EMPLOYMENT

About the Team As an Information Security Analyst for Information Security Branch, you will work with teams from across the organisation to ensure interoperability of systems so that a variety of security incidents and risks across all Defence Intelligence networks are appropriately detected, addressed, and reported on to enable the security of the ASD's IT systems and missions. As a critical member of our Information Security Branch, our Information Security Analysts are generally responsible for: Achieving moderately complex analysis and investigation of malicious cyber security incidents. Communicating with, responding and providing advice to a range of stakeholders on moderately complex operational and administrative issues. Utilising a diverse set of tools and capabilities to investigate cyber security incidents. Proactive system monitoring. Continuous improvement and optimisation across systems. Documenting their work. The role will require excellent communication skills as you engage across the Agency and the Defence Intelligence Agency's (DIAs). You will need to manage your activities and performance in accordance with legislation and the ASD policies and procedures. High levels of maturity and professionalism are requirements of this role due to the sensitive nature of some tasking. This will require Information Security Branch analysts to display sound judgement, integrity, honest and discretion across all tasks and work processes. As a branch, Information Security will support your development in the agency through training and mentoring both on and off the job, providing the opportunities for you to push your skills within a strong and supportive work environment. We are looking for candidates who are motivated to leverage these opportunities to grow and develop their skills to further support ASD's mission. About the Role ASD 6 Information Security Analyst The ASD 6 Analysts are employed in either the Security Operations Centre (SOC) or Protective Monitoring teams. These teams are responsible for analysing information from multiple sources to protect ASDs people, resources and capability. The SOC is responsible for monitoring for external threats, and Protective Monitoring is responsible for monitoring risks associated with ASD and DIA employees. The ASD 6 Analysts perform the following tasks: Security Operations Centre (SOC) Team Provide Subject Matter Expertise (SME) when performing investigation analysis and the development of new security use-cases Review security use-cases in development and provide an approval gateway at each step of the development lifecycle Manage the implementation of security use-cases in SIEM and Automation platforms Escalation point for security Incidents Contribute to digital forensic investigations by processing and analysing evidence and artefacts in line with policy, standards and guidelines and support production of forensics findings and reports Utilise a diverse set of capabilities, including various SIEM and investigation capabilities, to investigate cyber security incidents. Be able to develop skills in new capabilities as required as part of investigations Communicate technical findings and recommendations through formal reporting, briefs, emails and verbal advice in accordance with the Australian Signals Directorate writing standards Collaborate with organisations and stakeholders to provide remediation advice/plan to system owners and managers in order to improve system security posture Sustain effective working relationships with team members and actively participate in teamwork and group activities Facilitate appropriate direction, including technical direction, for their employees by clearly communicating goals and objectives. Protective Monitoring Team Analyse and report on security-relevant data for Personnel Security investigations Monitor incoming alert queues for potential security incidents Perform initial investigation analysis and triage of alerts, documenting findings in the Incident Management platform Maintain use-case playbooks, checklists and analyst Standard Operating Procedures (SOPs) Develop and maintain automated reports Develop security use-cases to detect abnormal activity Support Personnel Security activities as required, including the case management process Utilise a diverse set of capabilities, including various SIEM and investigation capabilities, to investigate insider threat incidents. Be able to develop skills in new capabilities as required as part of investigations Communicate technical findings and recommendations through formal reporting, briefs, emails and verbal advice in accordance with the Australian Signals Directorate writing standards Sustain effective working relationships with team members and actively participate in teamwork and group activities Facilitate appropriate direction, including technical direction, for their employees by clearly communicating goals and objectives. ASD EL1 Information Security Analyst The ASD EL1 Information Security Analysts are employed in either the Security Operations Centre (SOC) or Protective Monitoring teams. These teams are responsible for analysing information from multiple sources to protect ASDs people, resources and capability. The SOC is responsible for monitoring for external threats, and Protective Monitoring is responsible for monitoring risks associated with ASD and DIA employees. The ASD EL1 Analysts perform the following tasks: Security Operations Centre (SOC) Team Provide Subject Matter Expertise (SME) when performing investigation analysis and the development of new security use-cases Review security use-cases in development and provide an approval gateway at each step of the development lifecycle Lead the implementation of security use-cases in SIEM and Automation platforms Lead management of security incidents Lead digital forensic investigations in line with policy, standards and guidelines and support production of forensics findings and reports Utilise a diverse set of capabilities, including various SIEM and investigation capabilities, to investigate cyber security incidents. Be able to foster development of skills in new capabilities as required as part of investigations Communicate technical findings and recommendations through formal reporting, briefs, emails and verbal advice in accordance with the Australian Signals Directorate writing standards Drive collaborate with organisations and stakeholders to provide remediation advice/plan to system owners and managers in order to improve system security posture Build and sustain effective working relationships with team members and actively participate in teamwork and group activities Drive appropriate direction, including technical direction, for their employees by clearly communicating goals and objectives in line with ASD strategic objectives. Protective Monitoring Team Lead analysis and reporting on security-relevant data for Personnel Security investigations Direct monitoring of incoming alert queues for potential security incidents Lead investigation analysis and triage of alerts, documenting findings in the Incident Management platform Maintain use-case playbooks, checklists and analyst Standard Operating Procedures (SOPs) Lead development and sustainment of automated reports Drive develop security use-cases to detect abnormal activity Support Personnel Security activities as required, including the case management process Utilise a diverse set of capabilities, including various SIEM and investigation capabilities, to investigate insider threat incidents. Be able to foster development of skills in new capabilities as required as part of investigations Communicate technical findings and recommendations through formal reporting, briefs, emails and verbal advice in accordance with the Australian Signals Directorate writing standards Drive collaborate with organisations and stakeholders to provide remediation advice/plan to system owners and managers in order to improve system security posture Build and sustain effective working relationships with team members and actively participate in teamwork and group activities. Further information can be found at: I'm changing my career | Australian Signals Directorate (asd.gov.au) The key duties of the position include The ideal candidate will have experience in the following areas: A strong understanding of cyber security concepts and/or enterprise IT systems. Excellent written and verbal communication skills. A critical and analytical mind-set. Demonstrable success in problem solving. Sound stakeholder relationship skills. Demonstrable mentoring and leadership experience. ASD is seeking applicants to fill current and anticipated vacancies and to create a merit pool for future vacancies. In line with the Australian Public Service Commissioner's Direction 2022, upon completion of the recruitment activity, the merit pool will be available to locations across Australia.