Full time Salary Package: $142,446 – $170,979 (plus super) The Australian Signals Directorate (ASD) is seeking an experienced cyber security professional to fill Executive Level 2 (EL2) Technical Director Positions within the ASD's Australian Cyber Security Centre's (ACSC): Digital Forensics and Incident Response (DFIR) Technical Directors Apply digital forensics and cyber incident response subject matter expertise to understand and respond to broad and deep technical challenges, ensuring ASD and its clients secrets are protected in the interests of national security Manage digital forensics, specifically the collection, processing and analysis of digital artefacts from standard and non-standard systems in the context of intrusion detection, threat hunting or incident response Undertake cyber incident response, specifically leading the technical delivery of investigation and remediation in complex network wide intrusions Applies knowledge or experience in cyber red team operations, specifically the technical delivery of operations emulating an advanced persistent threat, to drive incident response tradecraft and operations Develop bespoke cyber security software or code to assist delivery of one of the above mission outcomes National Cyber Watch Office (NCWO) Technical Directors Lead technical research and develop initiatives focused on emerging cyber security threats used by Threat Actors Mentor and guide NCWO staff members on technical matters relating to cyber security incidents to help staff develop and respond to cyber security incidents reported from Australian entities Lead the NCWO initiatives for technical tooling uplift to improve the efficiency and effectiveness of NCWO to respond to cyber security incidents reported from Australian entities Sensor Operations and Data Assurance (SODA) Technical Directors Be responsible for ensuring the ongoing operations of the section through providing leadership and oversight. The position reports to the Director SODA, however is largely autonomous as a leadership position within TTV Branch Manage and maintain the Host Based Sensor (HBS) fleet, deployment and health monitoring of the sensor fleet capability across government and prioritised critical infrastructure networks Lead the optimisation effort to ensure the HBS fleet is deployed in the right location within a network, increasing the opportunity of threat detection Assist with coordination and management of the division data ingress, including subscription services to complement other data holdings, identify and remediate data shortfalls. Malware Analysis & Discovery (MAD) Technical Directors within Malware Analysis Automation Assist in leading a team of highly skilled malware analysts and developers, providing technical direction and mentorship Lead research and develop initiatives focused on emerging malware trends, evasion techniques, and advanced reverse engineering methodologies Provide technical direction for integrating security tools and code into Continuous Integration /Continuous Deployment pipelines to support malware research, training, reverse engineering, and threat hunting activities Familiarity, or ability to rapidly gain familiarity, with DevOps methodology and the principles of Agile project management Lead the development of bespoke malware analysis and automation tools and platforms to meet user requirements Monitor, measure and continuously improve operational environments. Assess security risks, monitor security systems, respond to threats, and ensure compliance with security standards. Support deployment of Kubernetes and VM-based malware analysis tools across Azure and AWS environments Utilise tools like IDA Pro, Ghidra, and bespoke tools to decompile and reverse-engineer malware binaries, gaining insights into their structure, intent, and potential impact Leverage deep knowledge of OS internals (Windows, Linux) and their associated instruction sets (x86, x64, ARM, MIPS) to analyse and understand the interactions between malware and the underlying system Develop custom tools and scripts in languages such as Python, C/C++, and assembly to automate and enhance the efficiency of malware analysis and reverse engineering processes. About the Team The Cyber Threat Intelligence Division performs a range of intelligence, incident response and technical cyber security functions to keep Australians secure online, inform the development of policy and safeguard Australia's sensitive information and networks. Key functions include providing technical assistance and support to individuals impacted by cyber incidents, such as malware analysis, threat detection, and proactive vulnerability assessments. The focus is on reducing the risks associated with high-impact cyber adversaries, which includes working together with both domestic and international partners to develop and implement counter-cybercrime strategies. A range of resources is created regarding high-risk cyber actors and their activities targeting Australia, including unclassified technical guidance on malicious cyber behaviour as well as classified intelligence reports and evaluations. CTI's Incident Management (IM) Branch enhances situational awareness of cyber incidents impacting Australian organisations and delivers a cyber-related incident response capability nationally to help keep Australians secure online, and safeguard Australia's sensitive information and networks. As a public facing operational branch focused on responding to cyber incidents, a majority of our work is reactive. We're able to maintain coverage of the ever-evolving cyber threat landscape through our geographically dispersed workforce, and our 24/7 monitoring capabilities. The branch is home to both technical experts and enabling support specialists whose efforts. Digital Forensics and Incident Response (DFIR) is an operational team within the ASD's ACSC, delivering cyber incident response to support national security outcomes with various government and industry clients. The team provides technical advice and assistance as the cyber security experts of Australian Government, with particular focus on detecting, preventing, and responding to advanced persistent intrusions. The National Cyber Watch Office (NCWO) is the primary face of ASD's ACSC and is responsible for the 24/7 1300 CYBER1 hotline and ASD Assist mailbox. Through these two mechanisms the NCWO receives, analyses, and triages cyber security incidents, drawing on ASD's collective resources to provide mitigation and remediation advice where appropriate. Technical Threats and Visibility (TTV) Branch As part of CTI Division, TTV Branch is responsible to detect and understand cyber threats of national significance for the Australian Whole of Economy to inform uplift, resilience and defensive activities to make Australia a safer place to connect online. Technical Director roles are also available in Sensor Operations and Data Assurance (SODA) and Malware Analysis & Discovery (MAD): SODA 's mission is to develop, deploy and maintain strategic cyber sensor programs and to coordinate cyber data access, requirements and collection for ACSC to obtain visibility necessary to expose malicious activity on, and protect Australia and Australian interests online. MAD 's mission is to discover, analyse and understand adversary tools and tradecraft that impact Australian networks of national significance. Our aim is to identify and deny threat actors that traditional security teams and tooling cannot. Our functions include: Developing and maturing advanced intrusion detection and analysis capabilities Analytical tradecraft and data analytics Reverse engineering and analysis of novel adversary tooling Development and implementation of automation solutions to support these functions. Our Ideal Candidate Our ideal candidate will: Exercise a significant degree of independence and perform an important leadership role Work with considerable autonomy alongside like-minded experts, being responsible for ensuring the technical strength to deliver ASD's cyber security mission Demonstrated technical leadership in operations environments Demonstrated ability to deliver technical capability and continuous improvement in high tempo environment. Thrive on the challenges resulting from the dynamic nature of the cyber security landscape and be expected to contribute to or lead technical direction amidst uncertainty Assist with the growth and development of the ASD's technical workforce Build partnerships across a diverse set of stakeholders from industry and government Support a diverse workforce of skills, gender, and geographic location Be responsible for influencing and developing strategies, policies, priorities and operational practices in support of ASD objectives based on high-level decision making and judgement Provide strategic advice to senior management and stakeholders as well as leading and assuming accountability for very complex work or sensitive projects or work programs that have strategic, political or operational significance Accountably identifying and managing risk in operations Think strategically, able to recognise, plan against and adapt to a changing environment. ASD is seeking applicants to fill current and anticipated vacancies and to create a merit pool for future vacancies. In line with the Australian Public Service Commissioner's Direction 2022, upon completion of the recruitment activity, the merit pool will be able available to locations across Australia. #J-18808-Ljbffr