Cybersecurity & Systems Engineer

About the Role

The role offers a broad scope, encompassing penetration testing and vulnerability assessments across applications, networks and infrastructure, as well as security risk assessments aligned with frameworks such as ISM, Essential Eight, DISP, ISO 27001 and NIST. You will produce detailed technical reports and executive summaries, embed security controls throughout the system development lifecycle, and manage operating systems and virtual environments, handling patching, account management, backup, performance monitoring and complex troubleshooting. • Conduct penetration testing and vulnerability assessments across applications, networks, and infrastructure. • Perform security risk assessments and maintain accreditation compliance (ISM, Essential Eight, DISP, ISO 27001, NIST). • Prepare technical reports and executive summaries communicating findings and mitigation strategies. • Contribute to system design, integration and verification, embedding security controls throughout the SDLC. • Administer and maintain operating systems and virtualization environments, handling patch management, user accounts, backup/recovery, performance monitoring and troubleshooting. • Work on critical defence projects that shape Australia’s future.

Key Responsibilities

• ▸penetration testing
• ▸vulnerability assessment
• ▸risk assessment
• ▸security reporting
• ▸sdlc integration
• ▸os administration

What You Bring

The ideal candidate brings proven experience in penetration testing, vulnerability management and security risk assessment in complex settings, together with strong systems‑engineering skills in Windows and Linux administration, security hardening and patch management. Familiarity with government and defence accreditation processes, networking, virtualization and cloud platforms is essential, as is the ability to craft high‑quality technical and executive‑level reports. Relevant certifications (e.g., OSCP, CISSP, CEH) or systems‑engineering qualifications (e.g., INCOSE CSEP, ITIL), plus scripting/automation and DevSecOps knowledge, are preferred, and a current Negative Vetting 2 (or higher) clearance is required. • Demonstrated experience in penetration testing, vulnerability management and security risk assessment in complex environments. • Strong hands‑on Windows and Linux administration, including security hardening and patch management. • Familiarity with government/defence accreditation processes and experience with networking, virtualization and cloud platforms. • Ability to produce high‑quality technical and executive‑level reports. • Relevant certifications (e.g., OSCP, CISSP, CEH) or systems‑engineering qualifications (e.g., INCOSE CSEP, ITIL) plus scripting/automation and DevSecOps knowledge. • Current Negative Vetting 2 (or higher) security clearance; ITAR compliance may be required.

Requirements

• ▸penetration testing
• ▸linux administration
• ▸cloud platforms
• ▸devsecops
• ▸cissp
• ▸nv2 clearance

Benefits

Employees enjoy meaningful work on critical defence projects, access to career mapping and accelerated learning programmes, and community‑based knowledge sharing. Perks include discounts on healthcare, retail, vehicles and more via Perks@Downer, and veterans receive up to 20 days of Reservist Leave. As a WORK180 Endorsed Employer, we support flexible working arrangements, inclusive leadership, and equitable access to opportunity, and we provide recruitment adjustments to help every applicant put their best foot forward. • Access to career mapping, accelerated learning programs and Communities of Practice. • Discounts on healthcare, retail, vehicles and more via Perks@Downer. • Up to 20 days Reservist Leave for veterans. • Inclusive, diverse workplace supporting flexible work and equitable opportunities.

Work Environment

Onsite