GoSourcing's Federal Government Department client are looking to engage two (2) experienced Cyber Security Engineers who will be responsible for the following:
- Develop and maintain team SOPs and playbooks for SIEM management and configuration, including, actioning of alerts, alert exclusions and alert tuning.
- Provide input and feedback on the security architecture for CDR Azure Tenancy and applications
- Maintain the cyber security risks and issues register,
- Contribute to and propose enhancements to CDR’s security policies and standards for use in the CDR Azure cloud environment
- Maintain SIEM alerts and dashboards to aid with threat detection
- Maintain application control platform
- Monitor automatic detection and response capabilities using available SOAR platform
- Assist with the upkeep of the SecOps environment through security hygiene activities
- Contribute to the achievement and maintenance of CDRs Essential 8 Maturity Levels
Estimated Start Date: ASAP
Term: 6 Months
Number of Extensions: 1
Work Location: Any states and Territories across Australia
Working Arrangements: Hybrid (2-3 Working from Client CBD Site, remainder remote)
Security Clearance: Must be an Australian Citizen. Personnel must hold or be eligible to obtain an NV1 Security Clearance.
- Exposure to SIEM technologies (such as Splunk and Azure Sentinel) such as the management and maintenance of logging.
- Knowledge of cyber security principles and processes in a defensive context
- Ability to learn and understand how the operating environment functions normally and effectively identify anomalies when they occur
- Experience working with the Australian Government Information Security Manual (ISM) controls and Essential 8
- The ability to develop alerting rules and dashboards to assist with threat detection and incident response.
- Experience with customising dashboards and queries in a SIEM.
- Experience with Microsoft’s suite of security tools, including Azure Security Centre, Microsoft 365, and Microsoft ‘Defender for’ tools (Endpoint, Identity, etc.)
- Experience utilising threat intelligence services and tools such as MISP and Open CTI to enrich data and alerts that originate from SIEM and logging tools