Open To: Holders of NV2 or higher
Location: Canberra ACT
This Government Department is embarking on a 3 three-year roadmap of, Security Information and Event Management (SIEM), Vulnerability Management (VM), Continuous Monitoring (CM), User Monitoring (UM), and Incident Response (IR).
For this major body of work, they are seeking cyber specialists in the following areas:
Engineering - Capability Development:
- Integrate new systems with cyber capabilities to ensure coverage and collection of valuable audit events
- Develop and enhance technical capabilities detailed in the cyber capability roadmap covering:
• audit and response (SIEM);
• vulnerability management; and
• automated patching and security testing.
Assurance - Continuous Monitoring:
- Expand coverage of vulnerability management and patching across systems and classifications.
- Perform continuous monitoring activities to remediate identified vulnerabilities, this includes:
• vulnerability management within context of the system;
• penetration testing and configuration analysis; and
• development of critical patch/mitigation/remediation reports.
- Reporting and education of cyber security vulnerabilities to inform system owners/managers and improve cyber defence.
Assurance – Security Assessment:
- Develop and enhance security assessment capability, models and processes to streamline authorisation and improve security posture.
- Undertake security assessment of ICT systems and platforms covering:
• development of security assessment test plans;
• performing on system security control validation; and
• documenting the security assessment and Plan Of Action and Milestones (POA&M) reports.
Operations – Audit Analysis and Response:
- Monitor security capabilities for issues, events, IOCs and suspected intrusions across systems/classifications
- Lead technical response activities for confirmed incidents ensuring timely action and reporting is provided to key stakeholders.
- Develop technical response processes and plans for confirmed security incidents.
- Research, identify and maintain audit use cases by engaging customers, developing detailed requirements and evaluating/monitoring effectiveness.
Essential criteria
- Engineering
- Capability Development:
- Examples of delivering: security engineering, software development, data engineering, or system integration capability is essential.
- Hands-on experience with Splunk and/or Tenable is essential
- Assurance
- Continuous Monitoring: - Examples of delivering a vulnerability management capability is essential.
- Hands-on experience with Tenable and/or Splunk is essential
- Security Assessment:
- Examples of delivering: security assessment and/or security control testing is essential.
- Sound knowledge and experience with ISM, PSPF and system authorisation is essential.
- Operations
- Audit Analysis and Response:
- Examples of delivering: security operations, data analysis and/or incident response capability is essential.
- Hands-on experience with Splunk is essential.
- Assurance
- Continuous Monitoring: - CISA or IRAP certification is highly desirable.
- Security Assessment:
- CISA or IRAP certification is highly desirable.
- Experience or qualifications in cloud security is desirable.
Desirable criteria
- Engineering
- Capability Development:
- Relevant industry certifications are highly desirable.
- Operations
- Audit Analysis and Response:
- Relevant industry certifications are highly desirable.