Threat & Vulnerability Analyst

Powering Australian Life.

At AGL, we believe energy makes life better. That's why we're passionate about powering the way Australians live, work and move.

Like you, we believe that the world is going through extraordinary challenges. We don't shy away from the tough questions and we consider the answers carefully. We work in partnership with our customers and communities, and take action to shape a better future for all.

As life changes, we join the change, constantly evolving over 185 years. Today we bring all that know-how to transform how Australians produce, share and consume energy. We're investing in new ideas, partnerships and infrastructure - renewing and expanding our portfolio of sources and products to help make them more sustainable, reliable, affordable and useful.

We'll continue to innovate in energy and other essential services to enhance the way Australians live, and to help preserve the world around us for future generations.

The Threat and Vulnerability team is newly created within AGL and will bring dedicated focus to Vulnerability Management and will play a role in the developing Security Intelligence function, working closely with the Security Operations Centre and with Operational Technology teams.

The Threat & Vulnerability Analyst is a technical role which will develop producing threat and compliance reports for a wide variety of technical and non-technical audiences, will work collaboratively with stakeholders to remediate vulnerabilities identified by vulnerability management tools and will assist with management and maintenance of tools used by the vulnerability team.

About the role:
- Ensure that infrastructure is scanned for vulnerabilities and compliance validation, that scanning coverage and implementation is optimized.- Prioritize what needs to be remediated first (e.g. the critical vulnerabilities on their internet facing servers, the critical vulnerabilities on their key IT assets).- Develop reports and presentations for technical and non-technical audiences.- Work with various stakeholders to ensure that remediation management is functioning through assisting with local prioritization, identifying orphan assets, assisting remediation teams by providing vulnerability information etc.- Educate people about the risks to the business, external and internal threats, and importance of Vulnerability Management, hygiene Patch Management and Server Hardening.- Update and maintain operational dashboards that highlight service status and coverage.- Managing the tools used by the vulnerability management team.- Helping to shape and inform the strategic direction of the vulnerability management team.- Identify practical improvements to processes that would improve agility and allow greater utilization of self-service capabilities.

About you:
- Experience in Vulnerability Management and demonstrated success in working with an enterprise level vulnerability management program.- Experience producing high quality threat and compliance reports for a wide variety of technical and non-technical audiences.- Experience working collaboratively with stakeholders to remediate vulnerabilities identified by vulnerability management tools.- An understanding of risk management and the ability to communicate risks to stakeholders.-
- Working knowledge of IDS/IPS, DNS, VPN, SIEM, Firewalls, Cloud services and infrastructure- Technical aptitude in; Active Directory, Windows Server, Linux, Networking- Desirable: Understanding of Cloud and other Security Standards / Frameworks e.g., CIS Benchmarks, NIST CSF, ISO 27001, PCI-DSS, CVSS- Information Security industry certification such as CISSP, CEH, GIAC, SABSA, SANS preferred but not essential, SANS GEVA certification highly regarded.

LI-Hybrid

Inclusion at AGL

AGL has a commitment to maintain a diverse workforce, and welcomes the opportunity for applicants to share their lived experiences. We also recognise that some applicants may not wish to disclose, and we respect their decision. To learn more about reasonable adjustments that can be offered throughout the recruitment process, please visit:
AGL is a
_Circle Back Initiative employer - we commit to respond to every applicant_.

Job Family Group:
Information Technology - Internet-Based