Full time
Salary Package: $122,686 - $138,389 (plus super)
The NCWO and DFIR teams will support your development by providing a range of learning opportunities, including mentoring and training.
We are looking for candidates who are motivated to leverage these opportunities to grow and develop their skills to further support ASD's mission.
As a Data Forensics and Incident Response ASD EL1 Operations Manager working as part of a large national team, you will:
Lead a team of cyber security incident management specialists, working in a high tempo environment to conduct incident response operations; Supervise and develop team members through mentoring, identification of knowledge gaps, and training; Set team priorities and lead investigation operations by guiding incident response actions; Collaborate and consult effectively to manage and prioritise resources across teams; Engage with key stakeholders and facilitate strategic communications for incident response engagements; Provide advice on and lead operational collaborations, including the development of advisories; Shape and drive organisational priorities, and contribute to strategic planning. As a National Cyber Watch Office ASD EL1 Operations Manager working with level peers to manage the 24/7 shift teams, you will:
Lead the coordination, governance, and response to complex cyber security incidents, hunt investigations, and cyber support to significant events, to align and contribute to intelligence missions and increased cyber security resilience. Represent Defence and/or leadership in working groups and meetings to provide a balanced cyber security perspective and enable Defence business. Advise leadership on current and complex operational collaborations and contribute toward strategic planning. Facilitate incident response engagements to maintain and strengthen relationships with internal and external partner agencies to promote a whole of government approach to cyber and improve cyber security awareness. Prepare information security incident policy and/or incident management and investigation procedures. Evaluate technical information to develop key messaging to customers, senior leadership, and wider Defence based on the assessment of cyber effects, significance, and sensitivity of incidents and/or hunt investigations. Maintain theoretical knowledge across multiple technical disciplines, including in the defensive and offensive space. Motivate and mentor team members, align complementary skills, and allocate resources in a manner that delivers results. ASD is seeking applicants to fill current and anticipated vacancies and to create a merit pool for future vacancies. In line with the Australian Public Service Commissioner's Direction 2022, upon completion of the recruitment activity, the merit pool will be available to locations across Australia. About the Team The Cyber Threat Intelligence Division performs a range of intelligence, incident response, and technical cyber security functions to keep Australians secure online, inform the development of policy, and safeguard Australia's sensitive information and networks.
Key functions include providing technical assistance and support to individuals impacted by cyber incidents, such as malware analysis, threat detection, and proactive vulnerability assessments. The focus is on reducing the risks associated with high-impact cyber adversaries, which includes working together with both domestic and international partners to develop and implement counter-cybercrime strategies.
As part of ASD, ACSC's national Digital Forensics and Incident Response (DFIR) team primarily investigates and responds to malicious cyber activity on critical infrastructure and systems of interest to national security.
The National Cyber Watch Office (NCWO) is the primary face of ASD's ACSC and is responsible for the 24/7 1300 CYBER1 hotline and cyber security incident reports submitted through cyber.gov.au. Through these two mechanisms, the NCWO receives, analyses, and triages cyber security incidents, drawing on ASD's collective resources to provide mitigation and remediation where appropriate.
Our Ideal Candidate The Data Forensics and Incident Response team is seeking experienced people managers who can:
Take personal responsibility for meeting objectives and progressing work, with initiative, energy, and drive to see that goals are achieved. Develop and maintain a network with others internally and externally, building and sustaining relationships. Confidently communicate in a clear, concise, and articulate manner, approaching negotiations with a strong grasp of key issues. Persist and focus on achieving objectives in difficult or uncertain circumstances, responding in a positive and flexible manner to change and uncertainty. Understand the strategic objectives of the organisation, drive and develop work plans accordingly, including the development of new processes and training. Identify problems and assess their significance; take appropriate action to resolve or escalate them. Operate as an effective member of the team; working collaboratively, cooperatively but mostly autonomously. Adhere to the APS Values and Code of Conduct and consistently behave in an honest, ethical, and professional way. Understand or quickly acquire an understanding of cyber security incident response investigations, concepts of incident response, and industry frameworks and standards. The National Cyber Watch Office is seeking Operations Managers who can:
Exercise a considerable degree of independence and perform a subject matter expert role in incident management. Exercise sound decision-making and judgement to provide expert policy advice. Demonstrate in-depth knowledge of or an ability to learn cyber security functions. Develop, implement, and review policies and procedures relevant to their work within the function, ensuring compliance. Engage in complex problem solving and issues management. Coordinate and perform detailed or sensitive projects that impact strategic, political, or operational outcomes for the ACSC. Manage the NCWO shift teams, being accountable for the outcomes of the team's work and the appropriate use of resources to produce and achieve outcomes. Develop training curriculum that is undertaken by the Shift Team members and a potential surge workforce. Mandatory Qualifications DFIR Operations Manager:
The following experience is mandatory:
Operational coordination and planning Team management Desirable Qualifications, Experience or Training DFIR Operations Manager:
The following experience is desirable:
Knowledge of cyber security incident management Leading operational teams to conduct investigations NCWO Operations Manager:
The following experience is desirable:
A background in cyber security and incident response principles #J-18808-Ljbffr