• Owning the technical and cultural integration of the Australian security team into Packetlabs’ global practice • Mentoring intermediate and junior pentesters locally • Setting and enforcing documentation, workflow, and tooling standards used across regions • Acting as a cultural and technical bridge between regions • Participate in cross-region projects (you will not be siloed to “APAC-only” work) • Communicate findings clearly in both written and verbal formats • Contribute to shared documentation and knowledge bases • Support structured handoffs across time zones when needed • Your primary role is to perform penetration testing of web applications, mobile applications, thick clients, APIs, and infrastructure when ready. • Develop detailed reports on findings and remediations for impactful findings. • Mentor intermediate and junior pentesters • Lead or co-lead internal knowledge-sharing sessions

• Identify the highest-impact security risks and lead remediation end-to-end. • Own application security tooling for code, dependencies, and secrets. • Lead threat modeling, risk assessments, and architecture reviews for new and existing services. • Validate and triage findings from bug bounty and pentests. • Experience integrating security into CI/CD and infrastructure-as-code workflows. • Lead security monitoring and incident response: alerts, investigations, and follow-through.

• Ensure that our clients' security infrastructures and systems remain operational. • Monitor, identify, investigate, and resolve technical incidents and problems, restoring service efficiently. • Handle client requests or tickets with technical expertise, ensuring they are resolved within the agreed service level agreement (SLA). • Actively manage work queues, perform operational tasks, and update tickets with resolution actions. • Log incidents promptly and provide second-level support, communicating effectively with other teams and clients. • Execute changes responsibly and flagging risks and mitigation plans. • Collaborate closely with automation teams to optimize efforts and automate routine tasks. • Audit incident and request tickets for quality, recommend improvements, and contribute to trend analysis reports.

• Develop and maintain a comprehensive product cybersecurity architecture for our product ecosystem, ensuring alignment with industry standards and business objectives. • Stay well-informed of emerging cybersecurity threats and technologies; continuously updating our cybersecurity strategies and solutions accordingly. • Oversee and evaluate the implementation of cybersecurity controls, including but not limited to, encryption, access controls, network security, and secure coding practices. • Collaborate with product development teams to incorporate cybersecurity into the design and development lifecycle of products. • Liaise with external cybersecurity vendors and partners, managing relationships, and ensuring the effective integration of third-party security solutions. • Responsible for career development and performance management of the team. • Document, maintain, and lead the implementation of key activities in the cybersecurity management system. • Conduct, with a cross-functional team, a thorough threat analysis and risk assessment for existing and new products; identifying potential vulnerabilities and proposing mitigation strategies. • Complete the evidence to support the safety case claims for product cybersecurity. • Ensure compliance with relevant industry, regulatory, and organizational cybersecurity standards and policies. • Represent Torc at external standards and industry bodies and communicate our product cybersecurity approach. • Prepare and present reports on cybersecurity architecture, risk assessments, and mitigation strategies to senior management and relevant stakeholders. • Participate in and support product cybersecurity incident response and forensic activities. • Coordinate and share cybersecurity information, risk assessments, and incident updates with IT and Enterprise Cybersecurity teams to ensure consistent alignment of product cybersecurity practices with enterprise-wide standards and response protocols.