Hudson is collaborating with a Federal Government agency in search of a seasoned ICT Security Engineer. The successful candidate will be tasked with analyzing and developing system security integration, testing, operations, and maintenance within the agency's Operational Technology Environment, with a primary emphasis on operational technology. The role involves close collaboration with critical infrastructure owners and operators to understand and enhance their cyber security posture.To be successful, you will need to have broad knowledge and skills in:
- Security system design tools, methods and techniques
- Installation, integration and optimisation of system components
- Cyber security and privacy principles and organisational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Countermeasure design for identified security risks.
- Cyber threats and vulnerabilities.
- In assessing security controls based on cyber security principles and tenets (e.g. CIS CSC, NIST SP 800-53, Cyber Security Framework)
- Writing code in a current supported programming language (e.g. Java, C++)
- In determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations or the environment will affect these outcomes.
- In recognising vulnerabilities in security systems (e.g. vulnerability and compliance scanning)
- Analyse and report system security posture
- Verify minimum security requirements are in place for applications
- Perform security reviews, identify gaps in security architecture
- Plan and recommend modifications or adjustments based on exercise results or system environment
- Assess adequate access controls based on principles of least privilege and need-to-know
- Demonstrated knowledge of cyber security technical controls (CIS, ASD), frameworks (NIST-CSF, ISO27000, ISM) and best practice (Microsoft security practices).
- Experience in the implementation (systems engineering), maintenance (system administration) and effectiveness of security infrastructure and security solutions.
- Experience in providing cyber security risk assessment, assurance and reporting activities.
- Experience using tools to identify vulnerabilities, providing remediation strategies and qualifying recommendations.
- Experience in performing architecture reviews to identify gaps in security, resulting in actionable recommendations.
- High attention to detail with good communication skills with stakeholders and clients, and experienced in technical writing.
- Experience with cloud environments, such as Azure, AWS and GCP.
- Tactical, operational, and strategic level cyber threat intelligence skills.
- Experience in the use of threat modelling methodologies and techniques (e.g. MITRE ATT&CK framework).
- Understanding of current challenges and opportunities in uplifting the cyber maturity of OT and ICS environments.
- Canberra based
- Australian Citizen with an active NV1 Security Clearance
- Initial 12-month contract starting 1st July 2024 with up to 2x12 month extensions