Clerk Grade 9/10, base salary $129,464 – $142,665 + superannuation.
Full‐time temporary until 8 March 2028. Located at Haymarket, Sydney (Hybrid Working). Closing date Friday 10th April 2026 @10am.
Overview
The Data Analytics Centre (DAC) leads a whole‐of‐government approach to data analytics, tackling the State's most difficult policy challenges. As a Senior Cyber Security Analyst you will progress a range of cyber security‐focused initiatives for DAC, driving risk management, compliance, and incident response while strengthening the platform's overall security posture across cloud and ICT environments.
Key Accountabilities
1. Threat Monitoring & Incident Response: Monitor, detect and respond to cyber threats and vulnerabilities; lead incident investigations, forensic analysis and remediation; maintain documentation and reporting; deploy and tune Microsoft Defender for Cloud; configure and optimise Microsoft Sentinel with KQL‐based detection rules.
2. Cloud & Platform Security: Administer and optimise security tools including CrowdStrike (EDR), Qualys (Vulnerability Management); strengthen Azure cloud controls, IAM (Entra ID); oversee vulnerability scanning, patch management and penetration test responses; implement secure Azure architectures aligned to Zero Trust; support network security controls (NSGs, Azure Firewall, Private Endpoints, WAF); automate monitoring and remediation using Azure‐native tooling; implement Infrastructure as Code (IaC) security validation.
3. Identity & Access Management: Configure and manage Microsoft Entra ID security controls; strengthen Conditional Access, MFA, PAM and Privileged Identity Management (PIM); enforce least privilege and RBAC across Azure subscriptions; lead ISO 27001 certification lifecycle activities.
4. Governance, Risk & Compliance: Ensure ongoing compliance with NSW Cyber Security Policy, Essential Eight, PSPF and relevant NIST standards; conduct regular risk assessments and manage audit activities; track remediation of audit findings and compliance gaps.
5. Security Uplift & Continuous Improvement: Develop and improve cyber security policies, standards and procedures; lead uplift initiatives and targeted remediation programmes; support business continuity and disaster recovery planning; evaluate and select security technologies; demonstrate experience with Microsoft Purview and DLP.
6. Stakeholder Engagement & Reporting: Provide clear risk insights and reporting to senior leadership; prepare high‐quality briefs and advice; facilitate working groups and governance forums; translate technical risks into actionable business recommendations.
Qualifications & Experience
7. Strong experience in Azure cloud security, including Entra ID, Microsoft Sentinel, KQL, and Azure security services.
8. Hands‐on experience with EDR (e.g., CrowdStrike) and vulnerability management tools (e.g., Qualys).
9. Experience implementing security controls aligned to ISO 27001, Essential Eight, NIST and PSPF.
10. Knowledge of DevSecOps and Infrastructure‐as‐Code security practices; scripting in Bicep, PowerShell, Python or Azure CLI.
11. Experience across Windows, Linux, cloud and server environments.
12. Strong working knowledge of ISO 27001, NIST, Essential Eight and PSPF; experience managing audit processes and remediation tracking.
13. Strong written and verbal communication skills; ability to brief senior stakeholders clearly and confidently.
14. Experience leading projects or coordinating multi‐team initiatives; ability to operate effectively in fast‐paced, evolving environments.
15. Microsoft Certified: Azure Security Engineer Associate (AZ‐500) or equivalent.
16. ISO 27001 Lead Implementer/Auditor certification (desirable).
17. Experience with OT/ICS/IACS security frameworks.
Essential Requirement
18. The successful applicant must have, or be able to attain and maintain, a baseline security clearance as a condition of employment.
Why Join DAC?
19. Work on high‐impact government data platforms.
20. Lead meaningful security uplift initiatives.
21. Join a specialised team driving whole‐of‐government analytics capability.
22. Flexible hybrid working environment.
The Department of Customer Service (DCS) is focused on delivering excellent customer service, digital transformation and regulatory reform. We welcome applicants who embrace diversity, inclusion and innovation.
#J-18808-Ljbffr