Security Operations Centre Analyst

Location: Melbourne | CBD

Job type: Full Time - Fixed Term

Organisation: Department of Transport and Planning

**Salary**: $109,730 - $132,764

Occupation: IT and Telecommunications

Reference: 6505

**About Us**

About Us The Department of Transport & Planning brings together all transport modes to design, plan, build and operate Victoria's transport system. Our job is to further integrate the transport network and improve the delivery of services to Victorians for simpler, quicker and safer journeys that connect people and places and support Victoria's prosperity and liveability. We’re focused on outcomes that deliver more choice, connections and confidence in our travel, ensuring the whole transport network works as one to deliver better services and outcomes. The department is committed to building a culture where we say 'yes' to flexible work arrangements, provide personal and professional development programs and support ways of working that help employees balance work and life. The department is an equal opportunity employer and welcomes applicants from a diverse range of backgrounds, including veterans, people who identify as Aboriginal and Torres Strait Islander, have a disability, are from varied cultural backgrounds and those who identify as LGBTIQ+. The department provides workplace adjustments for applicants with disabilities. Enterprise Technology (ET) is a branch of the Investment and Technology group which defines investment strategy and deliver commercial and information technology services to drive high performance and improved commercial outcomes within the department.

**About the Role**

The Security Operations Centre Analyst is a position that sits within the Hybrid Security Operations Centre(SOC) in Enterprise Information Security Branch and provides operational support to DTP to identify, detect, respond, and recover from cyber incidents. The role is pivotal to the organisation's cybersecurity resilience and part of the Security Operations responsible for responsible for security incident and alert investigations, threat intelligence management, threat hunting and reporting. Other functions include investigations into live threat intelligence for applicability to DTP, risk assessment of vulnerability alert bulletins, forensic investigations and completing daily checks across monitoring tools to identify noisy, high volume, or false positive alert rules and provide improvement suggestions

This is a fixed term position for 18 months. To access the full position description, please click **here.**

**Your outcomes and accountabilties,**
- As a member of a small team, the cyber security analyst is responsible for security incident and alert investigations, threat intelligence management, threat hunting and reporting.
- Undertake investigations into reported vulnerabilities and emerging threat intelligence and initiate appropriate remediation and escalations.
- Clear Documentation and Reporting: Ability to document incidents thoroughly and communicate risks or findings to non-technical stakeholders.
- Complete daily checks and initial triage and prioritisation of alerts feeding into the DTP SIEM
- Work with a MSSP on daily SIEM alerts and incidents and drive resolution activities.
- Identifying noisy, high volume, or false positive alert rules and provide improvement suggestions.
- Contribute to creation of cyber security use cases and rules to detect potential anomalous ICT activity.
- Maintain incident management tickets to ensure progress is achieved and closed in a timely fashion.
- Drive containment and remediation activities by liaising with different resolver groups.
- Contribute to the development, review and update of the Security Incident Response Plans and playbooks.
- Investigate, document, and report on information security issues and emerging trends.
- Coordinate incident response and critical patching tasks with both internal DTP teams and outsourced providers.
- Manage and mitigate ongoing data, cyber, and information security risks for our organizations.
- This role will require occasional ‘non-office-hours’ work to manage active cyber security incidents and may require ‘on call’ arrangements.

**Qualifications and Experience**

**Mandatory**
- Proven experience working in a Security Operations Centre (SOC) environment.
- Working knowledge of ITIL Incident Management.
- Experience working in incident response, threat intelligence and vulnerability management.
- Hands-on experience with Microsoft Sentinel SIEM and Incident Management tools.
- Skillsets: Log Analysis, Threat Hunting, Incident Handling, Process documentation
- Availability for ad-hoc after-hours escalations

**Desirable**
- Degree or diploma in a relevant field, preferably cyber security.
- 2+ years in cybersecurity experience in Security Operations Centre, preferably in a SOC Analyst
- role.
- Sound knowledge of, or practical experience working with security standards and models such as
- VPDSS, ISM, Ess