ASD 6, EL1 Information Security Analyst

ASD 6 Information Security Analyst

The ASD 6 Analysts are employed in either the Security Operations Centre (SOC) or Protective Monitoring teams. These teams are responsible for analysing information from multiple sources to protect ASDs people, resources and capability. The SOC is responsible for monitoring for external threats, and Protective Monitoring is responsible for monitoring risks associated with ASD and DIA employees.

The ASD 6 Analysts perform the following tasks:

Security Operations Centre (SOC) Team

• Provide Subject Matter Expertise (SME) when performing investigation analysis and the development of new security use-cases
• Review security use-cases in development and provide an approval gateway at each step of the development lifecycle
• Manage the implementation of security use-cases in SIEM and Automation platforms
• Escalation point for security Incidents
• Contribute to digital forensic investigations by processing and analysing evidence and artefacts in line with policy, standards and guidelines and support production of forensics findings and reports
• Utilise a diverse set of capabilities, including various SIEM and investigation capabilities, to investigate cyber security incidents. Be able to develop skills in new capabilities as required as part of investigations
• Communicate technical findings and recommendations through formal reporting, briefs, emails and verbal advice in accordance with the Australian Signals Directorate writing standards
• Collaborate with organisations and stakeholders to provide remediation advice/plan to system owners and managers in order to improve system security posture
• Sustain effective working relationships with team members and actively participate in teamwork and group activities
• Facilitate appropriate direction, including technical direction, for their employees by clearly communicating goals and objectives.

Protective Monitoring Team

• Analyse and report on security-relevant data for Personnel Security investigations
• Monitor incoming alert queues for potential security incidents
• Perform initial investigation analysis and triage of alerts, documenting findings in the Incident Management platform
• Maintain use-case playbooks, checklists and analyst Standard Operating Procedures (SOPs)
• Develop and maintain automated reports
• Develop security use-cases to detect abnormal activity
• Support Personnel Security activities as required, including the case management process
• Utilise a diverse set of capabilities, including various SIEM and investigation capabilities, to investigate insider threat incidents. Be able to develop skills in new capabilities as required as part of investigations
• Communicate technical findings and recommendations through formal reporting, briefs, emails and verbal advice in accordance with the Australian Signals Directorate writing standards
• Sustain effective working relationships with team members and actively participate in teamwork and group activities
• Facilitate appropriate direction, including technical direction, for their employees by clearly communicating goals and objectives.

ASD EL1 Information Security Analyst

The ASD EL1 Information Security Analysts are employed in either the Security Operations Centre (SOC) or Protective Monitoring teams. These teams are responsible for analysing information from multiple sources to protect ASDs people, resources and capability. The SOC is responsible for monitoring for external threats, and Protective Monitoring is responsible for monitoring risks associated with ASD and DIA employees.

The ASD EL1 Analysts perform the following tasks:

Security Operations Centre (SOC) Team

• Provide Subject Matter Expertise (SME) when performing investigation analysis and the development of new security use-cases
• Review security use-cases in development and provide an approval gateway at each step of the development lifecycle
• Lead the implementation of security use-cases in SIEM and Automation platforms
• Lead management of security incidents
• Lead digital forensic investigations in line with policy, standards and guidelines and support production of forensics findings and reports
• Utilise a diverse set of capabilities, including various SIEM and investigation capabilities, to investigate cyber security incidents. Be able to foster development of skills in new capabilities as required as part of investigations
• Communicate technical findings and recommendations through formal reporting, briefs, emails and verbal advice in accordance with the Australian Signals Directorate writing standards
• Drive collaborate with organisations and stakeholders to provide remediation advice/plan to system owners and managers in order to improve system security posture
• Build and sustain effective working relationships with team members and actively participate in teamwork and group activities
• Drive appropriate direction, including technical direction, for their employees by clearly communicating goals and objectives in line with ASD strategic objectives.

Protective Monitoring Team

• Lead analysis and reporting on security-relevant data for Personnel Security investigations
• Direct monitoring of incoming alert queues for potential security incidents
• Lead investigation analysis and triage of alerts, documenting findings in the Incident Management platform
• Maintain use-case playbooks, checklists and analyst Standard Operating Procedures (SOPs)
• Lead development and sustainment of automated reports
• Drive develop security use-cases to detect abnormal activity
• Support Personnel Security activities as required, including the case management process
• Utilise a diverse set of capabilities, including various SIEM and investigation capabilities, to investigate insider threat incidents. Be able to foster development of skills in new capabilities as required as part of investigations
• Communicate technical findings and recommendations through formal reporting, briefs, emails and verbal advice in accordance with the Australian Signals Directorate writing standards
• Drive collaborate with organisations and stakeholders to provide remediation advice/plan to system owners and managers in order to improve system security posture
• Build and sustain effective working relationships with team members and actively participate in teamwork and group activities.

Further information can be found at: I'm changing my career | Australian Signals Directorate )