We are looking for a highly skilled and experienced Cyber Security Incident Response Lead to head up a small team of technical individuals. The role is split between leadership and technical hands-on incident response, threat hunting and forensics investigation work. You will lead and continually improve the incident response capability, collaborating with the wider security operations team to build and automate enterprise detections and response.
Come and join our exciting team in the Queensland Police Service! QPS Cyber Security is a dynamic group of security professionals responsible for providing a wide range of Information Security services to QPS and partner agencies. We are dedicated to the secure development, support and maintenance of QPS and its partners' IT services, applications and infrastructure.
We are looking for a highly skilled and experienced Cyber Security Incident Response Lead to head up a small team of technical individuals. The role is split between leadership and technical hands-on incident response, threat hunting and forensics investigation work. You will lead and continually improve the incident response capability, collaborating with the wider security operations team to build and automate enterprise detections and response whilst offering advice to stakeholders to support the organisations cyber defence.
If this is your area of expertise and have an in-depth knowledge and understanding of sophisticated cyber threats and how to deal with complex security incidents? Please review the position description and get in touch and learn more about this opportunity.
The core capability requirements for this role are:
1. Provide technical leadership, direction and strategy for the Information Security Incident Response function.
2. Serve as the Information Security Incident Response Team Manager, to manage and conduct the response to high profile information and cyber security incidents.
3. Manage and conduct sophisticated computer and network forensic investigations that pertain to different types of cyber threats.
4. Monitor the current and emerging threat landscape and manage the application of threat intelligence to defend and mitigate the impact of cyber attack, through control gap identification, remediation, threat hunting and vulnerability management.
5. Lead the continual improvement of the teams' incident response capability, through technology, process and procedural reviews, mentoring incident responders/analysts, testing incident response plans/processes and providing training and guidance through complex incidents.
6. Lead the designing, capacity planning, configuration management, administration, change management, documentation and support of security technologies and services that enable effective security incident response.
7. Continually expand knowledge of developments and trends within the network and information security industry in order to evaluate the benefit and applicability of new and emerging technologies that will benefit the incident response function.
Role Requirements:
Mandatory:
8. Availability for out of hours work and/or on-call arrangements as required.
Qualification:
9. Tertiary qualifications in Computer Science or equivalent and/or Information Security industry certifications such as CISSP, GIAC (GCIA, GCTI, GCIH, GREM, GCTI), CEH, OSCP, CCSP, CISM and security vendor specific certifications.
Technical/ Operational/ Educational experience:
8+ years of demonstrated experience in cyber security engineering with an expert skill level in:
10. Incident response
11. Threat hunting, intrusion detection and comprehension of attack methodologies
12. Forensic Investigation, malware analysis and reverse engineering
13. Threat intelligence and modelling.
Demonstrated experience in the effective configuration and administration of enterprise security solutions such as:
14. SIEM & SOAR
15. EDR & NDR
16. Enterprise Firewalls & IDS/IPS
17. Application Delivery Controllers (Application Firewalls, Reverse Proxies, Load Balancers)
18. Email & Web Content Filtering
19. Identity & Access Management
20. Networking & VPN s
Applications to remain current for 12 months.
Job Ad Reference: QLD/574184/24
Closing Date: Tuesday, 9th July 2024