Csoc Analyst

**Enjoy a 50/50 hybrid work-from-home model**:

- **Additional leave entitlements and flexible work arrangements**:

- **Continuing Professional Development - on-going formal and informal training opportunities and mentoring programs**:

- **Two Year Fixed Term Contract**:

- **Role can be based : Sydney, Melbourne, Brisbane, Perth, Adelaide, Canberra, Darwin**

A future with ASIC means that your work will contribute to ASIC's vision for a fair, strong and efficient financial system for all Australians. We value what you will bring. We value those with sharp, analytical minds and are open to challenging the way things are done.

**Your Team**

The Cyber Security team provides a comprehensive range of services including threat monitoring and detection, incident response, security architecture & design and cyber assurance for ASIC. We make use of the latest security technology, with an increasing focus on automation and analytics to secure and support ASIC's mission to be a best-in-class regulator for the Australian financial markets.

**Your Role**

As a SOC Engineer, you will join a team responsible for proactive threat hunting and incident response. Key responsibilities include:

- Integrating log sources into ASIC's SIEM (Microsoft Sentinel) and develop tailored alerts and threat response playbooks.
- Drive the development and tuning of KQL queries to support cyber investigations, threat-hunting, traffic analysis and for any other requirement which assists the team in responding to or resolving queries or issues.
- Create Microsoft Logic Apps to automate the Sentinel incident workflow to drive efficiencies like reducing manual intervention.
- Perform proactive cyber threat hunting for anomalous system usage, potential attack vectors and security misconfigurations, remediating where possible.
- Improve ASIC's cyber security posture by addressing and responding to various security findings across different environments (on-prem, cloud, 3rd party providers) with existing tooling like Defender for Endpoint.
- Developing threat-hunting use cases and threat modelling.
- Analysing cyber threat intelligence (CTI) feeds for Indicators of Compromise (IoC).
- Review and assessment of threat intelligence reports, determining relevance to ASIC.
- Conducting vulnerability analysis and assessments to augment incident response and threat-hunting activities.
- Assisting the SOC Team Lead in the continuous improvement of SOC processes, tools, and service provision.
- Support the CIRT lead in an active incident.

**About You**
- Proficiency in:
- Cyber Incident Response processes and technologies.
- Analysing logs from SIEMs, OS (inc. Windows and Linux), network security devices, cloud platform services (AWS and Azure), authentication solutions, host-based endpoint security technologies for IoC to discover active threats & vulnerabilities.
- Using SIEM/SOAR and security analytics technologies (e.g., Sentinel, Defender), including experience with REGEX and JSON.
- Operating endpoint security technologies and network perimeter security technologies.
- Awareness of current security frameworks (e.g. MITRE ATT&CK) and those applicable to the Australian Government, such as Protective Security Policy Framework and Information Security Manual.
- Demonstrable skills in assessing, analysing, and resolving complex client and stakeholder related queries, utilising all relevant sources of information, media and stakeholder channels, data, reporting, systems and/or databases.
- Excellent interpersonal and consultative skills.
- Ability to communicate complex information effectively to senior-level audiences.
- Capacity for independent work with accountability for outcomes.
- Collaborative approach, with experience building and maintaining productive relationships.

**ASIC's Values**

At ASIC, our values of Accountability, Professionalism, and Teamwork underpin everything we do. They guide our decision-making and interactions with each other, our customers, and stakeholders.

**Want to know more?**

ASIC offers flexible work options and a commitment to diversity and inclusion. For more information about building your career with ASIC, refer to the ASIC Careers Guide on our Careers at ASIC website.

In line with the Australian Government Security Policy, all personnel engaged by ASIC are required to complete a security assessment. Australian citizenship is required.

**Applications for this role will close at 11:59pm on 9th December 2024