Description:
This pay rate is inclusive of mandatory 25% casual loading
Capability Description
* Experience in leading incident response activities including CSIRT.
* Experience analysing threat intelligence and events to determine incident impacts, consequences, and provide appropriate response to investigate, contain, and eradicate
* Worked with incident response teams in crisis situations to provide prompt and accurate updates and forensic support.
* Extensive experience establishing co-relation between events and alerts that indicate potential threats that require incident response.
* Knowledge of NIST Cybersecurity Framework and Incident Response Framework.
KEY ACTIVITIES
· Lead the Incident response capability by ensuring triaging and classification of security events triggered within the department and across Victorian schools is occurring to detect possible threats, anomalies and co-relating with threat intelligence, review of IoCs and managing response, recovery and remediation actions in accordance with the department's Cyber Incident Response Plan (CSIRP).
· Managing security ticketing via ServiceNow.
· Manage and perform incident investigations, threat hunting and service improvement activities.
· Maintain strong connections with third-party IT suppliers and MDR provider to ensure effective oversight of incident response and remediation actions. Collaborate with external partners and vendors in the provision of incident investigation, forensics and support.
· Contribute to strategic decisions that improve team effectiveness through enhancements to Security Information and Event Monitoring (SIEM) and Security Operations Centre (SOC) functions, including the implementation of Threat Hunting initiatives and automation.
· Proactively monitor, and audit security tools and platforms to ensure continuous service improvement, compliance and risk reduction.
· Analyze cyber threat intelligence and incidents to determine potential impacts, consequences and response opportunities.
· Provide advisory support to various security platforms such as Splunk, Sentinel, Tenable, Cylance, MS Defender, Microsoft and Google security to improve detection of anomalous activities adopting a risk-based approach across DE assets to protect what is most valuable.
· Monitor and analyze on-prem and cloud based cyber security events with the use of department security platforms including Sentinel, Splunk, Cylance, Microsoft Defender and other tools, reviewing health, action alerts and create associated service tickets for action.
· Identify opportunities and automate monitoring and response activities (SOAR).
· Contribute to and execute on security procedures including testing emergency procedures, running diagnostics, implementing recovery procedures, and performing assurance activities.
QUALIFICATIONS
* Essential : Bachelor's degree or Diploma in Cyber Security or related field
- Essential : Experience in cyber incident response and use of SIEM (Sentinel), EDR (MS Defender), Service Now and Vulnerability Management (Tenable) Platforms
* Essential : Certification in relevant security body of knowledge
HOW TO APPLY:
Please submit your resume (in MS Word Format) for consideration via the link below. A cover letter demonstrating your relevant experience may also be reviewed.
Should you wish to discuss, please contact Neha Kharabanda at Neha.Kharabanda@hudson.com, quoting reference number 243779.
Your interest will be treated in the strictest of confidence.