Security Platform Engineer

About the role

As a Security Engineer, you will make an impact by serving as the named, accountable owner of all security and platform controls that protect a government support service's production environment=You will be a valued member of the Technology & Security team and work collaboratively with the CISO, infrastructure engineers, compliance stakeholders, and third-party audit teams to ensure the organisation's security posture remains robust, auditable, and continuously improving.

In this role, you will:

• Own end-to-end security controls across endpoint (Intune), identity (Entra ID), network access (Zscaler), and cloud platform (Azure) as a single, integrated security boundary protecting PII-bearing production systems

• Design, operate, and continuously improve Conditional Access policies, device compliance rules, and least-privilege access controls in alignment with ISM requirements and IRAP expectations

• Systematically identify, track, and close penetration test findings and audit remediation items with clear, reproducible evidence of control effectiveness

• Prevent security control drift by proactively monitoring all four domains and acting as the escalation point for security-critical platform incidents

• Maintain audit-ready documentation of all security decisions, configuration changes, and control evidence to support ongoing compliance obligations

What you need to have to be considered

• Demonstrated hands-on ownership across all four domains - Microsoft Intune, Entra ID, Zscaler (ZIA & ZPA), and Azure - including design, operation, and remediation in a production environment handling sensitive or regulated data

• Proven experience designing and maintaining Conditional Access policies, device compliance frameworks, and MFA/authentication strength controls that integrate device posture, identity signals, and network access decisions

• Practical experience closing formal penetration test findings in a systematic, documented manner with auditable evidence of remediation

• Working knowledge of the Australian Government Information Security Manual (ISM) and IRAP assessment processes, including alignment of platform configurations to ISM controls

• Strong documentation discipline - you write up configurations, decisions, and remediations in a way that is reproducible and audit-ready without prompting

These will help you stand out

• ASD-certified IRAP Assessor status or direct experience working within a formally IRAP-assessed environment

• Zscaler certifications (ZCCA-IA or ZCCA-PA) and/or Microsoft certifications across SC-300, MD-102, or AZ-500

• Prior experience in a named control-owner or security-accountable role within a government-adjacent, health, or regulated community services environment

• Familiarity with Windows Defender Application Control (WDAC) policy authoring and enterprise Windows Autopilot deployment at scale

• Experience presenting control evidence and security posture updates to non-technical compliance or audit stakeholders