Multiple Lead ICT Security Specialists

We are seeking multiple EL1-level ICT Security Specialists to support cyber security operations and policy implementation across mission-critical environments.You will play a senior role in assessing, managing, and mitigating ICT security risks, and shaping infrastructure that supports classified digital services.

These positions involve a high level of technical and policy expertise, problem-solving, and stakeholder engagement. A merit pool will be created to support current and future recruitment across multiple work areas.

While most roles are located in Canberra, applicants based in Melbourne, Brisbane, or Perth may be considered, subject to operational requirements. Due to the sensitive nature of ASD’s mission, roles are onsite only and remote work is not guaranteed.

Contract Details:

• Start Date: Thursday, 25 September 2025
  
• Initial Term: 18 months
  
• Extension Options: Up to 2 x 12-month terms
  
• Working Hours: 40 hours/week
  
• Security Clearance: Must hold or be able to obtain NV1, NV2, or PV AGSVA clearance
  
• Location: ACT preferred; QLD, VIC, WA may be considered
  
• Organisational Suitability Assessment (OSA): Required prior to or within 12 months of engagement
  

Key Responsibilities:

• Lead ICT security risk assessments, business impact analysis, and assurance activities
  
• Develop and implement security strategies, policies, and procedures in line with ASD standards
  
• Ensure compliance with ISM, PSPF, and Essential Eight frameworks
  
• Conduct incident response analysis and recommend corrective actions or policy changes
  
• Provide expert advice on system security architecture and risk mitigation
  
• Interpret and contribute to the development of security policy and accreditation standards
  
• Manage priorities and workflows, mentor junior staff, and ensure work is delivered on time and to quality standards
  
• Collaborate with internal and external technical stakeholders to develop security guidance and policy
  
• Evaluate strategic and operational risks and contribute to ICT security improvement initiatives
  

Required Technical Skills & Experience:

• Current IRAP Assessor certification
  
• Minimum of 3 years' experience in ICT security across architecture, risk management, network security, or operations
  
• Demonstrated understanding of the ISM, Essential Eight, and PSPF frameworks
  
• Proven ability to build and maintain effective stakeholder relationships
  
• Experience developing and implementing SOPs supporting accreditation frameworks
  
• Strong organisational, written, and verbal communication skills
  
• Desirable: Bachelor's degree in Information Technology, Cyber Security, or a related field
  

Requirements

The Australian Signals Directorate (ASD) is seeking multiple EL1-level ICT Security Specialists to support cyber security operations and policy implementation across mission-critical environments. Successful candidates will play a senior role in assessing, managing, and mitigating ICT security risks, and shaping infrastructure that supports ASD’s classified digital services.

These positions involve a high level of technical and policy expertise, problem-solving, and stakeholder engagement. A merit pool will be created to support current and future recruitment across multiple ASD work areas.

While most roles are located in Canberra, applicants based in Melbourne, Brisbane, or Perth may be considered, subject to operational requirements. Due to the sensitive nature of ASD’s mission, roles are onsite only and remote work is not guaranteed.

Contract Details:

• Start Date: Thursday, 25 September 2025
  
• Initial Term: 18 months
  
• Extension Options: Up to 2 x 12-month terms
  
• Working Hours: 40 hours/week
  
• Security Clearance: Must hold or be able to obtain NV1, NV2, or PV AGSVA clearance
  
• Location: ACT preferred; QLD, VIC, WA may be considered
  
• Organisational Suitability Assessment (OSA): Required prior to or within 12 months of engagement
  

Key Responsibilities:

• Lead ICT security risk assessments, business impact analysis, and assurance activities
  
• Develop and implement security strategies, policies, and procedures in line with ASD standards
  
• Ensure compliance with ISM, PSPF, and Essential Eight frameworks
  
• Conduct incident response analysis and recommend corrective actions or policy changes
  
• Provide expert advice on system security architecture and risk mitigation
  
• Interpret and contribute to the development of security policy and accreditation standards
  
• Manage priorities and workflows, mentor junior staff, and ensure work is delivered on time and to quality standards
  
• Collaborate with internal and external technical stakeholders to develop security guidance and policy
  
• Evaluate strategic and operational risks and contribute to ICT security improvement initiatives
  

Required Technical Skills & Experience:

• Current IRAP Assessor certification
  
• Minimum of 3 years' experience in ICT security across architecture, risk management, network security, or operations
  
• Demonstrated understanding of the ISM, Essential Eight, and PSPF frameworks
  
• Proven ability to build and maintain effective stakeholder relationships
  
• Experience developing and implementing SOPs supporting accreditation frameworks
  
• Strong organisational, written, and verbal communication skills
  
• Desirable: Bachelor's degree in Information Technology, Cyber Security, or a related field
  

Benefits

Essential criteria

1. SCAD 5 - Security operations: Level 5 (SFIA) Monitors the application and compliance of security operations procedures. Reviews actual or potential security breaches and vulnerabilities and ensures that they are promptly and thoroughly investigated. Recommends actions and appropriate control improvements. Ensures that security records are accurate and complete and that requests for support are dealt with according to agreed procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.

2. SCTY 5 - Information security: Level 5 (SFIA) Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to development of information security policy, standards and guidelines. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Develops new architectures that mitigate the risks posed by new technologies and business practices.

3. INAS 5 - Information assurance: Level 5 (SFIA) Interprets information assurance and security policies and applies these to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Plans, organises and conducts information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain. Contributes to the development of policies, standards and guidelines.

4. Our ideal candidates will bring the following attributes: • Strong written and verbal communication skills; •Desire to be accountable for their actions; • Strong stakeholder management skills; • Demonstrate leadership behaviours; • Willing to challenge the traditional ways of doing business; • Thrive in dynamic environments and comfortable with ambiguity; • Outcome-focused mindset; and • Adaptability, resilience, flexibility and teamwork, including regionally dispersed teams, if applicable. Please provide a brief explanation of your experience covering these attributes. (Guide – 300 to 400 words.)

Desirable criteria

1. PBMG 4 - Problem management: Level 4 (SFIA) Initiates and monitors actions to investigate and resolve problems in systems, processes and services. Determines problem fixes and remedies. Collaborates with others to implemented agreed remedies and preventative measures. Supports analysis of patterns and trends to improve problem management processes.

Additional requirements

1. What level of security clearance do you hold and provide your AGSVA CSID?