IRAP Consultant / Assessor

  • VIC, NSW, ACT, Hybrid
  • Full-time

About the role

SolStak is seeking an IRAP Consultant / Assessor to lead Information Security Registered Assessors Program (IRAP) engagements for sovereign Defence and government systems. You will assess security posture, produce accreditation artefacts and guide teams through the ISM, PSPF and ASD Essential Eight.

What you’ll do

  • Plan and deliver IRAP assessments for cloud, platform and application environments
  • Evaluate controls against the ISM, PSPF and agency-specific security requirements
  • Produce security assessment reports, risk treatments and accreditation documentation
  • Work with engineering teams to remediate findings and validate control effectiveness
  • Advise stakeholders on security architecture, authorisation boundaries and ongoing assurance

What we’re looking for

  • Demonstrated experience delivering IRAP or equivalent Australian Government security assessments
  • Strong knowledge of the ISM, PSPF, Essential Eight and risk management frameworks
  • Ability to assess cloud, identity, data and platform controls in complex environments
  • Clear written communication and confident stakeholder engagement
  • Australian citizenship
  • Minimum two years of proven experience in a relevant role
  • Own GitLab instance and home lab environment (highly desirable)
  • Existing Australian Government security clearance (highly desirable)
  • Industry certifications (highly desirable)

What it feels like to work here

You’ll operate at the intersection of security assurance and real delivery — not checkbox compliance in isolation. SolStak IRAP practitioners work alongside engineers who implement your recommendations, with direct access to clients and the autonomy to call findings clearly. Hybrid work across VIC, NSW and ACT keeps you connected to programmes without the overhead of a large consultancy.

Why engineers join

  • Lead IRAP assessments on sovereign Defence and government programmes
  • Work with technical teams who fix findings — not endless report cycles
  • Exposure across cloud, data, identity and platform stacks
  • Build a portfolio of accredited, high-impact security engagements
  • Join a team that values rigour, clarity and getting authorisation done properly

What technologies you’re exposed to

IRAP consultants at SolStak assess the full sovereign ICT stack — from data platforms and hyperscale cloud through to virtualisation layers and security tooling.

Data engineering

  • Cloudera, Spark and enterprise data platform security controls
  • Data classification, encryption and audit logging assessments

Cloud & hyperscalers

  • AWS, Azure, GCP and sovereign cloud landing zone assessments
  • Shared responsibility models, IAM and hybrid connectivity reviews

Virtualisation & platform

  • VMware, OpenShift, Kubernetes and container platform hardening
  • Infrastructure-as-code, GitLab CI/CD and DevSecOps pipelines

Security products

  • SIEM, SOAR, PAM, MFA, WAF and network security controls
  • PKI, vulnerability management and continuous monitoring platforms