**The core capability requirements for this role are**:
- Provide technical expertise in the configuration and maintenance of SIEM, SOAR, and IR Ticketing infrastructure.
- Plan, manage and participate in the continual improvement for the Security Operations Centre, including improved incident playbook writing and integration, automation and streamlining, investigative practices and incident response capability, infrastructure administration and monitoring, vulnerability assessment and remediation, reporting and other standard operating processes & procedures.
- Lead and conduct the technical response to Information Security incidents.
- Actively participate in prioritising team workload, mentoring analysts and providing training and guidance through complex incidents.
- Participate in designing, capacity planning, configuration management, administration, change management, documentation and support of security technologies.
- Continually expand knowledge of developments and trends within the network and information security industry in order to evaluate the benefit and applicability of new and emerging technologies.
**Role Requirements**:Qualification**:
- Tertiary qualifications in Computer Science or equivalent and/or Information Security industry certifications such as CISSP, GIAC (GCED, GSOC, GCIH, GCTI,GCIA), CEH, OSCP, CCSP, CISM and security vendor specific certifications would be highly regarded.
**Technical/ Operational/ Educational experience**:
4+ years of demonstrated experience, with an advanced skill level, in the effective configuration, support and administration of the following types of enterprise security solutions and services:
- SOAR
- SIEM
- Incident Response
Demonstrated experience, in the effective configuration, support and administration of enterprise security solutions, such as:
- EDR & NDR
- Enterprise Firewalls & IDS/IPS
- Application Delivery Controllers (Application Firewalls, Reverse Proxies, Load Balancers)
- Identity & Access Management
- Networking & VPN solutions
- Multifactor Authentication & RADIUS
- Cloud based services such as AWS & Azure.
- PKI
Experience in the following technology domains with a background in one or more:
- Security Assurance Testing (Pen testing).
- Software Development and integration
- Infrastructure (server operating systems, virtualisation, database, storage)
- Desktop operating system management
- Mobility (Apple, Windows, MDM's)
Experience in programming & scripting languages such as Ruby, Perl, Java, Python, PHP, PowerShell etc.) or other formal coding.
Experience in assessing risk and utilising security control frameworks such as the ASD ISM, NIST and ISO27000 series of security management standards.
**Other**:
- Participation in on-call arrangements and out of hours work as required, isnecessary in this position.
- Strong verbal and written communication skills.
Applications to remain current for 12 months.This work is licensed under a Creative Commons Attribution 3.0 Australia License.