Senior Security Vulnerability Specialist na Future Fund

About Future Fund

Reporting to the Security Operations Manager, the Senior Specialist, Security Vulnerability will lead our vulnerability management program and drive uplift in the Agency's technology security posture. This key position partners closely with Technology and business stakeholders to support the secure implementation, operation, and continual improvement of systems and infrastructure. The successful applicant will shape platform enhancements, deliver risk insights, and help embed leading vulnerability management practices across the Agency.

The position is offered on a full-time basis in Melbourne.  The Future Fund operates a hybrid work model, with employees typically combining remote and in-office work to support flexibility, collaboration, and high performance, in line with organisational needs.  Employees are expected to be in the office a minimum of three days/week in the office, with Tuesday and Wednesday being anchor days.

Key Responsibilities

AS Senior Specialist, Security Vulnerability, you will:

• Lead and govern the Agency’s vulnerability management program, including strategy execution, improvement initiatives, and platform (Qualys) administration.

• Collaborate with Technology teams and business stakeholders to triage, resolve, and escalate vulnerabilities and incidents, ensuring effective remediation and compliance with standards.

• Automate vulnerability scanning and reporting processes and ensure integration with associated security tools and workflows.

• Generate timely, tailored reporting for technical, business, and executive audiences; track and communicate key security metrics, mitigation actions, and remediation trends.

• Mentor and support Agency teams in uplift of vulnerability management capability; socialise processes and provide training on using the platform.

• Maintain and continually enhance documentation of all vulnerability management processes, standards, and best practices.

• Monitor the security threat landscape; recommend and drive integration of relevant enhancements to improve the Agency’s risk posture.

• Contribute to agency-wide governance, policy, and incident management activities as required.

About You

The ideal candidate will demonstrate comprehensive expertise in the Qualys enterprise vulnerability management platform, with hands-on experience across one or more core modules. They will have a solid grounding in Microsoft Defender Vulnerability Management and a strong understanding of how to interpret and prioritise vulnerability risk using standard frameworks such as CVSS and related security metrics. Technical proficiency should span multiple environments—from public cloud platforms like AWS and Microsoft Cloud to operating systems including Windows 11, Windows Server, Linux, and containers—with a working knowledge of patch management processes and solutions. In addition, the candidate will have deep experience performing host, cloud, web application, and network vulnerability assessments, and will be comfortable triaging and investigating multiple, often complex, findings. 

Familiarity with industry standards and benchmarks (for example, ISM, ACSC, CIS) is required, with exposure to ServiceNow ITSM solutions considered advantageous. Beyond technical proficiency, they must be credible, risk-conscious, and outcome-oriented, with strong analytical skills and the ability to communicate and collaborate effectively across technical and non-technical colleagues. 

A passion for continual learning, rigorous documentation, and maintaining awareness of emerging threats and relevant controls is essential, with a proven ability to drive secure implementation, uphold best practice standards, and support the organisation’s investment and operational objectives.  Candidates should be able to obtain AGSV Baseline clearance.

Please note that this opportunity is only open to Australian Citizens.
 

We Are For Everyone