The Organisation The Australian Security Intelligence Organisation (ASIO) protects Australia and Australians from threats to their security. In a complex, challenging and changing security environment, our success is built on the imagination and intelligence of our team. ASIO's people are ordinary Australians but they do extraordinary things - they are our most important asset. To be successful in our mission, we need talented people who are highly capable, dedicated, adaptable and resilient. We seek to reflect the community we protect. ASIO is committed to fostering a diverse and inclusive environment, where all staff are valued and respected. We welcome applications from all eligible candidates, irrespective of gender, sexual orientation, ethnicity, religious affiliation, age or disability. Aboriginal and Torres Strait Islander peoples are encouraged to apply. We are secretive about what we do, not what we value. The opportunity ASIO employs a diverse range of cyber security specialists across offensive and defensive functions. As a cyber security specialist, you could be involved in the protection of ASIO from insider and cyber threats, or directly contribute to operational activities. At ASIO, you have the opportunity to develop, expand and apply your skills across the full breadth of its cyber security functions. We are seeking senior cyber security technologists across multiple levels to fill vacancies in our Cyber Security Operations Centre (SOC). This includes roles that specialise in: • Protective monitoring. • Incident response. • Platform and detection engineering. • Cyber threat intelligence. • Threat hunting. • Red teaming/attack modelling. • Vulnerability assessment. SOC technical leaderships roles are critical to ensuring that ASIO is effectively mitigating cyber security threats through the delivery of cyber security monitoring and response capabilities, and the delivery of technical capabilities to support cyber security functions. These positions may attract an additional technical skills allowance. A merit pool may be created to fill future vacancies which have the same or similar requirements to this position. This merit pool will be valid for up to 18 months. The key duties of the position include Role responsibilities As a Senior Cyber Security Operations Centre Analyst (SITEC) in ASIO, you will: • Utilise your strong understanding of emerging cyber-attacks to develop mechanisms to monitor and detect malicious activity on ASIO systems. • Lead the analysis of security event logs, network traffic, and system activity to identify and understand security threats. • Lead the response to security incidents by investigating and resolving malicious activity. • Ingest and implement threat intelligence to improve threat detection and contribute to the creation of tactical and strategic intelligence. • Undertake threat hunts to proactively detect malicious activity on systems. • Lead the development and maintenance of documentation of security incidents, including root cause analysis and lessons learned. • Maintain up-to-date technical knowledge on the latest cyber security threats, technologies and developments. As a Senior Cyber Security Operations Centre Detection Engineer (SITEC) in ASIO, you will: • Assess and determine detection requirements for each monitored environment using relevant frameworks, policies, system and application risks, business risk and threat intelligence. • Lead the development, testing and deployment of updated and new detection content across the monitored estate with support from the threat intelligence, protective monitoring and incident response teams. • Review and update existing detection content to ensure it remains relevant and appropriate to the monitored estate. • Provide operational support for a number of cyber security technologies such as endpoint security, network security, cloud security and vulnerability management to ensure they address detection requirements. • Lead the delivery of accurate documentation on deployed detection content to ensure the SOC has an accurate view of content coverage across the monitored estate. • Investigate and maintain up-to-date knowledge on the latest cyber security technologies, with particular focus on detection and security automation technologies, to contribute to continuous service improvement efforts. As a Senior Cyber Security Operations Centre Platform Engineer (SITEC) in ASIO, you will: • Lead the design, configuration and management of complex infrastructure and security technologies across both cloud and on-premise environments in collaboration with internal SOC teams and external stakeholders. • Maintain the operational performance, availability, capacity and security of SOC platforms and infrastructure. • Lead the engagement with appropriate stakeholders to act on requests for changes to platforms, systems and configurations to ensure the on-going effective of SOC platforms. • Maintain and update knowledge base articles associated with the SOC's use of technology including virtual and physical network/service diagrams, data flows, interfaces and build/configuration guides across the monitored estate. • Investigate and stay abreast of technological advancements that would be applicable to SOC operations and contribute to continuous service improvement efforts. What you will bring We invite applications from people with some or all of the following attributes: • Relevant experience working in a cyber security operations, engineering or assurance role: o At the SITEC level, a relevant degree or equivalent work experience, with strong technical expertise and relevant work experience in the field you are applying for (i.e. analyst, platform engineering, or detection engineering) is required. • Relevant certifications within cyber security (e.g. SANS GIAC certifications, CISSIP, CISM). • Experience with security technologies such as Security Information and Event Management (SIEM) systems (preferably Splunk and/or Sentinel), vulnerability management tools (e.g. Tenable), endpoint and network security tools, threat intelligence platforms (e.g. OpenCTI, MISP), incident response tools, and cloud environments (e.g. AWS Guard Duty and Microsoft Defender). • Experience in the design, implementation, and maintenance of on-premise and/or cloud enterprise systems using some or all relevant technologies such as the VMware ecosystem, enterprise operating systems, AWS services (EC2, ECS, CloudFormation, CodePipeline) and platform automation tools such as Ansible and Puppet. • Knowledge of security frameworks and standards such as the Information Security Manual (ISM). • Previous experience working in a security operations centre is highly desirable. • Strong analytical and problem-solving skills, with the ability to work under pressure. • Ability to work closely with stakeholders, including internal technology teams, external managed service providers, vendor professional services, and domestic and international partners. • Excellent collaboration skills and demonstrated ability to lead the delivery outcomes.
