Cloud Security Engineer - RFQ15838
Description
GoSourcing’s Federal Government Department client are looking to engage two (2) experienced Cyber Security Engineers who will be responsible for the following:
- Develop and maintain team SOPs and playbooks for SIEM management and configuration, including, actioning of alerts, alert exclusions and alert tuning.
- Provide input and feedback on the security architecture for CDR Azure Tenancy and applications
- Maintain the cyber security risks and issues register,
- Contribute to and propose enhancements to CDR’s security policies and standards for use in the CDR Azure cloud environment
- Maintain SIEM alerts and dashboards to aid with threat detection
- Maintain application control platform
- Monitor automatic detection and response capabilities using available SOAR platform
- Assist with the upkeep of the SecOps environment through security hygiene activities
- Contribute to the achievement and maintenance of CDRs Essential 8 Maturity Levels
Estimated Start Date: ASAP
Term: 6 Months
Number of Extensions: 1
Work Location: Any states and Territories across Australia
Working Arrangements: Hybrid (2-3 Working from Client CBD Site, remainder remote)
Security Clearance: Must be an Australian Citizen. Personnel must hold or be eligible to obtain an NV1 Security Clearance.
Requirements
Mandatory Criteria
- Exposure to SIEM technologies (such as Splunk and Azure Sentinel) such as the management and maintenance of logging.
- Knowledge of cyber security principles and processes in a defensive context
- Ability to learn and understand how the operating environment functions normally and effectively identify anomalies when they occur
- Experience working with the Australian Government Information Security Manual (ISM) controls and Essential 8
Highly Desirable
- The ability to develop alerting rules and dashboards to assist with threat detection and incident response.
- Experience with customising dashboards and queries in a SIEM.
- Experience with Microsoft’s suite of security tools, including Azure Security Centre, Microsoft 365, and Microsoft ‘Defender for’ tools (Endpoint, Identity, etc.)
- Experience utilising threat intelligence services and tools such as MISP and Open CTI to enrich data and alerts that originate from SIEM and logging tools
Contract
Canberra, ACT
Australian Government Information Security Manual (ISM) controlsAzure DevopsAzure Security CentreAzure SentinelCloud SecurityEndpointEssential EightIdentityInformation Securit ManualISM controlMicrosoft 'Defender for' toolsMicrosoft 365SIEM technologiesSplunk