About the Role
As a senior leader in our consulting and advisory practice, you will lead high-impact consulting engagements across Australia and internationally, guiding customers through assessment, design, and implementation of cyber defenses for energy assets.
In this role, you will:
- Manage a small team of consultants, oversee red team/pen test exercises, and advise executives and engineering leaders on risk, resilience, and regulatory alignment. Expect a hands-on mix of OT/ICS and cloud security, threat detection, and incident response.
- Play a key role as a subject matter expert and solution engineer for the product business, helping to shape the use cases and supporting capabilities that are important to our customers.
- Lead engagements end-to-end by scoping, planning, and delivering security architecture risk assessments, roadmaps, and remediation programs; own client outcomes and stakeholder communication.
- Perform GRC reviews against a range of control frameworks, with AES-CSF and IEC 62443 experience beneficial.
- Design segmented OT networks, secure remote access, identity & access controls (including privileged access), monitoring & logging, and zero-trust patterns bridging IT/Cloud and OT.
- Guide secure patterns on AWS/Azure/GCP (landing zones, IAM, network controls, key/cert management, vulnerability management, container/Kubernetes, data protection).
- Build and review attacker-centric threat models for wind/solar/storage sites, substations, SCADA/DCS/PLC environments; map detections and use-cases for SIEM/XDR/OT detection platforms and tune alert quality.
- Develop IR runbooks and playbooks, conduct tabletops and purple-team drills, coordinate with SOC/MSSP partners.
- Plan/supervise pen tests and red/purple team exercises, ensure safe operations in live OT, translate findings into actionable remediation.
- Mentor consultants, set quality bars, perform reviews, and support hiring/onboarding.
- Produce concise guidance, patterns, client briefs, and present at industry forums and feed product feedback to CAPA engineering.
Requirements
Skills and Experience
Must have:
10+ years in cybersecurity with 5+ years focused on OT/ICS in energy, utilities, or critical infrastructure.
Consulting core skills: executive communication, structured problem solving, polished writing, SOW/proposal creation, and stakeholder management.
Experience supervising red/purple team activities and translating offensive findings into prioritised, risk-based remediation.
Team leadership: led small teams (2–5), set delivery standards, mentored consultants, and managed workload/forecasting.
About the Company
We’re a mission-driven and dedicated team working to improve the cyber security and operational resilience of Australia’s electricity sector.
Our clients are top tier utilities across Australia, including networks, retailers, generators and system operators, delivering niche capabilities in Threat Detection and operational intelligence.