Principal Cyber Security Engineer
Sekuro are seeking a senior Principal Cyber Security professional for a minmimum 6 month contract based in Sydney and/or Parramatta.
You’ll maintain continuity of security assurance, strengthen vulnerability management, and uplift security control design and validation across key initiatives.
Why this role matters
You’ll play a pivotal role in:-
- Sustaining assurance and vulnerability management during internal resource constraints
- Delivering timely, actionable reporting to security, ICT, and program stakeholders
- Improving visibility of risks, vulnerabilities, and control gaps across projects and operational environments
- Supporting compliance through evidence collection, control validation, and uplift of assurance artefacts
Responsibilities
- Assess & assure: Lead/support threat & vulnerability assessments, security control reviews, and assurance assessments across project, operational, and third‑party environments
- Document & track: Maintain control mappings, vulnerability records, findings, remediation plans, owners, due dates, and status
- Report & advise: Prepare weekly/fortnightly assurance highlights and monthly summaries with clear risk/mitigation guidance
- Uplift & govern: Support evidence collection, control validation, and monitor remediation/mitigation actions across key cyber initiatives
- Handover cleanly: Provide a comprehensive end‑of‑engagement handover covering assessment status, outstanding risks/vulnerabilities, recommended next steps, and consolidated artefacts
Skills/Experience
- Proven senior experience (e.g., Principal Security Consultant, Senior Security Architect/Assurance Specialist) delivering threat & vulnerability assessments, control assurance, and security advisory in complex enterprises
- Deep expertise with security frameworks: ASD ISM, Essential Eight, NIST CSF, ISO 27001, plus cloud security best practice (Azure/AWS/M365 advantageous)
- Hands‑on vulnerability management: analysis, prioritisation, remediation governance, and executive‑ready reporting
- Exceptional written communication: concise vulnerability summaries, control assessment findings, remediation guidance, and board/executive‑ready assurance packs
- Strong stakeholder engagement across ICT delivery, architecture, business SMEs, and operations
- Assurance support experience: audit readiness, evidence collection, and technical documentation for compliance initiatives
Sekuro

