1 Cyber Threat Analyst
RFQ type
DMP2 - ICT Labour Hire
RFQ ID
LH-04403
RFQ published date
Monday, 25 August 2025
Deadline for asking questions
Thursday, 28 August 2025
• 11:59pm, Canberra time
RFQ closing date
Wednesday, 03 September 2025
• 11:59pm, Canberra time
Buyer
Department of Climate Change, Energy, the Environment and Water
Buyer contact
ICTLabourHire@dcceew.gov.au
Estimated start date
Monday, 22 September 2025
Initial contract duration
12 months
Extension term
12 months
Number of extensions
1
Maximum number of candidates per seller
2
Experience level
APS4 equivalent
Location of work
ACT
Working arrangements
Hybrid
If based in the ACT, the successful candidate will be required to attend the Canberra office 3 days per week. If based outside ACT, the successful candidate may be required to attend state office or regional hubs and may be required to travel to the Canberra office one week per month or as required. Individual arrangements can be negotiated with Managers where required.
Maximum hours
40 hours per week
Security clearance
Must be able to obtain Baseline
Job details
The Department requires the services of suitably skilled Cyber Analysts under labour hire arrangements to support its operational cyber security function. These roles are critical to maintaining the Department's monitoring, incident response and advisory capability, and form part of a broader effort to strengthen compliance with the Protective Security Policy Framework (PSPF), the Australian Government Information Security Manual (ISM) and the Essential Eight.
Key duties and responsibilities
The responsibilities of the Cyber Analyst will include but not limited to:
* Incident detection, triage and response – monitor alerts, hunt for threats, gather evidence and escalate or remediate incidents as required.
* ServiceNow ticket and queue management – own cyber-related queues, optimise workflows and coordinate priority escalations with the managed SOC.
* Email, web and application control – assess and action whitelisting or blocking requests for URLs, emails, USBs and packaged applications, including spoofing/authentication checks such as DMARC reviews.
* Access and privilege management – approve or audit admin and privileged accounts and support off-boarding or role changes in line with policy. · Stakeholder engagement and education – deliver cyber hygiene programs, privileged-user training and regular communications to staff and external agencies.
* Process and documentation upkeep – create and maintain standard operating procedures (SOPs), onboarding checklists and knowledge artefacts to keep the team's practices current.
* Vulnerability and configuration management – work collaboratively with external SOC providers to prioritise and remediate vulnerabilities, review logs and applications, maintain SIEM playbooks, and drive broader defensive-security improvements
Technical skills
It is expected that the successful candidate: -works under general direction within a clear framework of accountability for their area of responsibility. -uses their own discretion when resolving minor problems or external enquiries. -has a good understanding of their own specialisation(s) in the delivery of the Services and performs routine work activities. -holds an undergraduate degree relevant to the area(s) of specialisation or similarly regarded qualification.
Criteria
The buyer has specified that each candidate must provide a response to each criterion. Each response is limited to 3000 characters.
Essential criteria
Weighting
1. Demonstrated experience in incident detection, triage, investigation and response, including coordination with internal teams and external SOC providers.
20%
2. Experience managing cyber-related workflows and requests in ServiceNow or similar ITSM platforms.
20%
3. Supporting and contributing to IRAP preparation activities and ensuring accurate documentation in the management and implementation of IT security strategies. Completing technical reviews and endorsements of technical solution designs and identifying opportunities to improve the security posture of the department's network and information.
20%
4. Knowledge of Australian Government cyber security frameworks, including the PSPF, ISM and Essential Eight, and their application in on-premise and cloud environments.
20%
5. Well-developed stakeholder engagement and communication skills, including the ability to deliver user education and prepare clear, actionable security advice.
20%
Desirable criteria
1. Relevant tertiary qualifications or industry certifications.
#J-18808-Ljbffr