Cyber Security Engineer

Cyber Security Engineer

Sydney, NSW

Long Term Engagement

Cyber Security Engineer

Responsible for ensuring the security and integrity of Bank information systems and data. This role involves analysing and implementing security measures to protect computer systems, networks, and sensitive information from cyber threats. The Cyber Security Engineer will play a crucial role in identifying vulnerabilities, mitigating risks, and responding to security incidents.

He/she will also be responsible for:

• governing security management
• establishing security strategy
• developing security solutions
• operate security services
• Govern, plan, implement and operate information security

Qualifications/Experience:    

• Experience in working in an IT operations or security operations role 
• A background in Cyber Security (through a relevant degree and/or certification_
• A genuine interest in technology and technical security.
• 5 years’ experience in the field of Cyber Security with a focus on network and systems security
• Proficiency in security tools and technologies.
• Ability to adapt to emerging threats and technologies.
• Tertiary qualifications in an IT or IT Security-related discipline 
• At least 5 years of experience in an IT security architect or senior engineer role and/or equivalent combination of education and experience in IT security. 
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials.

Position Description/Responsibilities:  

Govern Security Management 

Evaluate and enhance the security architecture of the organisation, ensuring it aligns with industry best practices and standards.

Design and implement security solutions to protect the organisation's infrastructure and data.

Monitor ongoing compliance to security and privacy-related regulatory and prudential standards and requirements. 

Develop and execute security awareness programs and provide security trainings for the bank staff. 

Participate in the ARB and CAB meetings to provide security review and recommendations for solution design and changes. 

Participate in review of effectiveness of the Bank’s IT Risk Management Framework as required. 

Establish Security Strategy 

1. Identify current state enterprise security architecture across all architecture domains and the issues of the security architecture. 
2. Conduct research into security environmental trends, threats and technologies. 
3. Identify improvement opportunities within security architecture and establish security requirements for 3-5 year future state. 

Develop Security Solutions 

1. Plan and initiate security solution development works based on the blueprints and roadmap. 
2. Evaluate and select commercial security solutions and tools. 
3. Manage the implementation, testing and deployment of the security solutions. 

Operate Security Services 

1. Implement appropriate measures to mitigate identified risks and diligently monitor the effectiveness of these remedial actions. Ensure all actions are fully resolved and documented.
2. Communicate the risks and remediation actively with key stakeholders as required. 
3. Regularly evaluate the performance of security services against agreed-upon standards. Communicate any discrepancies or achievements to the business to maintain service quality.
4. Maintain and regularly update documentation reflecting the current state of security architecture, ensuring accuracy and accessibility for authorized personnel.

Threat Monitoring and Analysis:

1. Monitor security alerts and incidents, analyse patterns, and respond to potential security threats in real-time.
2. Conduct regular security assessments to identify vulnerabilities and weaknesses.
3. Support day-to-day operations of in-place security solutions and ensure controls are kept up to date with evolving threats.

Incident Response:

1. Develop and implement incident response playbooks to address security incidents promptly and effectively.
2. Collaborate with cross-functional teams to investigate and mitigate security incidents.

Security Procedure Development and Governance:

1. Develop and update security procedures to ensure compliance with relevant regulations and industry standards.
2. Work with stakeholders to implement and enforce security policies across the organisation.
3. Support Cyber Security Strategy and Controls: Governance, Policies, Procedures, Standards and Registers

Vulnerability Management:

1. Perform regular vulnerability assessments and coordinate remediation efforts to address identified vulnerabilities.
2. Keep abreast of the latest security trends, technologies, and threats to proactively address emerging risks.
3. Coordinate and assist in internal and external Cyber Security reviews, assessments, scans, penetration test and audits. 

General

1. Adhere to relevant policies and procedures during daily work processes to minimise instances of operational risk and possible loss to the Bank and bring to management's attention any actual or potential operational risk or losses
2. Adhere to relevant employment legislation e.g. WHS, OHS (Occupational Health & Safety), Anti-Discrimination
3. Other duties and responsibilities as delegated

Competencies/Skills Required:   

• Excellent written and verbal communication skills
• Ability to relate complex technical concepts to non-technical users and decision makers.
• Ability to foster positive relationships with senior stakeholders.
• Excellent analytical skills and having the mentality of a problem solver.
• Understanding of SIEM technologies
• Possess good networking knowledge and understanding of what protocols are used on modern networks and how they relate to security. 
• Knowledge of Intrusion Detection Systems and methods of security hacking/penetration testing
• Ability to work reliably, efficiently and effectively while unsupervised
• Knowledge of a broad range of security technologies and solutions as well as security vulnerabilities and threats. 
• Strong skills to develop long-term security architecture blueprints, and design security solutions. 
• Strong knowledge of traditional security tools as well as Cloud-based security services to design Hybrid Cloud security architecture. 
• Strong knowledge of security operations and security service support. 
• Architectural flexibility to strike the right balance between security risks and business benefits. 
• Good understanding of integrations between security architecture and other architecture domains.