The Role:
The Senior Cyber Security Analyst is responsible for monitoring customer SIEM incidents and alerts, as well as managing and performing minor configuration of security monitoring tools. They prioritise alerts or issues and perform initial triage to confirm a real security incident is taking place. They investigate alerts and incidents, performing deep analysis, correlating with threat intelligence to identify the threat actor, nature of the attack and systems or data affected.
They then decide on the strategy for containment, remediation and recovery, and act on that strategy. They will conduct vulnerability assessments and review alerts, industry news, threat intelligence and security data. They actively hunt for threats that may have found their way into the network, as well as unknown vulnerabilities and security gaps. They work in a team environment and are supported by technical specialists for automation and incident resolution.
Essential Skills:
Experience with SIEM products as a user or administrator.
Experience in Security Incident Handling and Response.
Knowledge of network architecture concepts including topology, protocols, components, and principles.
Experience in contributing to SIEM use cases and/or rules.
Understanding of the requirements of network security monitoring.
Must possess strong verbal and written communication skills.
Understanding of Windows and Unix/Linux logging.
Familiarity with the MITRE ATT&CK Framework.
Essential Qualifications:
Diploma/Certificate/Degree in Information Technology (Security preferred) OR
Relevant industry certifications such as CEH, GCIH, Security+, Network+, MCSP, CCNA.
Related Experience:
Experience working as a security analyst or working in a cyber security operations centre.
Experience working with standard operating systems (Windows, Unix).
Hands-on experience with one or more SIEM systems (ArcSight, Splunk, Sentinel, Qradar, Sumologic etc.) and Security Orchestration, Automation, and Response (SOAR) technologies.
Understanding of TCP/IP and networking concepts (OSI Model).
Knowledge of IT security controls (Network IPS, Vulnerability Scanning, Endpoint Protection, Firewalls, Cloud Access Security Brokers).
Azure Cloud services.
Recent experience in a similar position.
Some of the areas you can expect to be accountable for include but are not limited to:
Monitor client networks and endpoints for security alerts relating to compromise or intrusion.
Threat hunting to proactively search for malicious activities, combining known attacker intelligence, indicators of compromise and advanced analytics.
Undertake cloud security health and vulnerability assessments.
Handling incidents as per defined service level metrics.
Triage and provide initial investigation into security alerts from the SIEM platforms.
Conducting processes/procedures in accordance with runbooks for security alerts.
Contribute to quality assurance on all use case outputs including rule viability and supporting documentation.
As our clients are primarily government, you will need to be an Australian Citizen who holds a minimum Baseline security clearance or the ability to obtain.
Digital61 welcomes applicants from all backgrounds. We support diverse perspectives and innovative thinking which is critical to our success. We support flexible working arrangements to accommodate individual circumstances.
Digital61 does not accept or appreciate unsolicited calls or applications from recruitment agencies.
You will need to be located in the Canberra region to be considered for this position.
How to Apply:
Please send your resume to ******
#J-18808-Ljbffr