12 months + 24 monthsCanberra locationMust be an Australian CitizenMust be able to obtain Negative Vetting Level 1About the JobWe are seeking a Security Analyst to strengthen security monitoring, threat detection, and incident response capabilities within the organisation. This role requires expertise in Security environments, security monitoring tools, and advanced threat detection methodologies, along with a strong understanding of relevant cybersecurity frameworks. The Cyber Threat and Vulnerability Management Section (CVT) within DFAT's Information Management and Technology Division has a requirement for aCyber Vulnerability Analystto augment its existing team of resources.Key duties and responsibilitiesCVT will require the Cyber Vulnerability Analyst to produce strategic, operational & tactical intelligence about cyber threat and vulnerabilities for consumption by the Chief Information Security Officer and Cyber Security, Cloud and Networks Branch. DFAT’s operations introduce unique threats and unique vulnerability management challenges. As a Vulnerability Analyst in CVT, you’ll be responsible for identifying cyber vulnerabilities that exist within the DFAT environment. You’ll work in lock step with CVT’s cyber threat intelligence team to conduct analysis and enriched intelligence about the vulnerabilities and the risk they pose to the department. Using your strong technical expertise and knowledge of vulnerability management, you’ll work with technical stakeholders and system owners to find and prioritise ways to remediate these risks. The work you do will help to minimise the department’s cyber-attack surface, strengthen defensive capabilities, and ultimately protect one of the Australian Government’s most targeted internet-connected networks.The Skills Framework for the Information Age (SFIA) has been used to inform the requirements. In summary, DFAT seeks a suitable candidate with the following skill sets:Category:Strategy and ArchitectureSubcategory:Security and PrivacySkill:Vulnerability Assessment (VUAS)Skill Level:4CriteriaThe buyer has specified that each candidate must provide a response to each criterion. Each response is limited to 3000 characters.Essential criteria1. • Previous experience in cyber vulnerability management, preferably in a large organisation with a complex ICT environment.2. • Analytical and inquisitive mindset. Ability to analyse large, complex and disparate datasets to extrapolate information about technological vulnerabilities, using that information to conduct a risk assessment specific to the vulnerability as it exists within an ICT environment.3. • Strong written and verbal communication skills, with demonstrated ability to communicate complex technical concepts in a concise manner to audiences with varied levels of technical expertise. This includes writing vulnerability assessment reports and liaising with stakeholders to prioritise vulnerability remediation.4. • Minimum active Negative Vetting 1 (NV1) security clearance.Desirable criteria1. • Previous experience working in or alongside cyber threat intelligence functions, including conducting threat modelling and contributing to red team exercises.2. • Past federal or state government experience.3. • Active Negative Vetting 2 (NV2) security clearance.
#J-18808-Ljbffr