Cyber Threat

**Job Details**:
**Location**

Clayton

**Salary**

$110000 - $120000 per annum

**Job Type**

Full Time

**Ref**

JO-
2209-560300

**Contact**

Daniel Clifford

**Posted**

33 minutes ago

**The Client**:
Our client for this position is an Educational Institution based out of the South-East suburbs, they currently have a requirement for a Cyber Threat and Vulnerability Management Specialist to join their eSolutions department.

**The Role**:
The Cyber Threat and Vulnerability Management Specialist will design and build a sustainable threat and vulnerability management practice alongside an incredible team of highly motivated and passionate cyber security practitioners. The Cyber Threat and Vulnerability Management Specialist is responsible for working with and building strong partnerships with various internal and external stakeholders. The role’s main focus is to design a capability that will satisfy the organisation’s threat intelligence requirements and manage vulnerabilities throughout their lifecycle.

The Specialist will be an expert in threat and vulnerability management with leadership to undertake independent, creative problem-solving, analyst and complex communication. The role partners with other cyber team functions, technology teams, business stakeholders and industry experts to champion threat intelligence and vulnerability management activities across the University. The Specialist is expected to take ownership of managing incidents and demonstrates a strong commitment to raising the bar to deliver results.

**Responsibilities**:

- Operate the Cyber Threat Intelligence (CTI) and Vulnerability Management capability across on-premise, private and public clouds, and other technology environments.
- Operate the threat intelligence capability to support the Defence Organisation.
- Contribute to strategic planning, creation and maintenance of Standard Operating Procedures (SOPs) for the threat intelligence and VM program.
- Support development and operationalisation of the foreign interference and critical infrastructure threat intelligence practice, including but not limited to insider threat.
- Provide regular briefings to the operations teams about the evolving threat landscape and organisational vulnerabilities.
- Report emerging threats by providing awareness, indications, warnings, and operational readiness briefings and refresh the threat model at the University at least annually.
- Report intelligence analysis findings to incident response teams, senior leadership, and external partners.
- Own and manage relationships with external threat intelligence partners and promote intelligence-sharing practices.
- Provide expert, specialist advice to help prepare and update the VM roadmap and maintain project plans and operation schedules.
- Lead research, data analysis and management in relation to Threat Intel and VM metrics, key risk indicators, trends and compliance, including regular business reporting for senior stakeholders.
- Other duties as directed from time to time.

**Required Skills & Specialisms**:

- The appointee will have:

- Postgraduate qualifications or progress towards postgraduate qualifications and/or extensive experience and management expertise in cyber threat intelligence and vulnerability management within a large and complex organisation; or
- Certifications in security-related fields such as (CISSP, GIAC, etc); and
- ITIL Practitioner certification or above.
- Substantial experience in information technology, cyber security and vulnerability management principles, practices, relevant standards and legislation coupled with a sound understanding of operating system platforms and security models relevant to IT technologies and processes
- Demonstrated knowledge and experience of Threat Intelligence Platform (TIP) such as MISP, PaloAlto XSOAR, Anomali and EclecticIQ and extensive experience in Threat Modelling and identifying security risks in a myriad of ecosystems
- Proven knowledge and experience of threat intelligence modelling language and/or serialisation formats such as Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII)
- Substantial knowledge and experience in information technology, cyber security and vulnerability management principles, practices, relevant standards and legislation coupled with a sound understanding of operating system platforms and security models relevant to IT technologies and processes
- Highly developed technical understanding of CVSS, OWASP Top 10 and Vulnerability Exploitability ratings and proficiency in scripting languages such as Python, PHP, etc
- Knowledge and experience of Information Security best practices, policies, standards, and baselines, including industry standards, frameworks and guidelines from ISO 27001/27002, NIST and CIS
- Highly developed planning and organisational skills, with experience establishing priorities, allocating resources and meeting deadline