DTO hiring ethical hackers as core part of digital-transformation team

One or more salaried ethical hackers will be brought onboard to manage the security exposure of the software output of the government's Digital Transformation Office (DTO), which recently announced the job opening as part of a recruitment campaign to kick-start its work in pushing Australian government agencies online.

The new position, applications for which close on Wednesday 16 September, will see chosen applicants “continuously discovering, communicating and explaining security vulnerabilities to product teams, and automating this process where it is practical,” the job description reads.

“Ethical hackers work closely with product teams and advise on security at all stages of a service including design, development and operation,” a DTO spokesperson told CSO Australia. “Our ethical hackers will also help promote the philosophy across the organisation that security should be a mindset and a continuous practice, not just a checkbox to be ticked.”

The list of desired characteristics will be interesting reading for any organisation seeking to qualify their expectations of security staff. The DTO's ethical hacker will, the description says, have experience in a broad range of areas including security testing tools (such as Nessus, RKHunter, BURP, and Netsparker); open-source projects including Linux, MongoDB, Postgres, Nginx, PHP, Ruby, and Python); and an understanding of the Open Web Application Security (OWASP) project.

Registration with the Council for Registered Ethical Security Testers (CREST) and Certified Ethical Hacker (CEH) qualifications are amongst the desired skills listed by the DTO, as are experience in Agile environments, physical security, social engineering, static program analysis, fuzz testing, penetration testing, automated testing, and an understanding of virtualisation and cloujaned technologies.

The skills represent a laundry list of desired capabilities for the new government agency, which is also recruiting an interaction designer, user researcher, Web ops engineers technical architects, service manager, developer, and more.

Applicants for the ethical-hacker position will be given a hands-on “technical challenge” to demonstrate their technical skills and applicants' credentials will be thoroughly vetted.

“Ethical hackers will work closely with developers and web ops engineers to fix problems as they are discovered,” the spokesperson explained. “Security problems will be treated, triaged, and tracked in a typical process for dealing with software defects.”

The security specialist's work will be focused on testing products built in-house by the DTO team, which is releasing a range of tools including common platforms and Web services to facilitate agencies' transformation to digital services in line with the DTO's Digital Service Standard.

While there may be scope for other agencies to access the DTO's inhouse ethical-hacker skills, the spokesperson said plans were still “yet to be worked out. However, broader agency engagement is critical to making Australian Government digital security world-class. The DTO's priority focus right now is to create and deliver great public services.”

Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?

Read more: ​Google applies DoubleClick filter to sideline ad injector business

Join the CSO newsletter!

Error: Please check your email address.

Tags DTODigital Transformation Office (DTO)ethical hackerssecurity exposureCouncil for Registered Ethical Security Testers (CREST)digital-transformationCSO Australiavirtualisation

More about AgileCSOLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts