Security Platform Engineer

About the role A s a Security Engineer , you will make an impact by serving as the named, accountable owner of all security and platform controls that protect a government support service’s production environment=You will be a valued member of the Technology & Security team and work collaboratively with the CISO, infrastructure engineers, compliance stakeholders, and third-party audit teams to ensure the organisation’s security posture remains robust, auditable, and continuously improving. In this role, you will: · Own end-to-end security controls across endpoint (Intune), identity (Entra ID), network access (Zscaler), and cloud platform (Azure) as a single, integrated security boundary protecting PII-bearing production systems · Design, operate, and continuously improve Conditional Access policies, device compliance rules, and least-privilege access controls in alignment with ISM requirements and IRAP expectations · Systematically identify, track, and close penetration test findings and audit remediation items with clear, reproducible evidence of control effectiveness · Prevent security control drift by proactively monitoring all four domains and acting as the escalation point for security-critical platform incidents · Maintain audit-ready documentation of all security decisions, configuration changes, and control evidence to support ongoing compliance obligations What you need to have to be considered · Demonstrated hands-on ownership across all four domains — Microsoft Intune, Entra ID, Zscaler (ZIA & ZPA), and Azure — including design, operation, and remediation in a production environment handling sensitive or regulated data · Proven experience designing and maintaining Conditional Access policies, device compliance frameworks, and MFA/authentication strength controls that integrate device posture, identity signals, and network access decisions · Practical experience closing formal penetration test findings in a systematic, documented manner with auditable evidence of remediation · Working knowledge of the Australian Government Information Security Manual (ISM) and IRAP assessment processes, including alignment of platform configurations to ISM controls · Strong documentation discipline — you write up configurations, decisions, and remediations in a way that is reproducible and audit-ready without prompting These will help you stand out · ASD-certified IRAP Assessor status or direct experience working within a formally IRAP-assessed environment · Zscaler certifications (ZCCA-IA or ZCCA-PA) and/or Microsoft certifications across SC-300, MD-102, or AZ-500 · Prior experience in a named control-owner or security-accountable role within a government-adjacent, health, or regulated community services environment · Familiarity with Windows Defender Application Control (WDAC) policy authoring and enterprise Windows Autopilot deployment at scale · Experience presenting control evidence and security posture updates to non-technical compliance or audit stakeholders