Ict Security Analyst

This State Government department in looking for a ICT Security Analyst to provide security analysis services to a key program. The position will be required to work closely with a range of stakeholders across multiple agencies to support the program security architecture in the various cyber security activities being undertaken.

The work involves performing threat hunting activities, risk assessments and monitoring and reporting of the various security controls that have been deployed by the program to ensure they continue to be fit for purpose. The role also requires preparing documentation for the various security controls in alignment with ISO 27001 and ISO 27002.

The program follows a DevSecOps approach to solution development activities and the security analyst will be required to implement and monitor the security aspects of the approach.

This role identifies and implements security and audit related non-functional requirements by involving with other project roles throughout the project life cycle.

**Key responsibilities**
- Monitor and support the day to day running of the DevSecOps process from a Security perspective. This means monitoring and responding to the security alerts coming out of all the security tools (e.g., WhiteSource Bolt, OWASP ZAP, SonarQube etc).
- Hosting weekly meetings with the Development team to manage issues identified by the security tools
- Use Sentinel, Microsoft Defender, and other Microsoft security tools for Threat Hunting on a weekly basis.
- Fine tune Sentinel configuration to filter out the noise. Maintain ongoing Sentinel configuration for the Program's evolving needs.
- Help Unify projects establish and monitor new Azure security tools e.g., Microsoft 365 Defender and Microsoft Defender for Cloud, Azure Information Protection.
- Perform internal security testing of Unify solutions in a continual basis.
- Coach the departmental technical resources on security best practises that must be embedded in design and implementation practices.
- Use the Threat and Risk Assessments (TRA) as the guiding mechanism, work with projects to ensure the security mitigations identified get implemented in a timely manner.
- Document and maintain the Unify user security role management from a tech perspective

**Essential requirements**
- Demonstrated ability in performing Threat and Risk Assessments.
- Demonstrated ability to perform threat hunting using Solution Designs, Microsoft Sentinel, Rapid 7 Vulnerability Management, Microsoft Defender.
- Demonstrated experience in documenting security systems.
- High level interpersonal skills as demonstrated by ability to establish good working relationships with stakeholders.
- Commit to achieving quality outcomes and ensures documentation procedures are maintained and stakeholders' expectations are met.

**Desirable experience and qualifications**
- At least three years of security analysis work in a cloud environment (AWS, Azure or other).
- Experience performing threat and risk assessments in a complex environment including cloud and on-premises solution components.
- At least two years' experience working with ISO27001 and ISO27002.
- At least two years' experience working with Microsoft Sentinel, Microsoft Defender for Cloud and Microsoft 365 Defender.
- Demonstrated experience in designing and implementing Dynamics365 security roles and Enterprise data warehousing and reporting roles
- A bachelor's degree or masters qualification in Cyber Security.
- Microsoft security certifications e.g. SC-200 will be considered favourably.
- Experience with SharePoint security and Azure user access management

**_ Juan Carlos Marino Londono_**
**_Recruitment Specialist_**
- Aboriginal and Torres Strait Islander people are encouraged to apply._

State: QLD, licensee/s Manpower Services (Australia) Pty Ltd, LHL-02026-D5L4Q. State: QLD, licensee/s Experis Pty Ltd, LHL-02014-Y5F6D. State: SA, licensee/s Manpower Services (Australia) Pty Ltd, LHS 288856