Job details The Cyber Services Section requires the engagement of a cyber security technical analyst to design, implement and optimise Security Information and Event Management (SIEM) capabilities to support the department’s cyber security posture. Working within Cyber Security Operations, the role ensures that security events are effectively ingested and correlated for threat detection, incident response, and compliance with government security frameworks (e.g. PSPF, ISM, Essential Eight). Key duties and responsibilities Design, development, and implementation of log solutions for SIEM (log ingest, log storage, log querying) Contribute to and develop comprehensive documentation around the technical solution and implementation of SIEM and logging systems. Identify capability gaps in alerting and detection within the Cyber space Build alerting and detection capability across SIEM/SOAR toolsets Identify gaps in security event logging Maintain and improve existing alerting and detection capabilities Liaise with third party vendors and relevant business areas to meet targeted capability goals Investigate and implement improvements to uplift current security posture Show demonstrated experience with Sentinel, Information Security Manual and the Essential Eight Requirements Criteria The buyer has specified that each candidate must provide a one page pitch to address all criteria specified. This is equal to 5000 characters. Essential criteria Weighting 1. Demonstrated experience in toolsets including Azure and Sentinel Weighting: 20% 2. Demonstrated ability to effectively document findings and implement policies to meet organisational security requirements Weighting: 20% 3. Demonstrated ability in providing considered security advice to stakeholders, team members and Executive Weighting: 20% 4. Experience with ingesting logs, developing uses cases and tuning logs Weighting: 30% 5. Experience working within a Cyber team and taking direction Weighting: 10%
