The Cyber Incident Controller plays a critical role in protecting the Department, including schools, by leading the detection, management, and response to cyber security incidents.
About the role
The Cyber Incident Controller plays a critical role in protecting the Department, including schools, by leading the detection, management, and response to cyber security incidents. This position provides incident response leadership by operating the Cyber Security Incident Response Service in accordance with the Department's Cyber Security Incident Response Plan (CSIRP).
Working in a fast-paced, high-volume, and complex environment, you will analyse cyber threat intelligence, deliver technical advice, and administer and specialise in enterprise security platforms. Using a range of security tools and threat intelligence sources, you will actively respond to incidents and provide insights that strengthen the Department's overall security posture.
The role also develops high-quality reporting and data insights for internal and external stakeholders on cyber incidents, threats, and vulnerabilities to inform performance, recovery, and remediation activities. You will work closely with multi-disciplinary ICT teams, school technical teams, other divisions, and external agencies including the Victorian Government Cyber Incident Response Service (CIRS), the Australian Signals Directorate (ASD), and the Office of the Victorian Information Commissioner (OVIC).
Key Responsibilities
* Lead and control cyber security incidents from detection through containment, eradication, and recovery
* Run CSIRT meetings and provide clear, timely updates and advice to stakeholders
* Analyse security events to determine severity, impact, and long-term consequences
* Conduct investigations, threat intelligence analysis, threat hunting, and trend forecasting
* Produce situational reports and collaborate with risk teams to manage impacts
* Work with external incident response teams during crisis situations, providing forensic and technical support
* Develop reporting and data insights on incidents, threats, vulnerabilities, and response effectiveness
* Maintain and enhance the Department's security posture using enterprise security platforms
Skills & Capabilities
Incident Response & Leadership
* Proven experience leading cyber incident response activities in a large, complex environment
* Strong stakeholder engagement skills with the ability to communicate technical issues clearly
* Expertise in writing situational and executive-level incident reports
Threat Analysis & Investigation
* Experience analysing security events to determine criticality, impact, and appropriate response
* Strong aptitude for investigations, threat intelligence, hunting, and analysis
* Ability to correlate events and alerts to identify emerging or active threats
Technical Expertise
* Strong knowledge of attack tactics, techniques, and procedures using the MITRE ATT&CK framework
* Understanding of NIST Cybersecurity Framework, incident response frameworks, and threat modelling
* Hands-on expertise with:
o SIEM: Microsoft Sentinel and/or Splunk
o EDR: Microsoft Defender
o ServiceNow
o Vulnerability Management: Tenable
* Experience with log integration, automation, and analysis using:
* KQL and/or SPL
* Scripting (Python, Bash, PowerShell)
Qualifications & Experience
* Bachelor's degree or Diploma in Cyber Security or a related field
* Minimum 3–4 years demonstrated experience in cyber incident response, digital forensics, or cyber security investigations within a large and complex environment
* Proven experience leading cyber incident response activities
Desirable Certifications
* CISSP
* CEH
* Security+
* SANS Digital Forensics or Incident Response certifications
How to apply
Applicants are encouraged to include a Curriculum Vitae and a Cover letter addressing the key selection criteria provided in the position description.
Further Information
For more details regarding this position please see attached position description for the capabilities to address in application.
The department values diversity and inclusion in all forms - gender, religion, ethnicity, LGBTIQ+, disability and neurodiversity. Aboriginal and Torres Strait Islander candidates are strongly encouraged to apply. For more information about our work, working for the Department, diversity and inclusion, and our employment conditions visit the Department website and our Diversity and Inclusion page
Applicants requiring adjustments can contact the nominated contact person.
Information about the Department of Education's operations and employment conditions can be located at www.education.vic.gov.au.
Preferred applicants may be required to complete a police check and may be subject to other pre-employment checks. Information provided to the Department of Education will be treated in the strictest confidence.
Please let us know via phone or email if you require any adjustments to ensure your full participation in the recruitment process or if you need the ad or any attachments in an accessible format (e.g large print) due to any viewing difficulties or other accessibility requirements.
Applications close 11:59pm on 24/02/2026