The Role: 1 Principal Cyber Security Analyst Location: Canberra (Hybrid) Duration: 12 Months. Security Level: Negative Vetting Level 1 Equivalncy Level: EL2 Start Date: January 2026 This position is vital to the Cyber Operations Section and involves the application of advanced Analyst skills to conduct defensive cyber security operations, ensuring the protection of our global network from malicious actors. Key duties and responsibilities Job Specific role description The Cyber Operations Section requires a Senior Cyber Security Analyst to perform the following tasks: Assist with log operationalisation and use case creation for newly onboarded systems/log sources. Monitor and improve Cyber Security systems. Develop and maintain playbooks to assist with Cyber Security tasks. Analyse security events and logs to identify patterns of potential anomalous activity, recommend security enhancements, and assist in developing countermeasures to prevent future incidents. Undertake incident response and remediation functions. Assist with Threat Hunt activities. Collaborate with Threat Intelligence teams. The Skills Framework for the Information Age (SFIA) has been used to inform the requirements. In summary, DFAT seeks a candidate with the following relevant skillset: Category: Delivery and Operation Subcategory: Security Infrastructure and System Engineering Skill: Security Operations (SCAD) Skill Level: (5) About the team The Cyber Operations Section is responsible for the monitoring and protection of the department's environment, ensuring the protection of our global network from malicious actors. Mandatory Criteria Each candidate must provide a one-page pitch to address all criteria specified. This is equal to 5000 characters. Essential criteria Minimum 3 years working as a Cyber Security Analyst. Experience designing, implementing and testing use cases to detect potential malicious activity. Experience performing incident response activities. Ability to work well and share knowledge within a team. Well-developed writing skills and experience maintaining technical documentation. Experience working with and managing threat intelligence feeds. Desirable criteria Experience using Splunk SOAR to develop Playbooks. Knowledge of Splunk Risk Based Alerting (RBA). Technical tertiary qualifications, Microsoft or Splunk certifications are highly desirable. Relevant industry certifications such as CISSP, GCIH, GCIA.
