As a SIEM Engineer you will work in the Security Capability and Research (SCaR) section which sits within ASD's Information Security Branch (ISB). We report to the Chief Information Security Officer (CISO) and are responsible for oversight, support and safeguarding ASD's most sensitive information across all IT systems. We engineer, deploy and sustain the Security Capabilities that defend ASD. You will be a part of a team that is made up of highly technical Systems Administrators, Security Engineers, Data Engineers and Project support staff who enable a diverse range of strategic and tactical IT Security capabilities that support our IT Security, Security Operations Centre (SOC) and Protective Monitoring.
As a branch, Information Security will support your development in the agency through training and mentoring both on and off the job, providing the opportunities for you to push your skills within a strong and supportive work environment. We are looking for candidates who are motivated to leverage these opportunities to grow and develop their skills to further support ASD's mission.
Further information can be found at: I'm changing my career | Australian Signals Directorate (asd.gov.au)
ASD is seeking applicants to fill current and anticipated vacancies and to create a merit pool for future vacancies. In line with the Australian Public Service Commissioner's Direction 2022, upon completion of the recruitment activity, the merit pool will be available to locations across Australia.
Our Ideal Candidate
The ASD 6 SIEM Engineer will be responsible for the design, implementation and ongoing management of our security monitoring and automated response infrastructure. You will work closely with the Security Operations Centre (SOC) team, threat analysts and IT stakeholders to enhance threat detection and automate response processes, ensuring a rapid and effective response to security events across the organisation's IT infrastructure.
The ASD 6 SIEM Engineer will perform the following duties and responsibilities:
* Configure and develop SIEM content in a complex ICT environment, including core on-premises components (Search Heads, Indexers and Forwarders), data acquisition, mapping data to the standardised security data model and developing and implementing technical use‐cases, alerts, dashboards and reports.
* Work collaboratively within a team of experts of a Security Operations Centre.
* Work across multiple vendor technologies, including Windows, Linux and security appliances.
* Develop SOC documentation, including analyst play‐books and security use‐cases.
* Reports as requested from time to time.
* Integrate data sources from various systems (network, endpoints, cloud, applications) into the SIEM
* Optimize data ingestion, parsing and normalisation to reduce noise and improve performance.
* Support incident response teams with actionable alerts and automated processes.
The ideal candidate will have experience in the following areas:
* Experience in configuration and development of SIEM content in a complex ICT environment, including data acquisition and mapping data to the standardised security data model.
* Developing and implementing technical use‐cases, alerts, dashboards and reports.
* Experience in management of ICT projects.
* Experience working in teams, working with mixed groups and products.
High levels of maturity and professionalism are requirements of this role due to the sensitive nature of some tasking. This will require SIEM Engineers to display sound judgement, integrity, honesty and discretion across all tasks and work processes.
Desirable Qualifications, Experience or Training
Either tertiary qualification or equivalent work experience in one or more of the following relevant fields will be highly desirable:
* Cybersecurity, Computer Science, Information Systems or related field
* Experience with SIEM/SOAR administration or engineering
* Experience in Security Operations Centre (SOC) environment is preferred.
* Proficiency in scripting languages for automation and tool integration
Application Closing Date: Sunday 28 June, 2026
For further information please review the job information pack, reference ASD/02968/26 on Careers | Australian Signals Directorate.
#J-18808-Ljbffr