Salary: APS Level 5: $85,204 - $95,705; APS Level 6: $95,714 - $108,092
- locations: Adelaide, Brisbane, Canberra, Hobart, Melbourne, Perth and Sydney
- several ongoing permanent positions, full-time or part-time hours; flexible working arrangements
The Australian Bureau of Statistics (ABS) is looking to fill the following **Cyber & Information Security Officer** roles within our Cyber Security and Cyber Operations teams within the Security and Information Assurance Branch:
**Cyber Security roles**
- Governance, Risk and Compliance (GRC) Officer with E8 experience
- Cyber Security Architect specialising in Cloud technologies
**Cyber Operations roles**
- Development Security Engineer familiar with DevSecOps architecture, infrastructure and processes
- Identity and Access Management (IAM) Developer with Java experience and familiarity with DevSecOps processes.
As a **Cyber & Information Security Officer** within the **Cyber Security team**, you may undertake some, or all of the following duties (with varying levels of complexity according to your role and classification level):
- providing security architecture advice and guidance to ABS technical team on security by design principles
- production and publishing of security standards, guidelines, education and awareness materials
- providing specialist cyber security services, security architecture and penetration testing, and responding to security incidents
As a **Cyber & Information Security Officer** within the **Cyber Operations team**, you may undertake some, or all of the following duties (with varying levels of complexity according to your role and classification level):
- deploying, managing and scaling the infrastructure supporting cyber operations across a hybrid ICT footprint encompassing both on premise and cloud environments ensuring security best practice
- developing technical and support documentation, user education guides and self-help knowledge articles
- maintaining awareness of the external environment and recommending opportunities to enhance capabilities through the introduction of new products or features
- liaising with clients and vendors to troubleshoot issues, identify root cause, resolve and document problems and implement preventative measures.
**What we are looking for (selection criteria)**
To be suitable you should have most, or all of the following skills, qualities and experience:
**All roles**
- ability to cultivate positive working relationships with team members and manage stakeholder expectations
- proficiency in professional writing and oral presentation to convey complex information clearly.
**Cyber Security Team roles**
- strong technical capabilities in at least one of the following technology areas:
- cloud security with knowledge of AWS and/or Azure
- security architecture frameworks, standards, and secure by design patterns
- comprehensive understanding of security standards and frameworks, including PSPF, ISM, Essential 8, NIST, ISO27001, CIS, and OWASP
- awareness of fundamental cyber security principles and strong analytical skills with the ability to provide security advice and guidance to stakeholders
- proven experience in cyber security risk identification and mitigation strategies and/or security architecture with in-depth knowledge in one or more the following areas: cloud security, infrastructure security, API security, and Application security.
**Cyber Operations Team roles**
- demonstrated experience in managing and maintaining infrastructure that incorporates process, technology and security elements, by working with commercial-off-the-shelf platforms and/or infrastructure as code deployments
- demonstrated experience in secure CI/CD pipeline deployments and familiarity with DevSecOps architecture, infrastructure and processes
- analytical and/or technical troubleshooting skills with the ability to establish, participate and maintain relationships with stakeholders and vendors, including escalating and managing resolution of issues
- demonstrated experience and proficiency in one or many of the following technologies including but not limited to: SailpointIIQ, Splunk, Sentinel, Dtex, InsightVM, Dynatrace, Cribl, Gitlab, Terraform, Java Script, Checkmarx, Aqua, Jfrog Xray or equivalent products.
Please read the attached