One or more salaried ethical hackers will be brought onboard to manage the security exposure of the software output of the government's Digital Transformation Office (DTO), which recently announced the job opening as part of a recruitment campaign to kick-start its work in pushing Australian government agencies online.
The new position, applications for which close on Wednesday 16 September, will see chosen applicants “continuously discovering, communicating and explaining security vulnerabilities to product teams, and automating this process where it is practical,” the job description reads.
“Ethical hackers work closely with product teams and advise on security at all stages of a service including design, development and operation,” a DTO spokesperson told CSO Australia. “Our ethical hackers will also help promote the philosophy across the organisation that security should be a mindset and a continuous practice, not just a checkbox to be ticked.”
The list of desired characteristics will be interesting reading for any organisation seeking to qualify their expectations of security staff. The DTO's ethical hacker will, the description says, have experience in a broad range of areas including security testing tools (such as Nessus, RKHunter, BURP, and Netsparker); open-source projects including Linux, MongoDB, Postgres, Nginx, PHP, Ruby, and Python); and an understanding of the Open Web Application Security (OWASP) project.
Registration with the Council for Registered Ethical Security Testers (CREST) and Certified Ethical Hacker (CEH) qualifications are amongst the desired skills listed by the DTO, as are experience in Agile environments, physical security, social engineering, static program analysis, fuzz testing, penetration testing, automated testing, and an understanding of virtualisation and cloujaned technologies.
The skills represent a laundry list of desired capabilities for the new government agency, which is also recruiting an interaction designer, user researcher, Web ops engineers technical architects, service manager, developer, and more.
Applicants for the ethical-hacker position will be given a hands-on “technical challenge” to demonstrate their technical skills and applicants' credentials will be thoroughly vetted.
“Ethical hackers will work closely with developers and web ops engineers to fix problems as they are discovered,” the spokesperson explained. “Security problems will be treated, triaged, and tracked in a typical process for dealing with software defects.”
The security specialist's work will be focused on testing products built in-house by the DTO team, which is releasing a range of tools including common platforms and Web services to facilitate agencies' transformation to digital services in line with the DTO's Digital Service Standard.
While there may be scope for other agencies to access the DTO's inhouse ethical-hacker skills, the spokesperson said plans were still “yet to be worked out. However, broader agency engagement is critical to making Australian Government digital security world-class. The DTO's priority focus right now is to create and deliver great public services.”
Blast from the past?
Try our new Space Invaders inspired video game NOW.
What score can you get ?