Cyber Threat Analyst

One of our Federal Government clients seeking to engage multiple Cyber Threat Analyst at Canberra location.

Role: Lead Cyber Threat Analysts - (EL1 Level)

Location of work: Canberra

Length of contract: 12 months

Contract extensions: 24 months extension (two extensions of twelve months each)

Security clearance: Must have Negative Vetting Level 1 security clearance

Job details

The Senior Cyber Security Analyst roles covers several aspects of Cyber Operations within the department and maintains a frontline position on developing and uplifting cyber capability within the Cyber Operations team.

The successful candidate is expected work within a technical cyber team an ability to work unsupervised and able to act as a mentor to other cyber analysts within the team.

Demonstrated experience in (but not limited to) the following disciplines and toolsets is expected –

Ability to produce and uplift the existing SOAR capability within the department’s SIEM

Azure DevOps, specifically Infrastructure as Code (IAC) for Azure Security platforms

Producing detailed alerts (KQL/SPL) for systems specific to the departments environment.

Log onboarding activities including log transformation to maintain ingestion levels

Ability to build and maintain a strong working relationship with vendors and technical business areas.

Producing playbooks for common cyber incidents and maintaining the playbook wiki

Incident investigation and response within the designated SIEM, escalating tickets to incident response manager where required.

Demonstrated experience in –

Azure Devops

Azure Sentinel (KQL, SOAR, incident response)

Log onboarding

Log transformation

Defender XDR

Scripting

Splunk

Key duties and responsibilities

Will be responsible for cyber capability development across the following tools/platforms –

Azure Stack (DevOps, Sentinel, Monitor, EntraID, Azure ARC, Defender for Cloud, Conditional Access)

Defender XDR

Splunk

Infrastructure as Code (IAC) experience within the Azure security stack

Producing documentation for in-use security systems and standard operating procedures (SOPs) for incident scenarios

Producing playbooks for common cyber incidents and maintaining the playbook wiki

Change control and representation

Knowledge transfer to Cyber staff within the team

Technical skills

Minimum 5 years technical Cyber Security experience across the following toolsets and disciplines – Incident Response Azure Stack (DevOps, Sentinel, Monitor, EntraID, Azure ARC, Defender for Cloud, Conditional Access) Infrastructure as Code (IAC) Scripting Defender XDR Splunk Active Directory Ticket management / case management systems

Essential criteria

1. Flexible working arrangement can be arranged however resource must be Canberra based.

2. Demonstrated experience with the toolsets and platforms noted under the technical skills section

3. Demonstrated experience using Azure Infrastructure as Code (IAC) within a DevOps environment.

4. Must have up to NV1 clearance and be Canberra based.

Note: If you would be interested to apply, kindly share your updated CV on [email protected].