure, and sustainable - we create it. Our legacy of delivering advanced full life cycle professional and technical solutions is matched only by our commitment to operational readiness and innovation. As stewards of critical missions for the Department of Defense, Intelligence Community, NASA, and other key federal entities, we excel in engineering, logistics, operations, science, program management, mission IT, and cybersecurity. United in our quest for excellence, KBR stands at the vanguard, ready to transform possibilities into impactful realities for a better tomorrow.
Who You AreYou're a strategic and detail-oriented Systems Engineer: Risk Manager with a strong background in identifying, assessing, and mitigating risks within complex systems and projects. Your expertise in risk management, system architecture, and engineering principles allows you to develop robust strategies that minimize potential threats and ensure system resilience. You excel at balancing technical requirements with risk mitigation strategies, ensuring that projects are both secure and successful.
At KBR, you bring a proactive mindset and a strong ability to anticipate and manage risks, safeguarding critical systems and operations. Known for your analytical thinking, problem-solving skills, and ability to collaborate across teams, you thrive in environments where your strategic input ensures the continued success and stability of mission-critical systems.
What You'll DoIn the role of Systems Engineer: Risk Manager, your duties will include:
+ Lead risk assessments and develop risk management plans for systems and projects across various domains.
+ Identify potential risks, threats, and vulnerabilities within system designs and operations.
+ Collaborate with engineering teams to create and implement risk mitigation strategies and solutions.
+ Conduct regular risk reviews and ensure compliance with safety, security, and regulatory standards.
+ Use data analysis tools to evaluate system performance and identify areas for improvement.
+ Communicate risk assessments and mitigation plans to stakeholders and senior leadership.
+ Assist in the development of system architectures and designs with a focus on minimizing risks.
+ Support the creation of contingency plans and disaster recovery procedures to address critical system failures.
+ Stay up to date with industry best practices, standards, and regulatory requirements related to risk management.
Requirements:
+ Must be a US or Australian citizen
+ Must Possess an active US Top Secret/SCI w/ Polygraph or AUS PV Clearance.
+ Bachelor's degree in Systems Engineering, Risk Management, or a related field.
+ Must have 7 years of related experience supporting large systems and sub-systems.
+ Experience in Model Based Systems Engineering (MBSE)
+ Proven experience in systems engineering and risk management.
+ Strong understanding of risk analysis tools and techniques.
+ Expertise in system architecture and lifecycle management.
+ Ability to assess and mitigate technical, operational, and financial risks.
+ Excellent communication and interpersonal skills, with the ability to present technical information to non-technical stakeholders.
+ Detail-oriented with strong analytical and problem-solving skills.
+ Ability to work collaboratively with cross-functional teams and senior leadership.
This role will be located in Alice Springs. This position is expected to be onsite 100%.
#SF
Belong, Connect and Grow at KBRAt KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team's philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver - Together.
KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.

Description
Amazon Web Services (AWS) is the leading cloud service provider, providing virtualised infrastructure, storage, networking, messaging, and many other services to customers all over the world. AWS runs a globally distributed environment, operating at massive levels of scale. Businesses, from start-ups to enterprises to large government customers, run their operations and applications on AWS' highly secure infrastructure.
AWS Security is looking for a GRC Specialist to contribute to the certification, accreditation, assurance, and authorisation activities across the security program. The successful candidate is a problem-solver, quick-study, with a broad understanding of the regulatory landscape, cloud technologies, experience in security and compliance.
Key job responsibilities
* Serve as the GRC Specialist for designated (physical and/or logical) components within the cloud capability, to perform assurance and authorization activities to ensure adherence to standards and protocols.
* Collaborate with internal teams and customers to establish baselines and level-set the security requirements, security controls, and security objectives.
* Implement ISM, PSPF, DSPF, ASIO T4, NIST and/or other security compliance frameworks into design and build baselines to achieve the agreed security posture.
* Create, optimise, and support cross-functional working groups and projects aimed at enhancing security efficiency and effectiveness across the organization.
* Utilise domain expertise to develop thought leadership material on cloud and emerging technologies, contributing to the organization's knowledge base and industry positioning.
* Deliver to tight deadlines and drive results, demonstrating exceptional attention to detail and ensuring accuracy in all aspects of security management.
Hold or be able to attain an Australian Government Security Vetting Agency clearance (see day in the life
In your day-to-day you will need to exercise sound judgment in making trade-offs between short versus long term security and business goals. You will demonstrate resilience and navigate difficult situations with composure and tact, with a goal to achieve a great outcome for the customer. You will be successful in this role by regularly analysing your own performance with a critical eye. A broad understanding of the AWS business and its interconnections is required. This position will also provide training, advice, and mentorship to other teams throughout AWS.
About the team
Diverse Experiences
AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
The team is comprised of security professionals with a cross section of national security and private sector experience, providing a range of perspectives required for creative problem solving. We value diversity of thought, creativity, and a strong Bias for Action and Earn Trust. We believe that there are no "perfect" security solutions and we develop and iterate using a continuous improvement process.
Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do.
Mentorship & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Basic Qualifications
* 7+ years experience working in areas related to security assurance, such as cybersecurity, auditing, security architecture, regulatory affairs or public sector agencies involved in cybersecurity management.
* Experience working with governance, risk and compliance programs that directly involve interaction with regulatory bodies.
* Proficient with government security frameworks, policies and standards (e.g. PSPF, ISM, DSPF. ASD Essential Eight)
* Experience working with cloud technologies.
Preferred Qualifications
* Degree or equivalent experience in (Computer Science, Engineering, Cyber Security, IT Security Management, Security Risk Management)a related security field
* Minimum 7 years experience in implementing and operationalising security to meet business outcomes
* Proven ability to not only influence but lead business partners and supporting teams
* Ability to able to credibly coordinate between technical teams and business stakeholders
* Strong communication skills. Ability to produce detailed and complex written business cases without the use of PowerPoint
Acknowledgement of country:
In the spirit of reconciliation Amazon acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.
IDE statement:
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Description
Amazon Web Services (AWS) is the leading cloud service provider, providing virtualised infrastructure, storage, networking, messaging, and many other services to customers all over the world. AWS runs a globally distributed environment, operating at massive levels of scale. Businesses, from start-ups to enterprises to large government customers, run their operations and applications on AWS' highly secure infrastructure.
AWS Security is looking for a GRC Specialist to contribute to the certification, accreditation, assurance, and authorisation activities across the security program. The successful candidate is a problem-solver, quick-study, with a broad understanding of the regulatory landscape, cloud technologies, experience in security and compliance.
Key job responsibilities
- Serve as the GRC Specialist for designated (physical and/or logical) components within the cloud capability, to perform assurance and authorization activities to ensure adherence to standards and protocols.
- Collaborate with internal teams and customers to establish baselines and level-set the security requirements, security controls, and security objectives.
- Implement ISM, PSPF, DSPF, ASIO T4, NIST and/or other security compliance frameworks into design and build baselines to achieve the agreed security posture.
- Create, optimise, and support cross-functional working groups and projects aimed at enhancing security efficiency and effectiveness across the organization.
- Utilise domain expertise to develop thought leadership material on cloud and emerging technologies, contributing to the organization's knowledge base and industry positioning.
- Deliver to tight deadlines and drive results, demonstrating exceptional attention to detail and ensuring accuracy in all aspects of security management.
Hold or be able to attain an Australian Government Security Vetting Agency clearance (see day in the life
In your day-to-day you will need to exercise sound judgment in making trade-offs between short versus long term security and business goals. You will demonstrate resilience and navigate difficult situations with composure and tact, with a goal to achieve a great outcome for the customer. You will be successful in this role by regularly analysing your own performance with a critical eye. A broad understanding of the AWS business and its interconnections is required. This position will also provide training, advice, and mentorship to other teams throughout AWS.
About the team
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
The team is comprised of security professionals with a cross section of national security and private sector experience, providing a range of perspectives required for creative problem solving. We value diversity of thought, creativity, and a strong Bias for Action and Earn Trust. We believe that there are no "perfect" security solutions and we develop and iterate using a continuous improvement process.
Diverse Experiences
AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why AWS?
Amazon Web Services (AWS) is the world's most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating - that's why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do.
Mentorship & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Basic Qualifications
- 4+ years experience working in areas related to security assurance, such as cybersecurity, auditing, security architecture, regulatory affairs or public sector agencies involved in cybersecurity management.
- Experience working with governance, risk and compliance programs that directly involve interaction with regulatory bodies.
- Proficient with government security frameworks, policies and standards (e.g. PSPF, ISM, DSPF. ASD Essential Eight)
- Experience working with cloud technologies.
Preferred Qualifications
- Degree or equivalent experience in (Computer Science, Engineering, Cyber Security, IT Security Management, Security Risk Management)a related security field
- Minimum 4 years experience in implementing and operationalising security to meet business outcomes
- Proven ability to not only influence but lead business partners and supporting teams
- Ability to able to credibly coordinate between technical teams and business stakeholders
- Strong communication skills. Ability to produce detailed and complex written business cases without the use of PowerPoint
Acknowledgement of country:
In the spirit of reconciliation Amazon acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.
IDE statement:
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Team Description:
We are a team in M365 Core called Substrate; we have the massive responsibility and charter to help ensure the security and trustworthiness of M365 product suite. We want to reshape and modernize security to empower every user, customer, and developer with a secure cloud that protects them with end-to-end via our solutions. The M365 Substrate organization accelerates Microsoft's mission via bold ambitions to ensure that our company and industry are securing digital technology platforms, devices, and clouds across our estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
The Security Engineering team within M365 Core helps to identify threats and gaps in the infrastructure that hosts the planet's largest, most influential organizations. We are looking for individuals who are forging the pentest discipline in new and modern ways in the era of AI. The role will encompass a blend of research and testing which we will guide our collective engineering organizations to secure their products in the most uniform and durable solutions possible. This role as a **Senior Penetration Testing Specialist** will provide the opportunity to work on services which are global scale and provide unique experiences which are hard to replicate or find outside of a major SAAS provider.
Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
**Responsibilities**
As a Senior Penetration Tester, you will conduct offensive security assessments that simulate real-world attacks on M365 products, services, and infrastructure. You will identify vulnerabilities across application, network, and operational domains and collaborate with engineering and security teams to support remediation efforts. This role plays a key part in strengthening the security posture of Microsoft's security suite through hands-on testing and cross-team collaboration.
+ You will decompose work for concurrency/ collaboration. You'll devise more systematic solutions, and spot previously unidentified patterns.
+ You will solve issues systematically and with transparency to customers in technical implementation of solutions related to specific kinds of security issues. You'll begin to develop substantial skills in other kinds of security issues outside areas of expertise.
+ You'll design with long term sustainability and broad applicability in mind, leverage existing solutions, and contribute substantial changes to their improvement. You'll identify and differentiate between solutions to come up with best case solution and start to define policies.
+ You'll help make connections and assist in developing agreements between groups to clarify priorities and identify dependencies.
+ You'll provide coordination across groups, articulate key security issues to teams and upper management, and autonomously drive collaboration across groups.
**Qualifications**
**Required Qualifications:**
+ 5+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
**Other Requirements:**
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:
+ **Microsoft Cloud Background Check** : This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
**Preferred Qualifications:**
+ Experience in attacking AI infrastructure and Models.
+ Leveraging AI for attacks and the penetration discipline.
+ Master's Degree in Statistics, Mathematics, Computer Science
+ OR related field
+ OR 6+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
#aiPenTest #pentest #securityJobs #australia #M365CORE
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations ( .

Team Description:
We are a team in M365 Core called Substrate; we have the massive responsibility and charter to help ensure the security and trustworthiness of M365 product suite. We want to reshape and modernize security to empower every user, customer, and developer with a secure cloud that protects them with end-to-end via our solutions. The M365 Substrate organization accelerates Microsoft's mission via bold ambitions to ensure that our company and industry are securing digital technology platforms, devices, and clouds across our estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
The Security Engineering team within M365 Core helps to identify threats and gaps in the infrastructure that hosts the planet's largest, most influential organizations. We are looking for individuals who are forging the pentest discipline in new and modern ways in the era of AI. The role will encompass a blend of research and testing which we will guide our collective engineering organizations to secure their products in the most uniform and durable solutions possible. This role as a **Senior Penetration Testing Specialist** will provide the opportunity to work on services which are global scale and provide unique experiences which are hard to replicate or find outside of a major SAAS provider.
Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
**Responsibilities**
As a Senior Penetration Tester, you will conduct offensive security assessments that simulate real-world attacks on M365 products, services, and infrastructure. You will identify vulnerabilities across application, network, and operational domains and collaborate with engineering and security teams to support remediation efforts. This role plays a key part in strengthening the security posture of Microsoft's security suite through hands-on testing and cross-team collaboration.
+ You will decompose work for concurrency/ collaboration. You'll devise more systematic solutions, and spot previously unidentified patterns.
+ You will solve issues systematically and with transparency to customers in technical implementation of solutions related to specific kinds of security issues. You'll begin to develop substantial skills in other kinds of security issues outside areas of expertise.
+ You'll design with long term sustainability and broad applicability in mind, leverage existing solutions, and contribute substantial changes to their improvement. You'll identify and differentiate between solutions to come up with best case solution and start to define policies.
+ You'll help make connections and assist in developing agreements between groups to clarify priorities and identify dependencies.
+ You'll provide coordination across groups, articulate key security issues to teams and upper management, and autonomously drive collaboration across groups.
**Qualifications**
**Required Qualifications:**
+ 5+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
**Other Requirements:**
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:
+ **Microsoft Cloud Background Check** : This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
**Preferred Qualifications:**
+ Experience in attacking AI infrastructure and Models.
+ Leveraging AI for attacks and the penetration discipline.
+ Master's Degree in Statistics, Mathematics, Computer Science
+ OR related field
+ OR 6+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
#aiPenTest #pentest #securityJobs #australia #M365CORE
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations ( .