Cyber Security Support Officer

About TAFE Queensland
TAFE Queensland is proud to be the largest and most experienced Vocational Education and Training provider in the State. For more than 140 years, TAFE Queensland has delivered practical and industry-relevant training to provide students with the skills and experience they need to build lifelong careers. We have recently been named the State Winner of the 2021 Large Training Provider of the Year at the prestigious Queensland Training Awards. Our training is delivered to students and apprentices on-site, online, in the workplace, or on-campus to give people the skills they need to enrich their communities, support their industries, and strengthen their local economies.
By working at TAFE Queensland, you can be part of a highly experienced workforce closely connected with their industries and dedicated to delivering best practices and innovative training.
Your Opportunity
As a Cyber Security Support Officer in our Cyber Security team, your primary focus is to support the active monitoring of the on-premise and cloud environments for cyber threats and investigate network intrusions and other cyber security events within TAFE Queensland's statewide operations. You will:

- Learn to support the ongoing security engineering efforts to develop and maintain TAFE Queensland's cyber security solutions.
- Work as part of the Cyber Security Operations team to help identify, triage and resolve cyber security events.
- Support incident detection and response activities and the continual improvement of these services across both cloud and on-premises systems and services.
- Identify and support remediation activities with misconfigurations within deployed security solutions.

This position reports to the Manager, Security Operations.
This is a Permanent, Full-Time opportunity.
The position will be based primarily at Mount Gravatt, however you may be required to perform work at other TAFE Queensland campuses.
Key Responsibilities
- Help support and learn the processes of time-sensitive detection, identification, and alerting of intrusions, anomalous and misuse activities, and be able to learn to distinguish these incidents and events from benign activities across complex on-premise and cloud environments.
- Support and learn incident response activities, incident assessment and investigation, and reporting on cyber security breaches, ensuring identified security breaches are promptly and thoroughly investigated, including determining potential impact, performing root cause analysis and making recommendations on timely remediation.
- Perform operations and administrative activities for the security of the organisation, including event correlation, monitoring, research, assessment and analysis using enterprise security tools (SIEM, mail gateways, EDR/antivirus, and other cloud-based systems).
- Support proactive threat hunting activities; threat hunting activities, analysing, and responding to current, emerging and organisation-specific threats.
- Support the identification and escalation of gaps in visibility, intelligence and technology that could improve the efficiency or efficacy of the Cyber security services.
- Improving upon existing documentation or creating documentation where required.
- Responsible handling of potentially sensitive information.

How you will be assessed
The ideal applicant will be someone who has the following key capabilities:
*
- Demonstrated experience working within an enterprise ICT environment with a desire to move into a security role; or have industry-specific knowledge related to Cyber Security and is looking to learn and develop their tradecraft.
- Demonstrated ability and understanding of scripting languages in the context of automating tasks and actions preferably related to cyber security. Experience in the Kusto Query Language, or an equivalent language is desirable.
- Experience or knowledge of effective security monitoring of Microsoft Azure and Office 365 cloud-based environments.
- Experience or knowledge of configuring, tuning and analysing events from security platforms and Windows Security Events.
- Strong desire to learn and build capability in next generation SIEM/SOAR solutions, and have a clear vision and understanding of security orchestration.
- Strong written and verbal communication skills, with the proven ability to engage effectively at all levels of an organisation, including the ability to work effectively alongside outsourced delivery partners.
- Demonstrated ability to live and promote a strong ICT team culture that values the contributions of all team members, is honest and considerate, and through that is an active participant in building and maintaining a highly respected high-performance team.

Mandatory/Highly Desirable Requirements
- Working knowledge of the importance of timely Cyber Security actions to address attacks.
- Knowledge of the various functions, common toolsets and their purposes within a Security Operations.
- Knowledge of