Vulnerability Management Specialist

Profectus is seeking Expressions of Interest from Vulnerability Management Specialists to support anticipated opportunities across multiple Australian Government departments and the broader national security community. These roles are expected to operate vulnerability management capability supporting Essential Eight and broader Commonwealth security expectations. Opportunities are most likely to be Canberra-based, with potential travel to government and industry partner sites nationally.

Key Responsibilities

• Operate enterprise vulnerability management tooling across cloud, endpoint and platform estates
• Conduct vulnerability assessment, prioritisation and remediation tracking
• Partner with platform, application and patching teams to drive risk reduction
• Develop vulnerability metrics, dashboards and risk reporting for program leadership
• Embed processes aligned to Essential Eight patching expectations
• Support penetration testing engagements and post-test remediation activities
• Maintain currency with ASD advisories and emerging threat intelligence

Required Experience

• Demonstrated vulnerability management experience at enterprise scale
• Hands-on experience with vulnerability assessment tooling (e.g. Tenable, Qualys, Rapid7)
• Strong working knowledge of the ISM, Essential Eight and patching expectations
• Experience operating in regulated or Australian Government environments
• Excellent reporting and stakeholder management skills

Desirable Experience

• Experience integrating vulnerability tooling with SIEM and ticketing platforms
• Background in cloud-native vulnerability management
• Familiarity with secure-by-design and threat-informed prioritisation
• Exposure to Defence, intelligence or law enforcement environments

Certifications (Highly Regarded)

• GIAC Enterprise Vulnerability Assessor (GEVA)
• Tenable, Qualys or Rapid7 vendor certifications
• CompTIA CySA+ or Security+
• Certified Information Systems Security Professional (CISSP)

Security Requirements

• Must be an Australian Citizen
• Must hold a current Negative Vetting Level 1 (NV1) clearance

Working Arrangements

• Predominantly Canberra-based roles within secure Australian Government environments
• Onsite work is expected for most opportunities, including engagement on classified networks

Why Profectus

Profectus partners with the Australian Government to deliver trusted capability across complex classified environments. We take a long-term, relationship-driven approach, supporting our people across the full lifecycle of their engagement while contributing to outcomes of national importance. We are focused on building a strong network of cleared professionals to support upcoming demand across the Commonwealth and the broader national security community, and encourage Expressions of Interest from individuals seeking meaningful, impactful work in the national security domain.