Security Operations Lead

**ROLE PURPOSE**

This role contributes to the overall success of the Security function in order to protect and detect both department staff and schools.

The role provides cyber threat intelligence, technical advisory, security maintenance and incident response capability in a fast, high-volume service. Using enterprise security products, this role will actively utilise security platforms to provide insights and ongoing security response to maintain the department's security posture.

**KEY ACCOUNTABILITIES**

**KEY ACTIVITIES**

Security Operations, Administration and Platform Support
- Configure and utilise monitoring products and dashboards to detect anomalous activities adopting a risk-based approach across assets to protect what is most valuable
- Monitor and analyse cyber security events with the use of department security platforms including Splunk, Cylance, Windows Defender and other tools, reviewing health, action alerts and create associated service tickets for action.
- Identify opportunities and automate monitoring services where appropriate.
- Execute on security procedures including testing emergency procedures, running diagnostics, implementing recovery procedures, and performing assurance activities.
- Collaborate with internal and external auditors to facilitate assessments and support compliance initiatives.
- Contribute to the development of policies, security standards, playbooks and procedures to support the team and broader department.
- Manage and maintain close liaison and effective relationships with other branches within the department, other government departments and non-government services.
- Security operations BAU activities like assessing changes, auditing accounts and providing security advise to teams and projects.

Incident Support
- Triage security events and incidents triggered within the department and across Victorian schools, detect anomalies, review IoCs and manage remediation actions.
- Undertake the collation, analysis and controlled dissemination and reporting of cyber security information and threat inteligence to support cyber risks, threats and issues to incident control and stakeholders.
- Carry out forensic work to collect valuable assets and information to support investigations, insurance claims and root cause.
- Collaborate with external partners and vendors in the provision of incident investigation, forensics and support.
- Participate and contribute to post incident reviews to identify lessons learned and promote continuous improvement

Advisory and Risk Prevention
- Evaluate and undertake remediation to manage security risks identifed by security monitoring and audit activities.
- Conduct threat assessments on designs, products, suppliers and platforms evaluating security capabilities and threats to provide concise reports on inherent risks and recommendations to lower risks to acceptable levels
- Regularly undertake compliance checks to determine whether existing security controls have deviated or remain effective over time
- Research and provide advisory on the latest security trends or alerts.

Reporting
- Design and deliver reporting systems for the Department which allow executives to have visibility of the security program and provide insights on a wide range of security indicators
- Support the development of briefings, correspondences, and any reporting necessary to provide management with security updates

**Capability Description**
- Experience using and enhancing cyber security related technologies including endpoint protection, SIEM, intrusiion protection, cloud monitoring, and identity management.
- Experience and aptitude for intelligence and analysis activities including forecasting, monitoring, and trend assessment utilising a range of telemetry and technology.

**HOW TO APPLY**:
Please submit your resume (in MS Word Format) for consideration via the link below. A cover letter demonstrating your relevant experience may also be reviewed.

Your interest will be treated in the strictest of confidence.