Junior Security Analyst
Kick-start your cybersecurity career supporting ISO 27001, SOC 2, GRC and compliance projects for our clients.
CyberNinja is a Sydney-based cybersecurity and compliance consultancy. We act as a virtual CISO for businesses across Australia and New Zealand, helping them achieve and maintain certifications like ISO 27001, SOC 2, ISO 42001 and PCI DSS. We're small enough that your work matters from day one, and structured enough to help you grow quickly.
We're looking for a motivated Junior Security Analyst to join our team. You'll work alongside senior consultants on real client engagements, supporting compliance and GRC projects from the ground up. This is a hands-on role for someone early in their career who wants to learn fast in a consultancy environment.
- Support ISO 27001, SOC 2 and other framework implementations: evidence collection, control testing and documentation
- Help clients build and maintain risk registers, policies, procedures and security awareness materials
- Assist with gap assessments and audit readiness across multiple frameworks
- Prepare and organise audit evidence, and help track remediation of findings
- Support internal audits and management reviews under senior guidance
- Research framework requirements and help translate them into practical actions for clients
- Contribute to client reports and vCISO deliverables
- Right to work in Australia, and able to work hybrid (3 days/week) from our Sydney office
- Foundational understanding of information security concepts (for example the CIA triad, common threats and controls)
- Strong written and verbal communication skills, since a lot of GRC work comes down to clear writing
- Genuine interest in governance, risk and compliance frameworks (ISO 27001, SOC 2, Essential 8)
- Detail-oriented and organised, and comfortable juggling several client engagements at once
- Security or GRC certifications (ISO 27001 Foundation, CompTIA Security+, and similar) or working towards them
- Exposure to cloud platforms (AWS, Azure or GCP) or compliance tooling
- Familiarity with an additional framework: PCI DSS, ISO 42001, Essential 8 or NIST
- A degree in cybersecurity, IT or a related field
- 1Submit the form. No resume needed.
- 2If you look like a good fit, our team reaches out for a quick intro call.
- 3An interview with the consultants you'd be working with.
- 4A final chat, then an offer.
We aim to get back to every applicant within 5 business days, so you're never left wondering.
Tell us about you
No resume needed. Just answer the questions below, and if you're a fit, our HR team will reach out.
Why CyberNinja
What you get out of it
Small enough that your work matters on day one, structured enough to help you grow fast.
Learn from experts
Work shoulder-to-shoulder with senior consultants on ISO 27001, SOC 2, and real GRC engagements.
Real client impact
Your work directly protects real businesses across Australia and New Zealand, from startups to enterprises, not internal busywork.
Hybrid, in Sydney
Three days in the office for mentoring and collaboration, the rest wherever you do your best work.
Room to grow
A clear path from analyst to consultant, with certifications and training backed by the firm.
CyberNinja is an equal opportunity employer. We welcome applications from people of all backgrounds and are committed to a fair, inclusive hiring process. We especially encourage applications from Aboriginal and Torres Strait Islander peoples, people with disability, and people from culturally and linguistically diverse backgrounds. If you need any adjustments to take part in our process, just let us know.