Address
Form of work
SalaryCome and join our exciting team in the Queensland Police Service!
QPS Cyber Security is a dynamic group of security professionals responsible for providing a wide range of Information Security services to QPS and partner agencies. We are dedicated to the secure development, support and maintenance of QPS and its partners' IT services, applications and infrastructure.
We are looking for a highly skilled and experienced Cyber Security Incident Response Lead to head up a small team of technical individuals.
The role is split between leadership and technical hands-on Incident Response, threat hunting and forensic investigation work.
You will lead and improve the Incident Response capability, collaborating with the wider security operations team to build and automate enterprise detections and response whilst offering advice to stakeholders to support the organisations cyber defence.
The core capability requirements for this role are:
- Provide technical leadership, direction and strategy for the Information SecurityIncident Response function.
- Serve as the Information SecurityIncident Response Team Manager, to manage and conduct the response to high profile information and cyber security incidents.
- Manage and conduct sophisticated computer and network forensic investigations that pertain to different types of cyber threats.
- Monitor the current and emerging threat landscape and manage the application of threat intelligence to defend and mitigate the impact of cyber attack, through control gap identification, remediation, threat hunting and vulnerability management.
- Lead the continual improvement of the teams' Incident Response capability, through technology, process and procedural reviews, mentoring incident responders/analysts, testing Incident Response plans/processes and providing training and guidance through complex incidents.
- Lead the designing, capacity planning, configuration management, administration, change management, documentation and support of security technologies and services that enable effective security Incident Response.
- Continually expand knowledge of developments and trends within the network and Information Security industry in order to evaluate the benefit and applicability of new and emerging technologies that will benefit the Incident Response function.
- Role Requirements:
Mandatory:
- Availability for out of ours work and/or on-call arrangements as required.
Qualification:
- Tertiary qualifications in Computer Science or equivalent and/or Information Security industry certifications such as CISSP, GIAC (GCIA, GCTI, GCIH, GREM, GCTI), CEH, OSCP, CCSP, CISM and security vendor specific certifications.
Technical/ Operational/ Educational experience:
- 8+ years of demonstrated experience in cyber security engineering with an expert skill level in:
- Incident response
- Threat hunting, intrusion detection and comprehension of attack methodologies
- Forensic Investigation, malware analysis and reverse engineering
- Threat intelligence and modelling.
Demonstrated experience in the effective configuration and administration of enterprise security solutions such as:
- SIEM & SOAR
- EDR & NDR
- Enterprise Firewalls & IDS/IPS
- Application Delivery Controllers (Application Firewalls, Reverse Proxies, Load Balancers)
- Email & Web Content Filtering
- Identity & Access Management
- Networking & VPN solutions
- Multifactor Authentication & RADIUS
- Cloud based services such as AWS & Azure
- PKI.
Experience in programming & scripting languages such as Ruby, Perl, Java, Python, PHP, PowerShell etc.) or other formal coding.
Experience in the following technology domains with a background in one or more:
- Security Assurance Testing (Pen testing).
- Software Development and integration
- Infrastructure (server operating systems, virtualisation, database, storage)
- Automation & Orchestration
- Desktop operating system management
- Mobility (Apple, Windows, MDM's)
Experience in assessing risk and utilising security control frameworks such as the ASD ISM, NIST and ISO27000 series of security management standards.
Other:
- Strong verbal and written communication skills, with the ability to communicate complex and technical issues to diverse audiences in a clear, authoritative and actionable manner.
Applications to remain current for 12 months.
Job Ad Reference: QLD/552086/24
Closing Date: Thursday, 28th March 2024
