About Us The Department of Transport & Planning brings together all transport modes to design, plan, build and operate Victoria's transport system. Our job is to further integrate the transport network and improve the delivery of services to Victorians for simpler, quicker and safer journeys that connect people and places and support Victoria's prosperity and liveability. We’re focused on outcomes that deliver more choice, connections and confidence in our travel, ensuring the whole transport network works as one to deliver better services and outcomes. The department is committed to building a culture where we say 'yes' to flexible work arrangements, provide personal and professional development programs and support ways of working that help employees balance work and life. The department is an equal opportunity employer and welcomes applicants from a diverse range of backgrounds, including veterans, people who identify as Aboriginal and Torres Strait Islander, have a disability, are from varied cultural backgrounds and those who identify as LGBTIQ+. The department provides workplace adjustments for applicants with disabilities. Enterprise Technology (ET) is a branch of the Investment and Technology group which defines investment strategy and deliver commercial and information technology services to drive high performance and improved commercial outcomes within the department.

About the Role

The Security Operations Centre Analyst is a position that sits within the Hybrid Security Operations Centre(SOC) in Enterprise Information Security Branch and provides operational support to DTP to identify, detect, respond, and recover from cyber incidents. The role is pivotal to the organisation's cybersecurity resilience and part of the Security Operations responsible for responsible for security incident and alert investigations, threat intelligence management, threat hunting and reporting. Other functions include investigations into live threat intelligence for applicability to DTP, risk assessment of vulnerability alert bulletins, forensic investigations and completing daily checks across monitoring tools to identify noisy, high volume, or false positive alert rules and provide improvement suggestions

This is a fixed term position for 18 months. To access the full position description, please click here.

Your outcomes and accountabilties,

• As a member of a small team, the cyber security analyst is responsible for security incident and alert investigations, threat intelligence management, threat hunting and reporting.
• Undertake investigations into reported vulnerabilities and emerging threat intelligence and initiate appropriate remediation and escalations.
• Clear Documentation and Reporting: Ability to document incidents thoroughly and communicate risks or findings to non-technical stakeholders.
• Complete daily checks and initial triage and prioritisation of alerts feeding into the DTP SIEM
• Work with a MSSP on daily SIEM alerts and incidents and drive resolution activities.
• Identifying noisy, high volume, or false positive alert rules and provide improvement suggestions.
• Contribute to creation of cyber security use cases and rules to detect potential anomalous ICT activity.
• Maintain incident management tickets to ensure progress is achieved and closed in a timely fashion.
• Drive containment and remediation activities by liaising with different resolver groups.
• Contribute to the development, review and update of the Security Incident Response Plans and playbooks.
• Investigate, document, and report on information security issues and emerging trends.
• Coordinate incident response and critical patching tasks with both internal DTP teams and outsourced providers.
• Manage and mitigate ongoing data, cyber, and information security risks for our organizations.
• This role will require occasional ‘non-office-hours’ work to manage active cyber security incidents and may require ‘on call’ arrangements.

Qualifications and Experience

Mandatory

• Proven experience working in a Security Operations Centre (SOC) environment.
• Working knowledge of ITIL Incident Management.
• Experience working in incident response, threat intelligence and vulnerability management.
• Hands-on experience with Microsoft Sentinel SIEM and Incident Management tools.
• Skillsets: Log Analysis, Threat Hunting, Incident Handling, Process documentation
• Availability for ad-hoc after-hours escalations

Desirable

• Degree or diploma in a relevant field, preferably cyber security.
• 2+ years in cybersecurity experience in Security Operations Centre, preferably in a SOC Analyst
• role.
• Sound knowledge of, or practical experience working with security standards and models such as
• VPDSS, ISM, Essential 8, NIST CSF, NIST 800-61r2, Cyber Kill Chain, and MITRE ATT&CK.
• Proficiency in Threat Detection and Incident Response: Ability to identify and respond to indicators
• of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by threat actors.
• Security certifications such as Microsoft Security Operations Analyst, CompTIA Security+ etc.
• GIAC Certified Incident Handler Certification
• Understanding of or experience with OT security controls
• Foundational skills in Digital Forensics and Incident Response

What we offer

• Meaningful work making Victorian communities more accessible and liveable
• Professional growth and development opportunities across the department and the wider Victorian Public Services
• Opportunity to work across multiple urban and suburban hubs
• We prioritise the development of a safe and inclusive culture

Cultural Values

We are an equal opportunity employer, embracing a diverse range of applicants such as veterans, and people who identify as Aboriginal and/or Torres Strait Islander, LGBTQIA community members, individuals with disabilities and/or health conditions, as well as those from varied faith and cultural backgrounds. At our department, we prioritize the development of a safe, inclusive, and high-performance culture through shared actions and behaviours that align with our strategy and direction. This empowers our employees to effectively contribute to our goals.

How to Apply

Applications should include a resume and a covering letter.  Applications close 11.59pm on Sunday 19th February 2025

For further information about the role please contact Yash Kaushik - yash.kaushik@transport.vic.gov.au

Preferred applicants may be required to complete a police check and may be subject to other pre-employment checks. Information provided to the Department of Transport and Planning will be treated in the strictest confidence.

Please let us know via phone or email if you require any adjustments to ensure your full participation in the recruitment process or if you need the ad or any attachments in an accessible format (e.g., large print) due to any viewing difficulties or other accessibility requirements.