Australian Citizens with the ability to obtain NV1 Clearance residing in Australia only respond.
* Contract start: 01 July 2023 to 30 June 2024, with 2 x 12 months extensions.
* Australian Citizen, ability to obtain NV1 Clearance, Canberra role.
Utilise your skills and experience as a Senior Cyber Security Analyst, working within a Security Operations Centre, to maintain and strengthen the Cyber Operations team's security monitoring and incident response capability.
* Develop and document detection and alerting use cases specific to the Department's IT environment and threat model.
* Implement and tune custom detections and analytics rules based on developed use cases in Microsoft 365 Defender and Microsoft Sentinel.
* Develop knowledge articles, playbooks, and procedures to support incident response activities based on use cases and the Department's IT environment.
* Collaborate with security engineers, infrastructure teams, system owners, and application development teams to develop and implement system-specific security monitoring approaches.
* Determine and drive team priorities, including the implementation of toolsets and ingestion of log sources, to improve capability.
* Lead major and critical incident response investigations.
* Action escalated and complex security alerts and incidents.
* Mentor and lead other Cyber Security Analysts within the team.
* Provide advice and support to the Director, Cyber Operations, and Executives as required.
Every application requires addressing selection criteria as part of the application submission.
Selection Criteria:
1. Demonstrated experience as a Senior Cyber Security Analyst working in a Security Operations Centre, including detection engineering and incident response responsibilities.
2. Demonstrated skills and experience in Microsoft Sentinel and Defender products, including responding to alerts and incidents and developing custom detections and analytics rules.
3. Demonstrated experience in working with and investigating security logs from different platforms and devices.
4. Demonstrated experience in strengthening the maturity of a SOC.
5. Experience facilitating incident response simulations.
6. Experience utilising threat intelligence services and tools to inform detection engineering and enrich alerts and incidents.
#J-18808-Ljbffr