Principal Adviser Offensive Cyber

Principal Adviser – Offensive Cyber

• Great opportunity for an enthusiastic and motivated individual

• Join a global organisation at the forefront of mining

• Opportunity to influence the way that Rio Tinto conducts offensive cyber operations across both IT and Operational Technology environments

• Work in an environment where people are valued and respected

• Permanent role based in Perth, Brisbane or Montreal, where flexible work arrangements are normal

About the role

All progress begins with pioneers. At Rio Tinto, it begins with you.

We are looking for a Principal Adviser – Offensive Cyber to join a global team to contribute to the improvement of Rio Tinto’s cyber security posture through conducting offensive cyber tests on systems identified by Information Systems & Technology (IS&T) and the wider global business. This role is a great opportunity to use your skills across a broad range of technologies, from legacy systems to state-of-the-art industrial automation solutions.

Reporting to the Manager, Threat Intel & Offensive Cyber and working in a collaborative, and supportive environment within our global Cyber Security team, you will be responsible for:

• Testing the following on a day-to-day basis:

  • Enterprise Active Directory domains

  • Global IT networks

  • Bespoke web applications and client-side software

  • Mining equipment and production ICS networks

• Contributing to internal processes and initiatives within Offensive Cyber including looking for new and creative opportunities to add value to the team

• Acting as an internal subject matter expert on penetration testing and potential remediation recommendations

• Management and developing toolsets used to deliver offensive cyber testing services and the delivery of services designed to safeguard the company’s assets, intellectual property and computer systems

• Working with Cyber teams to evaluate new IT technology and determine their appropriateness for product groups – focusing on weaknesses and remediation

• Being an active team member in the day-to-day delivery of cyber security service

What you’ll bring

• Several years of practical experience in an offensive cyber based role, preferably in a large organisation, or a similar ‘asset intensive’ industry

• Demonstrable experience hacking the following technologies – Web Apps, Mobile Apps, Network Infrastructure, Thick Clients, Active Directory, PCN/SCADA

• Experience with one or more general purpose programming or scripting languages such as PowerShell, Python, Perl, Ruby, C#, Java

• Experience communicating technical concepts to a range of audiences, including non-technical and senior stakeholders

• Strong interpersonal, communication and influencing skills to build credibility and collaboration

• Demonstrated ability in report writing

• Strong ability to solve complex problems autonomously

• Certifications like OSCP, GPEN, GXPN, SEC560, SEC565 and CREST (or equivalent) desirable

What we offer

• We offer a range of flexible working and leave options, so you can balance your work and life commitments and interests. Have a conversation with us about how this could work for you

• Be recognised for your contribution, your thinking and your hard work

• An excellent base salary reflective of your skills and experience with annual incentive program.

• Comprehensive medical benefits including subsidised private health insurance for employees and immediate family.

• Attractive share ownership plan.

• Extensive salary sacrifice & salary packaging options.

• Career development & education assistance to further your technical or leadership ambitions.

• Exclusive employee discounts (banking, accommodation, cars, retail and more).

Where you will be working 

Rio Tinto Information Systems and Technology (IS&T) operates in 35 countries, working alongside our colleagues at site operations and hubs to provide IT services, deliver key programmes, and provide help desk support. The function delivers innovative digital solutions for Rio Tinto that drive safety, simplicity and productivity to align with current and future business requirements. Through appropriate governance, consultative processes, and the use of industry best practices, IS&T also ensures that emerging technologies and innovative ideas are evaluated, considered, and adopted, to drive safety, simplicity and productivity.

About Rio TintoRio Tinto is a leading global mining and materials company. We operate in 35 countries where we produce iron ore, copper, aluminium, critical minerals, and other materials needed for the global energy transition and for people, communities, and nations to thrive.We have been mining for 150 years and operate with knowledge built up across generations and continents. Our purpose is finding better ways to provide the materials the world needs – striving for innovation and continuous improvement to produce materials with low emissions and to the right environmental, social and governance standards. But we can’t do it on our own, so we’re focused on creating partnerships to solve problems, create win-win situations and meet opportunities.

Respect and InclusionAt Rio Tinto, we particularly welcome and encourage applications from Aboriginal and Torres Strait Islander people, women, the LGBTI+ community, mature workers, people with disabilities and people from different cultural backgrounds.We are committed to an inclusive environment where people feel comfortable to be themselves. We want our people to feel that all voices are heard, all cultures respected and that a variety of perspectives are not only welcome – they are essential to our success. We treat each other fairly and with dignity regardless of race, gender, nationality, ethnic origin, religion, age, sexual orientation or anything else that makes us different.