.png){kind=logo}
Vulnerability Management Specialist
Our client has existing vulnerability management activity and tooling in place, but no dedicated owner. This role exists to formalise, elevate, and lead that capability, turning ad-hoc activity into a mature, structured function across a portfolio of managed clients. You are walking into an environment with real foundations already in place. There are tools, clients, and institutional context to build from. The mandate is clear: you will own it, shape it, and drive it forward.
This is a high-pressure, high-workload role within a newly created stream for a leading Australian MSP. You will not be sitting in a SOC monitoring alerts; you will be managing the end-to-end vulnerability lifecycle for a diverse portfolio of government and corporate clients.
What you will actually do:
- Running the end-to-end vulnerability management lifecycle across multiple client environments, from scanning through to coordinating remediation with operational teams
- Formalising and maturing the vulnerability management practice, including processes, reporting, and tooling improvements
- Producing vulnerability reports that make sense to both technical teams and executive stakeholders
- Leading VM meetings and acting as the bridge between Security and Operations, including having real conversations about patching prioritisation
- Providing remediation guidance aligned to compliance frameworks, with a particular focus on Essential 8 (Patch Applications and Patch OS)
Key Requirements:
We are genuinely open on background. You might be an experienced VM analyst ready to step into full ownership, or someone with strong cyber foundations who is passionate about vulnerability management and wants to specialise. Either way, you will need:
- Australian Citizenship is mandatory (required for government-level security clearances).
- Tooling: Rapid7 InsightVM or Microsoft Defender preferred. Tenable or Qualys are also fine
- Compliance: Working knowledge of Essential 8 and ISM compliance in practice, specifically Patch Applications and Patch OS. You know how to apply the frameworks, not just recite them
- MSP mindset: Ability to operate in a fast-moving MSP environment with multiple clients, competing priorities, and high context-switching
- Communication: You can explain why patching a server matters to someone whose main concern is uptime, and you can do it without losing the room
- Right mindset: Comfort with a role that has rhythmic, repeating elements. The best VM professionals understand that consistency is the skill. Scanning, reporting, and driving remediation week after week is not boring to them, it is how you actually move the needle on an organisation's security posture
Aboriginal and Torres Strait Islander Peoples are encouraged to apply.
To apply please click apply or call Cody Berry on 02 8289 3123 for a confidential discussion.
About the job
Contract Type: Permanent
Specialism: Technology & Digital
Focus: Cyber Security & Risk
Industry: IT
Salary: AUD110,000 - AUD140,000 per annum + + Super + Bonus
Workplace Type: Hybrid
Experience Level: Mid Management
Location: Sydney CBD
FULL_TIMEJob Reference: CHNXHB-7BF6D770
Date posted: 2 April 2026
Consultant: Cody Berry
sydney technology-and-digital/cyber-security-and-risk 2026-04-02 2026-05-02 it Sydney CBD New South Wales AU 2000 AUD 110000 140000 140000 YEAR Robert Walters https://www.robertwalters.com.au https://www.robertwalters.com.au/content/dam/robert-walters/global/images/logos/web-logos/square-logo.png true