Principal Cyber Security Analyst

The Cyber Security, Cloud and Networks Branch within DFAT’s Information Management and Technology Division are seeking an ICT labour hire resource to fill the role of a Senior Cyber Security Analyst. This position is vital to the Cyber Operations Section and involves the application of advanced Analyst skills to conduct defensive cyber security operations, ensuring the protection of our global network from malicious actors.

Job Specific role description

The Cyber Operations Section requires a Senior Cyber Security Analyst to perform the following tasks:

• Assist with log operationalisation and use case creation for newly onboarded systems/log sources.
• Monitor and improve Cyber Security systems.
• Develop and maintain playbooks to assist with Cyber Security tasks.
• Analyse security events and logs to identify patterns of potential anomalous activity, recommend security enhancements, and assist in developing countermeasures to prevent future incidents.
• Undertake incident response and remediation functions.
• Assist with Threat Hunt activities.
• Collaborate with Threat Intelligence teams.

The Skills Framework for the Information Age (SFIA) has been used to inform the requirements. In summary, DFAT seeks a candidate with the following relevant skillset:

Category: Delivery and Operation

Subcategory: Security Infrastructure and System Engineering

Skill: Security Operations (SCAD)

Skill Level: (5+)

Please refer to Skills directory A–Z — English

About the team

The Cyber Operations Section is responsible for the monitoring and protection of DFAT’s environment, ensuring the protection of our global network from malicious actors.

Essential criteria

1.• Minimum 3 years working as a Cyber Security Analyst.

2.• Experience designing, implementing and testing use cases to detect potential malicious activity.

3.• Experience performing incident response activities.

4.• Ability to work well and share knowledge within a team.

5.• Well-developed writing skills and experience maintaining technical documentation.

6.• Experience working with and managing threat intelligence feeds.

Desirable criteria

1.• Experience using Splunk SOAR to develop Playbooks.

2.• Knowledge of Splunk Risk Based Alerting (RBA).

3.• Technical tertiary qualifications, Microsoft or Splunk certifications are highly desirable.

4.• Relevant industry certifications such as CISSP, GCIH, GCIA.

DFAT typically allows a hybrid working arrangement of 3 days in office and 2 days from home depending on a number of factors relevant to the role and at the sole and absolute discretion of the relevant line area manager. Remote based candidates may be considered on a case-by-case basis.