Key skills
AWSAzureCyber SecurityDNSFirewallsLinuxTCP/IPVMware
About this role
Role Overview
- Implement security engineering standards and roadmap
- Contribute to security requirements for new systems
- Ensure security platform and log source health
- Maintain security protection across the organisation
Requirements
- Proven experience with Cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Cyber intelligence/information collection capabilities and repositories
- SOAR Automation Experience
- Cyber security and privacy principles and frameworks including ISO27001, NIST, SOCI, ASD Essential 8
- Cyber threats and vulnerabilities
- Operating Systems (Linux / Windows), networks, firewalls, email security, authentication systems, O365, Azure and AWS, VMware, web, DNS, hypervisors, containers
- Logging best practices and configurations
- OSI model and underlying network protocols (e.g., TCP/IP), network traffic analysis methods
- Network architecture concepts including topology, protocols, and components
- Security Platform Management: Ensure security platforms are built according to design. Contribute to security policies and standards. Educate the business on security policies, standards and what good looks like. Ensure the entire environment is protected, gaps are identified, and plans are in place to remediate.
- Security Platform Health and Operational Security: Manage security platform health and asset coverage across all security tools including SIEM, vulnerability management tools, threat intelligence platforms and feeds, deception networks and honeypots. Ensure vendor best practice settings are applied and that security policies have been enforced on security tools including sensor updates. Tune sensors. Onboard and maintain log sources.
- Automation and Detection Development: Develop automation to automate manual security tasks. Develop SOAR playbooks to enrich security events to reduce manual investigations performed by security analysts. Contribute to the engineering backlog of automation, detection development and continuous improvement.
- Continuous Improvement: Contribute to the security engineering roadmap. Develop requirements for new enhancements. Develop remediation plans for known risks. Onboard new assets and log sources into security tools.
- Level 1 / 2 Security Alert Investigations / Incident Response: Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. Triage security alerts based on the threat to the organisation and security policies. Analyse security threats through open-source and paid tools. Perform forensic activities and work with third party incident responders.
Tech Stack
- AWS
- Azure
- Cyber Security
- DNS
- Firewalls
- Linux
- TCP/IP
- VMware
Benefits
- 26 weeks paid parental leave for both primary and secondary caregivers (in addition to any government-paid leave)
- Discounted internet up to the value of $109 per month
- 20% off our Mobile services
- Day to day benefits like flexible working arrangements, Employee Assistance Program (EAP), discounts with big names like Specsavers, HCF and many more
- Celebrating you! With monthly rewards and recognition
- Internal training and resources for you to continue to learn, grow and achieve your career goals
- Yearly allowance for amazing Aussie merch
- Fitness Passport for access to multiple gyms and pools across Australia