Contract

Cybersecurity Certification Consulting Engineer

Canberra, ACT 100/hr NV1 Starts ASAP
Posted 2h ago

Cybersecurity Certification Consulting Engineer — LC4S (CA31)

Land Communications & Specialist Systems SPO (LCSS SPO) is seeking a suitably qualified and experienced Cybersecurity Certification Consultant to operate as an embedded part of the Land C4 Systems Branch (LC4S Branch). This role sits within CASG supporting the CA31 fleets.

Overview

CA31 sustains and enhances Land C4 systems at the operational and tactical level, deploying communication systems essential to the conduct of operations in the Land Domain. The successful candidate will be a cybersecurity professional who works effectively in a complex environment, thinks critically, applies excellent problem-solving skills and manages competing priorities with a focus on mitigating risks.

Key Responsibilities

Assessment and Authorisation

  • Provide System Assessment and Authorisation activities as directed by the CA31 Engineering Manager
  • Conduct activities in accordance with the ASD Information Security Manual (ISM), Protective Security Policy Framework (PSPF), Defence Security Policy Framework, and the Cyber Security Assessment and Authorisation (CSAA) Charter
  • Perform security assessments using Operational Effectiveness Reviews (OER) as the default approach, with Design Effectiveness Reviews (DER) where justified
  • Audit the effectiveness of system security controls across CA31 capability systems
  • Develop and deliver assessment artefacts including Security Assessment Reports (SAR), ATO briefs, risk statements and remediation recommendations

Risk Identification and Analysis

  • Identify, analyse, evaluate and escalate cyber security and business risks
  • Assess vulnerabilities associated with security exceptions, software defects, and architecture or design weaknesses
  • Assess system security architecture and services using structured threat modelling methodologies
  • Protect the Confidentiality, Integrity and Availability (CIA) of Defence information and systems
  • Support configuration governance including Change Control Boards (CCB), providing risks, mitigations and options for Executive Authority acceptance

Advisory and Stakeholder Engagement

  • Provide cyber security advice within the defined assessor scope of CA31
  • Support CA31 in understanding and mitigating cyber security risks impacting capability delivery in the LC4 domain
  • Build effective working relationships with sustainment products, OEMs, and operational and security stakeholders

Essential Criteria

  • Qualifications and/or professional experience suitable for eligibility to obtain DCIAB–CSAA endorsement as a Cyber Security Assessor (e.g. CISSP, CISM, ISO 27001 Lead Auditor, IRAP accreditation)
  • Knowledge/experience of radio and satellite communication systems and/or Defence-specific systems
  • Understanding of modern networking, computers and operating systems
  • Demonstrated ability to produce high-quality technical reports
  • Ability to work in a team
  • Current NV1 security clearance (minimum)
  • Ability to work on site a minimum of 3 days per week

Desirable Criteria

  • Extensive industry experience in cybersecurity within communications (radio and satellite)
  • Strong understanding of ICT architectures, networks, platforms, and cyber/security compliance and governance within Defence
  • Comprehensive understanding of Defence systems including C4 capabilities
  • Previous Defence, Army or CASG experience
  • Experience assessing and evaluating risk
  • Understanding of the One Defence Capability System

Work Arrangements

Locations: Defence Plaza Melbourne or Canberra (R2 only). Candidates cannot be accepted outside of these locations. Minimum 3 days per week on site.

Term: ASAP start through to 30 June 2027, with possible extension. Contracting model is Time & Materials.

ITAR Notice

This position may require access to US export-controlled materiel. Applicants will be requested to disclose any dual citizenship and country of birth. Dual citizens may be subject to further assessment, and appointment is conditional upon approval to access US controlled export material in accordance with the United States Arms Export Control Act.

RFQ 2026-153-Joint-LC4S-RFQ · LC4S KEY037 · Skill Set 2.6 Systems and Software Engineering – System Security (Level 3)