The Role
We are recruiting for multiple Malware Analyst and Cyber Threat Hunt Analyst positions.
Applicants may apply for one or both of the advertised roles and each role will require completion of technical testing unique to each.
Malware Analyst positions are available in Brisbane.
Cyber Threat Hunt Analyst positions are available in Melbourne.
All applicants will need to demonstrate:
* Interest in technical analysis and technical concepts, including tools, projects or operations.
* Ability to communicate technical knowledge in a concise manner to non-technical audiences.
* Experience in building and sustaining relationships and liaising with a range of technical and non-technical stakeholders.
* Experience working in dynamic environments with competing priorities.
* Experience working independently and being accountable for achieving outcomes, managing work tasks and seeking guidance when required.
CyberLab Malware Analysts
A CyberLab Malware Analyst analyses, understands and reverse engineers malware in support of incident response and forensic investigations of major cyber incidents. Malware Analysts utilise ASD-developed and industry-standard tools, they constantly develop their tradecraft to counter malware anti-analysis techniques to answer questions about the characteristics and capabilities of a given malware sample. The role of a CyberLab Malware Analyst involves becoming an expert in malware reverse engineering and utilising that expertise to develop rules and signatures, which support the work of other teams within the ACSC to detect and defence against malicious cyber threats.
Adversary Pursuit Cyber Threat Hunt Analysts
These are technical roles, requiring an aptitude for complex problem solving and the ability to conduct deep analysis of network communications and endpoint activities to unearth malicious tradecraft. In addition to threat hunting, key responsibilities of the role include development of documentation and processes such as playbooks, refining skills through training opportunities and contributing to enhancement of capabilities.
While formal experience in cyber security, specifically threat hunting or incident response is desirable, ASD is also interested in entry-level applicants who have demonstrable experience in computer science, programming or information technology. Cyber Threat Hunting requires analysts to be curious, have an investigative mindset and be diligent in pursuing leads.
Further information can be found at: Cyber security | Australian Signals Directorate.
About our Team
Cyber Threat Intelligence Division:
Cyber Threat Intelligence (CTI) Division, within the Australian Cyber Security Centre (ACSC) performs a range of intelligence, incident response and technical cyber security functions to keep Australians secure online and safeguard Australia's sensitive information and networks. Key functions include incident response and support to network owners and critical infrastructure, threat detection, and enhancing the understanding of and reducing the risks associated with high-impact cyber adversaries.
Technical Threats and Visibility Branch:
Within CTI Division, the Technical Threats and Visibility Branch (TTV) detects adversaries targeting or exploiting Australian networks by analysing their technical tools and tradecraft. TTV uses this deep understanding to support the ACSC's mission to defend and disrupt malicious activity that threatens Australia's cyber security.
TTV's
CyberLab
section provides Malware Analysis as a Service (MAaaS) to ASD and the broader Australian Government. Analysts are deep specialists who use their technical expertise, custom and industry-standard tooling to reverse-engineer sophisticated malware samples, contributing to the development of automated anti-malware capabilities, indicators of compromise and technical reporting for use in the defence of Australian networks.
TTV's
Adversary Pursuit
section conducts targeted, intelligence led operations to detect sophisticated threat actors on government and important Critical Infrastructure (CI) networks. Adversary Pursuit uses custom tools, tailored detections and all-source intelligence in its pursuit of undetected compromises. Adversary Pursuit works closely with other areas within ASD to conduct operations and collaborate on capability development. Cyber Threat Hunt Analysts working in Adversary Pursuit analyse security log data and other telemetry to identify malicious activity present on CI networks.
Our Ideal Candidate
We are looking for people who are keen to tackle complex and interesting problems. You will be required to exercise high-levels of initiative, demonstrate a resolve to protecting Australia and be a collaborative team member.
In return, we will invest in your career with rewarding opportunities, excellent training, and a competitive employment package to retain skilled employees.
* ASD 4
; must demonstrate exposure to the areas, or related fields listed below and interest in attaining technical skills.
* ASD 5
; must demonstrate experience in the areas, or related fields, listed below and possess relevant technical skills.
* ASD 6
; must demonstrate significant experience in the areas, or related fields, listed below and possess well-developed technical skills. In addition to the below, you must demonstrate that you have experience leading projects, operations and small teams of technical people.
We are seeking candidates who have experience in one or more of the following disciplines, the expected depth of knowledge is dependent on the classification and stream applied for; (ASD 4, 5 or 6)
CyberLab Malware Analysts:
Candidates will have experience in software reverse engineering, an aptitude for complex problem solving and a curiosity to understand the functionality, origin and potential impacts of malware. They will also have experience working cohesively in a technical team and knowledge sharing with other technical staff.
The ideal candidate will also have attained:
* Familiarity with Windows Operating System (OS) internals and Application Programming Interfaces (APIs).
* Experience with assembly code (in particular, x86 and x64 instruction sets).
* Experience in high-level programming and scripting languages (Python preferred).
* Proficiency with reverse engineering tools (disassemblers, debuggers and decompilers).
* An understanding of malware analysis and reverse engineering processes including unpacking, deobfuscation and code reconstruction.
* An ability to develop and enhance automation tools to assist the malware analysis process.
* An ability to develop and modify Yara signatures to detect and hunt for malware at scale.
* An ability to keep clear records of analytic processes and results, identify opportunities for sharing analysis with internal and external stakeholders, and communicate technical information to non-technical audiences.
The following skills are considered desirable;
* Experience and knowledge of malicious adversary lifecycles.
* Experience with information assurance practices, cyber hygiene and how to defend networks against attack.
* Experience in platforms other than Microsoft Windows (e.g. Linux, Android, iOS, MacOS).
* Experience in instruction sets other than x86/x64 e.g. ARM, MIPS.
* Experience in programming languages, such as C.
* Software development experience, including effective automated testing.
* Understanding and experience with DevOps processes and environment.
Cyber Threat Hunt Analysts:
Candidates will have strong experience in
one or more
of the following disciplines:
Host Forensics, specialising in disk forensics (EDR or dead disk):
* In-depth Operating System knowledge.
* Collection and analysis of host artifacts or telemetry to discover sophisticated tradecraft and behavior
* Adversary mindset, i.e. how an APT would manipulate operating systems.
Host Forensics, specialising in Windows/Linux memory forensics:
* Inner workings of memory.
* Collection and analysis of memory artifacts such as crash dumps, hibernation files or page/swap space identify anomalous or malicious activity.
* Adversary mindset (how would they manipulate memory)
Network Forensics:
* Collection and analysis of network telemetry to discover sophisticated tradecraft and behaviour.
* Network protocol analysis (e.g. HTTP, DNS, and SMTP) and knowledge of how these protocols can be used for malicious purposes.
For all disciplines:
* Experience in high-level programming and scripting languages (Python preferred).
* Ability to develop and modify signatures to detect and hunt for malicious activity.
* Ability to document and explain analytical processes through mentoring and technical presentations; collectively enhancing the sections skills.
* Strong written and verbal communication skills.
We are seeking experienced technical leaders who are:
* Passionate about their technical trade.
* Good communicators with effective time management skills.
* Critical and creative thinkers who are keen to mentor.
* Resilient and can work flexibly in a changing environment.
* Able to work both independently and as part of a team.
ASD is seeking applicants to fill current and anticipated vacancies and to create a merit pool for future vacancies. In line with the Australian Public Service Commissioner's Direction 2022, upon completion of the recruitment activity, the merit pool will be available to locations across Australia.
Application Closing Date:
Sunday 15 March, 2026