Cyber Security Analyst

1 Cyber Threat Analyst

RFQ type

DMP2 - ICT Labour Hire

RFQ ID

LH-04403

RFQ published date

Monday, 25 August 2025

Deadline for asking questions

Thursday, 28 August 2025
• 11:59pm, Canberra time

RFQ closing date

Wednesday, 03 September 2025
• 11:59pm, Canberra time

Buyer

Department of Climate Change, Energy, the Environment and Water

Buyer contact

ICTLabourHire@dcceew.gov.au

Estimated start date

Monday, 22 September 2025

Initial contract duration

12 months

Extension term

12 months

Number of extensions

1

Maximum number of candidates per seller

2

Experience level

APS4 equivalent

Location of work

ACT

Working arrangements

Hybrid

If based in the ACT, the successful candidate will be required to attend the Canberra office 3 days per week. If based outside ACT, the successful candidate may be required to attend state office or regional hubs and may be required to travel to the Canberra office one week per month or as required. Individual arrangements can be negotiated with Managers where required.

Maximum hours

40 hours per week

Security clearance

Must be able to obtain Baseline

Job details

The Department requires the services of suitably skilled Cyber Analysts under labour hire arrangements to support its operational cyber security function. These roles are critical to maintaining the Department's monitoring, incident response and advisory capability, and form part of a broader effort to strengthen compliance with the Protective Security Policy Framework (PSPF), the Australian Government Information Security Manual (ISM) and the Essential Eight.

Key duties and responsibilities

The responsibilities of the Cyber Analyst will include but not limited to:

• Incident detection, triage and response – monitor alerts, hunt for threats, gather evidence and escalate or remediate incidents as required.
• ServiceNow ticket and queue management – own cyber-related queues, optimise workflows and coordinate priority escalations with the managed SOC.
• Email, web and application control – assess and action whitelisting or blocking requests for URLs, emails, USBs and packaged applications, including spoofing/authentication checks such as DMARC reviews.
• Access and privilege management – approve or audit admin and privileged accounts and support off-boarding or role changes in line with policy. · Stakeholder engagement and education – deliver cyber hygiene programs, privileged-user training and regular communications to staff and external agencies.
• Process and documentation upkeep – create and maintain standard operating procedures (SOPs), onboarding checklists and knowledge artefacts to keep the team's practices current.
• Vulnerability and configuration management – work collaboratively with external SOC providers to prioritise and remediate vulnerabilities, review logs and applications, maintain SIEM playbooks, and drive broader defensive-security improvements

Technical skills

It is expected that the successful candidate: -works under general direction within a clear framework of accountability for their area of responsibility. -uses their own discretion when resolving minor problems or external enquiries. -has a good understanding of their own specialisation(s) in the delivery of the Services and performs routine work activities. -holds an undergraduate degree relevant to the area(s) of specialisation or similarly regarded qualification.

Criteria

The buyer has specified that each candidate must provide a response to each criterion. Each response is limited to 3000 characters.

Essential criteria

Weighting

1. Demonstrated experience in incident detection, triage, investigation and response, including coordination with internal teams and external SOC providers.

20%

2. Experience managing cyber-related workflows and requests in ServiceNow or similar ITSM platforms.

20%

3. Supporting and contributing to IRAP preparation activities and ensuring accurate documentation in the management and implementation of IT security strategies. Completing technical reviews and endorsements of technical solution designs and identifying opportunities to improve the security posture of the department's network and information.

20%

4. Knowledge of Australian Government cyber security frameworks, including the PSPF, ISM and Essential Eight, and their application in on-premise and cloud environments.

20%

5. Well-developed stakeholder engagement and communication skills, including the ability to deliver user education and prepare clear, actionable security advice.

20%

Desirable criteria

1. Relevant tertiary qualifications or industry certifications.