Security Platform Engineer

About the role

As a Security Engineer, you will make an impact by serving as the named, accountable owner of all security and platform controls that protect a government support service’s production environment=You will be a valued member of the Technology & Security team and work collaboratively with the CISO, infrastructure engineers, compliance stakeholders, and third-party audit teams to ensure the organisation’s security posture remains robust, auditable, and continuously improving.

In this role, you will:

· Own end-to-end security controls across endpoint (Intune), identity (Entra ID), network access (Zscaler), and cloud platform (Azure) as a single, integrated security boundary protecting PII-bearing production systems

· Design, operate, and continuously improve Conditional Access policies, device compliance rules, and least-privilege access controls in alignment with ISM requirements and IRAP expectations

· Systematically identify, track, and close penetration test findings and audit remediation items with clear, reproducible evidence of control effectiveness

· Prevent security control drift by proactively monitoring all four domains and acting as the escalation point for security-critical platform incidents

· Maintain audit-ready documentation of all security decisions, configuration changes, and control evidence to support ongoing compliance obligations

What you need to have to be considered

· Demonstrated hands-on ownership across all four domains — Microsoft Intune, Entra ID, Zscaler (ZIA & ZPA), and Azure — including design, operation, and remediation in a production environment handling sensitive or regulated data

· Proven experience designing and maintaining Conditional Access policies, device compliance frameworks, and MFA/authentication strength controls that integrate device posture, identity signals, and network access decisions

· Practical experience closing formal penetration test findings in a systematic, documented manner with auditable evidence of remediation

· Working knowledge of the Australian Government Information Security Manual (ISM) and IRAP assessment processes, including alignment of platform configurations to ISM controls

· Strong documentation discipline — you write up configurations, decisions, and remediations in a way that is reproducible and audit-ready without prompting

These will help you stand out

· ASD-certified IRAP Assessor status or direct experience working within a formally IRAP-assessed environment

· Zscaler certifications (ZCCA-IA or ZCCA-PA) and/or Microsoft certifications across SC-300, MD-102, or AZ-500

· Prior experience in a named control-owner or security-accountable role within a government-adjacent, health, or regulated community services environment

· Familiarity with Windows Defender Application Control (WDAC) policy authoring and enterprise Windows Autopilot deployment at scale

· Experience presenting control evidence and security posture updates to non-technical compliance or audit stakeholders