ASIS is a diverse and inclusive workplace, where our people are empowered through authenticity and a sense of belonging to achieve their potential and contribute to a shared purpose and mission. We seek to reflect the community we serve, and welcome applications from Aboriginal and Torres Strait Islander peoples, women, people with a disability, neurodiverse, people from culturally and linguistically diverse backgrounds and those who identify as LGBTIQA. We offer a competitive salary package including 22 days annual leave, shutdown between Christmas and New Years Day, 15.4% employer superannuation contribution and generous paid maternity/paternity leave. Full and part time positions as well as flexible work hours can be negotiated. Operating within Security Branch, Cyber Security Directorate monitors, enables, and advises on the cyber security of the myriad technologies that underpin ASIS's business and operations. Cyber Security is multi-disciplinary team that consists of three key work streams - Operations, Engineering, and Assurance. These roles are Canberra office-based with successful applicant required to obtain and maintain a Security Clearance. If you are interested in working in a particular area, we encourage you to tailor your responses to indicate your relevant skills and experience with regards to that function. (Operations, Engineering, Assurance) Please ensure you identify the specific role(s) you would like to be considered for when submitting your application. For further information on the areas and roles, please refer to the Selection Documentation for the role available from our Careers Page. The key duties of the position include Analyst - Cyber Security Operations You will be a member of the Operations team, responsible for the cyber security monitoring of ASIS's systems, and coordination of the Service's cyber incident response activities. You will support the delivery and day-to-day use of cyber security use cases, to enable the detection of key threats to the Service. In the event of an incident, you will support the delivery of Service's cyber security incident response activities. You will also support cyber security threat hunt activities to proactively identify potential threats to ASIS's systems. To be successful in this role, you will have: • Familiarity with risk management. • A working understanding of the Protective Security Policy Framework (PSPF), Information Security Manual (ISM), and Essential Eight (E8). • Experience within at least one technology domain (e.g. infrastructure, virtualisation, databases, software development, data analytics, machine learning, etc.). • A desire to refine and expand your technical knowledge and skills in a cyber security context, including, but not limited to: SIEM and Data Analytics platforms, query/coding languages such as SQL, SPL, Java, Python and/or PowerShell, and digital forensics. Engineer - Cyber Security Engineer You will be a member of the Engineering team. You will support the development and maintenance of technical capabilities that directly support the broader team's services. You will contribute to the execution of ASIS's Cyber Security Capability Roadmap by: researching, developing and integrating new technical capabilities to ensure coverage and collection of valuable audit events, optimising the sustainment of capabilities by automating routine tasks and processes, and supporting the secure management of the team's capabilities. To be successful in this role you will have: • Familiarity with risk management. • A working understanding of the Protective Security Policy Framework (PSPF), Information Security Manual (ISM), and Essential Eight (E8). • Experience within at least one technology domain (e.g. infrastructure, virtualisation, databases, software development, data analytics, machine learning, etc.). • A desire to refine and expand your technical knowledge and skills in a cyber security context, including, but not limited to: infrastructure and networking, data processing, SIEM platforms, vulnerability management, cloud security (e.g. Azure and AWS), project management, and business requirements modelling. Assessor - Cyber Security Assurance You will be a member of the Assurance team, responsible for cyber security assessment, architecture advice, and education within ASIS. You will support the delivery of security assessments against ASIS's systems, covering network penetration testing, vulnerability management, and configuration analysis to report on and remediate identified vulnerabilities. To enable the implementation of secure systems, you will develop threat models and scenarios to validate security-enforcing controls, and recommend mitigations and countermeasures to address identified risks. To be successful in this role, you will have: • Familiarity with risk management. • A working understanding of the Protective Security Policy Framework (PSPF), Information Security Manual (ISM), and Essential Eight (E8). • Experience within at least one technology domain (e.g. infrastructure, virtualisation, databases, software development, data analytics, machine learning, etc.). • A desire to refine and expand your technical knowledge and skills in a cyber security context, including, but not limited to: vulnerability management tools, penetration testing tools and techniques, Governance, Risk and Compliance (GRC) tools and processes, etc. Education, qualification and experience requirements For all roles, the following education, qualifications and/or experience will be highly regarded, though not essential : • Relevant tertiary qualifications or experience in Cyber Security, IT, Systems Engineering or a related field; • Experience with open source / COTS / GOTS cyber security tools; • Demonstrated experience working in Cyber Security or ICT-related areas We are dedicated to building a diverse and inclusive workforce, so if you are excited about this role but your past experience doesn't align perfectly, we encourage you to apply.
