Asd El2 Technical Director - Cyber

Full timeSalary Package: $142,446 – $170,979 (plus super)The Australian Signals Directorate (ASD) is seeking an experienced cyber security professional to fill Executive Level 2 (EL2) Technical Director Positions within the ASD's Australian Cyber Security Centre's (ACSC):Digital Forensics and Incident Response (DFIR) Technical DirectorsApply digital forensics and cyber incident response subject matter expertise to understand and respond to broad and deep technical challenges, ensuring ASD and its clients secrets are protected in the interests of national securityManage digital forensics, specifically the collection, processing and analysis of digital artefacts from standard and non-standard systems in the context of intrusion detection, threat hunting or incident responseUndertake cyber incident response, specifically leading the technical delivery of investigation and remediation in complex network wide intrusionsApplies knowledge or experience in cyber red team operations, specifically the technical delivery of operations emulating an advanced persistent threat, to drive incident response tradecraft and operationsDevelop bespoke cyber security software or code to assist delivery of one of the above mission outcomesNational Cyber Watch Office (NCWO) Technical DirectorsLead technical research and develop initiatives focused on emerging cyber security threats used by Threat ActorsMentor and guide NCWO staff members on technical matters relating to cyber security incidents to help staff develop and respond to cyber security incidents reported from Australian entitiesLead the NCWO initiatives for technical tooling uplift to improve the efficiency and effectiveness of NCWO to respond to cyber security incidents reported from Australian entitiesSensor Operations and Data Assurance (SODA) Technical DirectorsBe responsible for ensuring the ongoing operations of the section through providing leadership and oversight. The position reports to the Director SODA, however is largely autonomous as a leadership position within TTV BranchManage and maintain the Host Based Sensor (HBS) fleet, deployment and health monitoring of the sensor fleet capability across government and prioritised critical infrastructure networksLead the optimisation effort to ensure the HBS fleet is deployed in the right location within a network, increasing the opportunity of threat detectionAssist with coordination and management of the division data ingress, including subscription services to complement other data holdings, identify and remediate data shortfalls.Malware Analysis & Discovery (MAD) Technical Directors within Malware Analysis AutomationAssist in leading a team of highly skilled malware analysts and developers, providing technical direction and mentorshipLead research and develop initiatives focused on emerging malware trends, evasion techniques, and advanced reverse engineering methodologiesProvide technical direction for integrating security tools and code into Continuous Integration /Continuous Deployment pipelines to support malware research, training, reverse engineering, and threat hunting activitiesFamiliarity, or ability to rapidly gain familiarity, with DevOps methodology and the principles of Agile project managementLead the development of bespoke malware analysis and automation tools and platforms to meet user requirementsMonitor, measure and continuously improve operational environments. Assess security risks, monitor security systems, respond to threats, and ensure compliance with security standards.Support deployment of Kubernetes and VM-based malware analysis tools across Azure and AWS environmentsUtilise tools like IDA Pro, Ghidra, and bespoke tools to decompile and reverse-engineer malware binaries, gaining insights into their structure, intent, and potential impactLeverage deep knowledge of OS internals (Windows, Linux) and their associated instruction sets (x86, x64, ARM, MIPS) to analyse and understand the interactions between malware and the underlying systemDevelop custom tools and scripts in languages such as Python, C/C++, and assembly to automate and enhance the efficiency of malware analysis and reverse engineering processes.About the TeamThe Cyber Threat Intelligence Division performs a range of intelligence, incident response and technical cyber security functions to keep Australians secure online, inform the development of policy and safeguard Australia's sensitive information and networks.Key functions include providing technical assistance and support to individuals impacted by cyber incidents, such as malware analysis, threat detection, and proactive vulnerability assessments. The focus is on reducing the risks associated with high-impact cyber adversaries, which includes working together with both domestic and international partners to develop and implement counter-cybercrime strategies.A range of resources is created regarding high-risk cyber actors and their activities targeting Australia, including unclassified technical guidance on malicious cyber behaviour as well as classified intelligence reports and evaluations.CTI's Incident Management (IM) Branch enhances situational awareness of cyber incidents impacting Australian organisations and delivers a cyber-related incident response capability nationally to help keep Australians secure online, and safeguard Australia's sensitive information and networks. As a public facing operational branch focused on responding to cyber incidents, a majority of our work is reactive. We're able to maintain coverage of the ever-evolving cyber threat landscape through our geographically dispersed workforce, and our 24/7 monitoring capabilities. The branch is home to both technical experts and enabling support specialists whose efforts.Digital Forensics and Incident Response (DFIR) is an operational team within the ASD's ACSC, delivering cyber incident response to support national security outcomes with various government and industry clients. The team provides technical advice and assistance as the cyber security experts of Australian Government, with particular focus on detecting, preventing, and responding to advanced persistent intrusions.The National Cyber Watch Office (NCWO) is the primary face of ASD's ACSC and is responsible for the 24/7 1300 CYBER1 hotline and ASD Assist mailbox. Through these two mechanisms the NCWO receives, analyses, and triages cyber security incidents, drawing on ASD's collective resources to provide mitigation and remediation advice where appropriate.Technical Threats and Visibility (TTV) BranchAs part of CTI Division, TTV Branch is responsible to detect and understand cyber threats of national significance for the Australian Whole of Economy to inform uplift, resilience and defensive activities to make Australia a safer place to connect online.Technical Director roles are also available in Sensor Operations and Data Assurance (SODA) and Malware Analysis & Discovery (MAD):SODA's mission is to develop, deploy and maintain strategic cyber sensor programs and to coordinate cyber data access, requirements and collection for ACSC to obtain visibility necessary to expose malicious activity on, and protect Australia and Australian interests online.MAD's mission is to discover, analyse and understand adversary tools and tradecraft that impact Australian networks of national significance. Our aim is to identify and deny threat actors that traditional security teams and tooling cannot. Our functions include:Developing and maturing advanced intrusion detection and analysis capabilitiesAnalytical tradecraft and data analyticsReverse engineering and analysis of novel adversary toolingDevelopment and implementation of automation solutions to support these functions.Our Ideal CandidateOur ideal candidate will:Exercise a significant degree of independence and perform an important leadership roleWork with considerable autonomy alongside like-minded experts, being responsible for ensuring the technical strength to deliver ASD's cyber security missionDemonstrated technical leadership in operations environmentsDemonstrated ability to deliver technical capability and continuous improvement in high tempo environment.Thrive on the challenges resulting from the dynamic nature of the cyber security landscape and be expected to contribute to or lead technical direction amidst uncertaintyAssist with the growth and development of the ASD's technical workforceBuild partnerships across a diverse set of stakeholders from industry and governmentSupport a diverse workforce of skills, gender, and geographic locationBe responsible for influencing and developing strategies, policies, priorities and operational practices in support of ASD objectives based on high-level decision making and judgementProvide strategic advice to senior management and stakeholders as well as leading and assuming accountability for very complex work or sensitive projects or work programs that have strategic, political or operational significanceAccountably identifying and managing risk in operationsThink strategically, able to recognise, plan against and adapt to a changing environment.ASD is seeking applicants to fill current and anticipated vacancies and to create a merit pool for future vacancies. In line with the Australian Public Service Commissioner's Direction 2022, upon completion of the recruitment activity, the merit pool will be able available to locations across Australia.
#J-18808-Ljbffr