We are seeking an experienced cyber security professional with strong understanding of risk, compliance and ability to define and operationalise cybersecurity processes.
- Make a real difference to the future of Australia’s hottest government cloud startup
- Build the Security Operations Centre of your dreams
- Show us your skills in identifying potential vulnerabilities and learn new techniques
Vault is one of the first cloud service providers globally to be certified by ASD at a ‘protected’ level. Vault is rapidly growing and is dedicated to providing sovereign, agile and hyper-scale cloud services to the Government and its partners.
The purpose of this role is to ensure that the Vault cloud complies with government security requirements at all times. You will be actively looking for potential security issues across all systems and analyze any security incidents, providing a compliant path to implementing a solution to the other teams. You will help us improve our SOC and automate security-related monitoring.
Job Tasks and Responsibilities
The duties and tasks are varied and complex needing independent judgement. Below you will find a list of some of the key duties and responsibilities:
- Use the monitoring data from Cloud Operations team to analyse potential breaches, work with other teams on solutions.
- Continuously go through the current ISM controls and ensure they are correctly applied everywhere.
- Automate above two points as much as possible using CI and other tools.
- Providing guidance on the techniques, principles and theories pertaining to providing security and protection to IT resources, including knowledge of policies, guidelines and procedures involved with the protection of hardware, software and services.
- Implementing policies and solutions that fall within the Federal Enterprise Security Architecture framework and effectively integrate program elements such as cybersecurity, and project management.
- Applying auditing techniques for identifying problems; responding to data calls by gathering and analysing pertinent information, forming conclusions, developing solutions and implementing plans consistent with the department’s management goals.
- Conduct regular internal security audits and hold staff security meetings.
Skills and Experience
Below is a list of the required experience, skills and qualifications that will allow you to be successful in this role.
- Skills to actively check for security issues through code review, vulnerability testing and manual probing of Linux and Windows systems and network equipment. Read code written in python, bash and PowerShell.
- Administration knowledge of Linux-based HIDS, log analysers (Elastic/Kibana), virus scanners and application whitelisting (SELinux, AppArmor).
- Experience in making complex Linux-based clouds compliant with ASD requirements.
- Automating as many of the job-related tasks as possible.
- Familiarity with federal data classification standards and their associated implications.
- Bachelor degree in Computer Science (or related degree and professional experience).
- Experience in building a SOC, ideally with Open Source tools
- ASD Information Security Manual implementation knowledge.
- Experience with IRAP assessment process.
- Fortigate (FortiOS) Firewall.
- Windows CIS Compliance Audit Policies.
Other skills include:
- Exceptional communication skills both written and verbal.
- Ability to think strategically and execute quality output.
- Proven success in contributing to a team-oriented environment.
- Strong problem solving and troubleshooting skills.
- Experience in researching, developing and applying new methodologies and technologies.
- Strong understanding of industry leading practices in information security, compliance and risk management.
How To Apply
If you are looking for an opportunity to add value to a fast-growing Australian company, please submit your resume along with your cover letter (no more than two pages) to firstname.lastname@example.org