About the role
As a Security Engineer, you will make an impact by serving as the named, accountable owner of all security and platform controls that protect a government support service’s production environment=You will be a valued member of the Technology & Security team and work collaboratively with the CISO, infrastructure engineers, compliance stakeholders, and third-party audit teams to ensure the organisation’s security posture remains robust, auditable, and continuously improving.
In this role, you will:
· Own end-to-end security controls across endpoint (Intune), identity (Entra ID), network access (Zscaler), and cloud platform (Azure) as a single, integrated security boundary protecting PII-bearing production systems
· Design, operate, and continuously improve Conditional Access policies, device compliance rules, and least-privilege access controls in alignment with ISM requirements and IRAP expectations
· Systematically identify, track, and close penetration test findings and audit remediation items with clear, reproducible evidence of control effectiveness
· Prevent security control drift by proactively monitoring all four domains and acting as the escalation point for security-critical platform incidents
· Maintain audit-ready documentation of all security decisions, configuration changes, and control evidence to support ongoing compliance obligations
What you need to have to be considered
· Demonstrated hands-on ownership across all four domains — Microsoft Intune, Entra ID, Zscaler (ZIA & ZPA), and Azure — including design, operation, and remediation in a production environment handling sensitive or regulated data
· Proven experience designing and maintaining Conditional Access policies, device compliance frameworks, and MFA/authentication strength controls that integrate device posture, identity signals, and network access decisions
· Practical experience closing formal penetration test findings in a systematic, documented manner with auditable evidence of remediation
· Working knowledge of the Australian Government Information Security Manual (ISM) and IRAP assessment processes, including alignment of platform configurations to ISM controls
· Strong documentation discipline — you write up configurations, decisions, and remediations in a way that is reproducible and audit-ready without prompting
These will help you stand out
· ASD-certified IRAP Assessor status or direct experience working within a formally IRAP-assessed environment
· Zscaler certifications (ZCCA-IA or ZCCA-PA) and/or Microsoft certifications across SC-300, MD-102, or AZ-500
· Prior experience in a named control-owner or security-accountable role within a government-adjacent, health, or regulated community services environment
· Familiarity with Windows Defender Application Control (WDAC) policy authoring and enterprise Windows Autopilot deployment at scale
· Experience presenting control evidence and security posture updates to non-technical compliance or audit stakeholders