Job Description
As a Senior Cyber Security Analyst, you will play a pivotal role in maintaining a secure and proactive posture against emerging threats. This position requires expertise in contributing to the operations, maintenance, enhancements, and reporting of Application Security, Security Assessments, and Vulnerability Management programs.
You will be responsible for conducting/coordinating application security testing, security assessment, identification of vulnerabilities, and governance of vulnerability remediation.
* Implementation and maintenance of application security programs and application security testing in DevOps
* Implement and maintain security testing tools in DevOps and develop procedures to enhance security and reduce manual effort
* Collaborate with development, operations, and security teams to ensure security findings are addressed and share reports as needed
* Operations and maintenance of Vulnerability Management program ensuring security objectives and SLAs are met by internal staff and supporting vendors
* Plan and coordinate cyber threat emulation activities and communicate technical findings and recommendations
* Support the team in optimising processes and procedures to deliver effective, sustainable, and high-quality security deliverables
* Develop and lead projects with an aim to ensure continuous improvement of NSW Government's cyber security posture
* Identify stakeholder requirements, prioritise workload, and manage team portfolios to meet agreed outcomes and timeframes to ensure prompt resolution of issues
* Keep up-to-date with the latest trends and issues in IT and cyber security risks and solutions to provide recommendations on innovations and best practices to improve cyber security posture across NSW Government
Key Responsibilities
* Implementation and maintenance of application security programs and application security testing in DevOps
* Implement and maintain security testing tools in DevOps and develop procedures to enhance security and reduce manual effort
* Collaborate with development, operations, and security teams to ensure security findings are addressed and share reports as needed
* Operations and maintenance of Vulnerability Management program ensuring security objectives and SLAs are met by internal staff and supporting vendors
* Plan and coordinate cyber threat emulation activities and communicate technical findings and recommendations
* Support the team in optimising processes and procedures to deliver effective, sustainable, and high-quality security deliverables
* Develop and lead projects with an aim to ensure continuous improvement of NSW Government's cyber security posture
* Identify stakeholder requirements, prioritise workload, and manage team portfolios to meet agreed outcomes and timeframes to ensure prompt resolution of issues
* Keep up-to-date with the latest trends and issues in IT and cyber security risks and solutions to provide recommendations on innovations and best practices to improve cyber security posture across NSW Government
Requirements
* Technically minded with proven experience in DevSecOps, DevOps, or a related role
* Strong knowledge of application security methodologies and testing tools for SAST and DAST (Static and Dynamic Application Security Testing)
* Experience with CI/CD tools such as Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps etc.
* Experience with containerisation and orchestration tools (e.g., Docker, Kubernetes)
* Knowledge of infrastructure as code (IaC) tools (e.g., Terraform, Ansible)
* Familiarity with cloud platforms (e.g., AWS, Azure, GCP)
* Experience in ITSM and Ticketing systems is required
* Proficiency in scripting languages (e.g., Python, Bash) is highly desirable
* Candidates with experience in Vulnerability Management tools is an added advantage
* Experience in managing Attack Surface Management and Exposure management tools is highly desirable
* At least 5 years' experience in cyber security, technology, or a related field
* Relevant industry certifications such as SANS, CISSP, CEH, or AWS Certified Security - Specialty or any other relevant certifications in DevSecOps is highly desirable
* A passionate understanding of the changing cyber security environment and a drive to uplift security response effectiveness
* A collaborative team player who can work with technical and non-technical teams to ensure appropriate understanding of cyber security operations and capabilities