The Client
Our client is a large Federal Government Agency responsible for the national regulator of aged care services, protecting the health, safety and wellbeing of older people.
The Role
The Cyber Security Engineer, Cyber Operations, is a critical technical role within the agency. Reporting to the Assistant Director, Cyber Operations, the Cyber Security Engineers are responsible for deploying, tuning, and maintaining the agency's Cyber Security Controls Framework. This framework is guided by the Australian Cyber Security Centre (ACSC) Essential 8 (Maturity Level 3) and conforms to ISO27001:2022 standards. The roles support the continuing Cyber Uplift Program, a multi-year initiative aimed at enhancing operational efficiency, control effectiveness, and optimising reporting processes through the implementation of best-of-breed technical controls and efficient Governance, Risk and Compliance (GRC) processes.
Key Accountabilities Control Framework Deployment and Maintenance: Deploy, tune, and maintain the Commission's Cyber Security Controls Framework in collaboration with operational teams. Ensure alignment with ACSC Essential 8 (Maturity Level 3) guidelines and ISO27001:2022 standards.Technical Control Implementation: Implement and manage technical controls across various cybersecurity domains including SIEM, SOAR, Continuous Compliance, Vulnerability Management, GRC, PAM, and MFA. Continuously optimise and update security controls to enhance operational efficiency and control effectiveness.Vulnerability Management: Conduct regular vulnerability assessments using tools such as Tenable. Analyse vulnerability assessment results and coordinate remediation efforts to mitigate identified risks.Incident Response and Monitoring: Monitor security alerts and logs from various cybersecurity tools and systems. Respond to security incidents, conduct investigations, and coordinate incident response activities.Security Operations and Maintenance: Oversee the day-to-day operations of cybersecurity tools and systems, ensuring they are functioning optimally. Perform routine maintenance, updates, and patches to keep systems secure and current.Stakeholder Engagement and Collaboration: Work closely with internal and external stakeholders, including vendors and the ACSC, to ensure cybersecurity services are aligned with organisational needs and compliance requirements. Collaborate with cross-functional teams to support cybersecurity initiatives and projects.Governance, Risk and Compliance (GRC): Contribute to the development and maintenance of GRC processes, ensuring they are efficient and effective. Support the organisation's compliance with relevant regulations and standards, including ISO 27001:2022.Continuous Improvement and Professional Development: Stay up to date with the latest cybersecurity trends, threats, and technologies. Participate in continuous professional development and training to enhance skills and knowledge.Security Awareness and Training: Promote a culture of security awareness within the organisation. Provide training and support to employees on cybersecurity best practices and policies.Key Capabilities Technical Expertise: Strong knowledge of security protocols, firewalls, and intrusion detection/prevention systems. Experience with cybersecurity tools, for example, SIEM (including Splunk, LogRhythm), SOAR, vulnerability management (e.g., Nessus, Tanium), GRC platforms (6Clicks), PAM (Secret Server), and MFA solutions.Analytical Skills: Ability to analyse and interpret complex data from various cybersecurity tools and systems. Strong analytical and problem-solving skills, with the ability to assess security issues and develop effective solutions.Communication and Collaboration: Excellent communication skills, both written and verbal, with the ability to convey technical information to non-technical stakeholders. Strong collaboration skills, with the ability to work effectively with cross-functional teams and external partners.Certifications and Experience: Relevant certifications such as CISSP, CISM, or equivalent are preferred but not required. Proven experience in deploying and managing cybersecurity controls in a complex environment.Proactive Approach: Proactive in identifying and addressing security risks, ensuring the protection of the organisation's information assets. Commitment to continuous improvement and staying abreast of the latest cybersecurity trends and best practices.Governance and Compliance Knowledge: Strong understanding of cybersecurity governance, risk management, and compliance frameworks, particularly ISO 27001:2022 and ACSC Essential 8.Due to the nature of this role, this job is open to Australian Citizens only. Candidates that hold a current Baseline NV1/NV2 security clearance are encouraged to apply. If you are interested in the above job, please forward your resume to ******.
Follow Calleo on LinkedIn and visit our website to keep up to date on all our current job vacancies: www.linkedin.com/company/calleoresourcing www.calleo.com.au Calleo is an equal opportunity employer and we encourage applications from all people including Aboriginal and Torres Strait Islander peoples.
#J-18808-Ljbffr