Security Assurance Specialist

St John WA has been serving the Western Australian community since 1922. Our organisation has grown into an integrated healthcare provider, connecting people across WA to lifesaving emergency services, urgent care, and health education.

We are a not-for-profit organisation, and we are committed to making a positive impact on the safety, wellbeing, and health of everyone, no matter where in WA they live. Our services are powered by more than 8,000 dedicated employees and volunteers who bring care, skill, and compassion to every corner of the state.

About the Role:

We are looking for a Security Assurance Specialist to join our Digital Services department on a Permanent full-time basis. The Security Assurance Specialist is responsible for the planning, testing and reporting for Penetration Testing activities across St John WA’s technology environment. Focusing on identifying and evaluating security vulnerabilities across a variety of technology types, including web applications, infrastructure, APIs, code bases, and more.

This position will also support the coordination and scheduling of testing activities between BAU and project, contribute to risk assessment conversations, and engage in purple-teaming activities to improve detection and response capabilities.  Working collaboratively across the organisation, the Penetration Tester will help ensure vulnerabilities are effectively identified, understood, and addressed to strengthen overall security posture.

What You’ll Do:

• Plan, scope and execute penetration testing engagements across web applications, internal systems, cloud platforms, APIs and network infrastructure.
• Conducting hands-on testing to identify and validate security vulnerabilities, adapting testing approaches based on target environments, technologies, and emerging threat landscapes.
• Produce clear, structured, and actionable penetration testing reports outlining vulnerabilities, risk ratings, and recommended remediation actions and translate technical findings into business-relevant risk insights for stakeholders.
• Collaborate with development, infrastructure, and cloud teams to provide practical and achievable remediation guidance. Whilst supporting teams in understanding root causes of vulnerabilities and approaches to prevent recurrence.
• Work collaboratively with defensive security teams to simulate realistic attack scenarios and improve detection and response capabilities.
• Support purple team exercises by sharing attacker techniques, tools, and insights to validate and enhance monitoring and alerting controls.

 Security Assurance Specialist PD.pdf

What You’ll Need:

• Mid to Senior experience in Security Assurance or Offensive Security positions.
• Tertiary qualifications in IT and Cyber Security highly regarded and/or relevant industry certifications (ie OSCP, OSWE, CREST, GPEN) is advantageous.
• Demonstrable ongoing professional development in testing tools and techniques, and/or specific technologies (ie Azure)
• Strong analytical and problem-solving skills, with the ability to think critically and identify non-obvious security weaknesses.
• Experience with scripting or programming (e.g., Python, PowerShell, JavaScript, or similar) to support testing, automation, or analysis.
• Demonstrated experience conducting security testing across a variety of technology types, including infrastructure, Cloud, web applications, traditional applications, and internal networks.
• Ability to coordinate and prioritise testing activities, with exposure to purple/red teaming and AppSec/secure development practices advantageous.

Benefits:

The successful candidate will be offered an interactive and supportive working environment, along with:

• $550 Health and Wellness reimbursement
• 17.5% leave loading
• Corporate uniform
• Salary packaging and novated leasing
• Consumer discounts
• Discounts on first aid equipment
• Complimentary First Aid Training
• Complimentary ambulance cover

Ready to Apply?

To be considered for this opportunity, please click Apply Now. You will need to complete the online application form and must include a detailed cover letter outlining your motivations for this position and resume.

Applicants will receive an automated receipt on application. If you have not received this email, please contact the Talent Sourcing team prior to the closing date and time. Late or incomplete applications will not be accepted. Applications that do not include both a cover letter and resume may not be considered.

Alternatively, if you have any questions, please contact Talent Sourcing on careers@stjohnwa.com.au 

Applications close on Tuesday 26th May 2026 at 6:00pm

St John WA is committed to fostering an inclusive, welcoming, and diverse workplace where everyone feels safe to be themselves. We encourage applications from people of all ages, genders, nationalities, abilities, and cultural backgrounds, including Aboriginal and Torres Strait Islander peoples and the LGBTIQ+ community.

St John WA is a child-safe organisation and takes a proactive approach to child safety. We ensure all children engaged in St John WA services are protected, respected, and empowered. Our commitment is supported by clear policies and procedures that reinforce our safeguarding practices. 

St John WA reserves the right to select a shortlist from the applications received. The selection process employed will be at the discretion of St John WA.