Calleo is seeking for mutiples Cyber Security Specialist for one of our Federal clients:

Cyber Security Specialist

Essential
·       SOC Analyst / Cyber Security certifications (such as CompTIA Cybersecurity Analyst, EC- Council Certified SOC Analyst, GIAC Certified Incident Handler)
·       Certified SAFe® Practitioner (mandatory for all COSPO personnel - can be completed upon engagement).

Experience
·       Use and user configuration of Security Incident and Event Management platforms (such as Splunk)
·       ‘SOC based’ Incident Response
·       Open source intelligence analysis and reporting Desirable:
·       Threat hunting in Linux environments
·       Vulnerability Assessment or Penetration Testing
·       Cyber supply chain risk assessments
·       Administration/SOC experience in containerised/virtualised environments
·       Application of Defence Security Policy Framework and Information Security Manual
·       Australian government/Defence experience

Responsibilities
·       Cyber security monitoring/analysis via a SIEM
·       Contribution to Incident Response under Cyber Security Manager direction
·       Ongoing vulnerability management (as a result of automated or manual notification of CVEs)
·       Cyber Supply Chain Risk analysis for COTS and OSS
·       Open-source intelligence analysis and reporting
·       Advice to Product Teams on cyber security logging and monitoring implementation.
·       Contribution to Cyber Security Team policies and processes

Cyber Security Manager

Essential:
·       Cert IV (or equivalent) in either Cyber Security or Intelligence Operations or Security and Risk Management.

Experience
Essential:
·       ICT Security Governance, Risk and Compliance (GRC) or equivalent experience
·       Open source intelligence analysis, risk assessments and technical reporting
·       ‘SOC based’ Cyber Incident response, as both an analyst and manager
·       Threat modelling, threat hunt planning and execution
·       SIEM optimisation and tuning
·       Supply chain risk assessments and reporting
·       Vulnerability assessment and management Desirable:
·       Have held a Security Operations Centre (SOC) role
·       MITRE ATT&CK experience
·       SCAP, STIG and CIS standards experience
·       Agile / Scrum experience
·       DevSecOps and CI/CD pipeline security
·       Network and host digital forensics
·       SIEM design and deployment
·       Containerisation security controls and logging
·       Australian military or Department of Defence experience
·       Australian intelligence organisational collaboration / experience

Responsibilities
·       Conduct of vulnerability management activities, stakeholder communications and reports across all COSPO Products (both SW and HW components)
·       Maintenance and execution of the Cyber Supply Chain Risk Management Plan
·       Management and further development of both SOC capabilities and SOC analysts.
·       Leadership of threat hunt planning, execution and reporting
·       Cyber Security Operations including development and maintenance of Standard Operating Procedures
·       Analysis and application of Cyber Threat Intelligence 
·       Cyber Security stakeholder engagement within broader Defence Digital Group and Defence Department
·       Leadership of internal Cyber Security training
·       Specialist ICT security advice into Product Team design, development and test activities
·       Incident Response Plan execution and maintenance(IRP)

Security Assessor

Essential
·       Cyber Security Industry certifications (CISSP, ISO27001 Auditor/Implementer, CISA or CISM)
·       Certified SAFe® Practitioner (mandatory for all COSPO personnel - can be completed upon engagement).

Essential
·       Completed a certification and accreditation assessment for a Federal Government Agency
·       Significant experience conducting security assessments and risk management at an Enterprise scale.
·       Demonstrated security experience within complex ICT environments
·       Experience working within the Defence Environment
·       Demonstrated understanding of the Protective Security Policy Framework (PSPF), the Australian Government Information Security Manual (ISM), and other Australian Government security guidance and advice
 
Desirable
·       Completed a full IRAP assessment for a Federal Government Agency
·       Knowledge, experience of, and relationships within the technology industry
·       Delivery of technology to support regulatory decision-making processes.
·       Experience delivering to the Australian Government Digital Service Standard
·       Demonstrated experience in and understanding of information technology and/or cyber security.
·       Understanding of international security standards such as Security Technical Implementation Guides (STIG), Center for Internet Security (CIS) and NIST.

Responsibilities
·       Security threat and risk assessment identification and development of security accreditation with certification report.
·       Certification and accreditation Assessments of proposed ICT designs and solutions
·       Re-evaluate accreditation documents when accreditation timeframes lapse or a system/environment change requires a re-evaluation
·       Provide security advice relating to accreditation documents. This will be required and requested by the Commonwealth on an ad hoc basis as COSPO requires it.
·       Stakeholder management and communication of security concepts to non-technical audiences both verbally and in writing.
·       Manage, develop and support complex relationships with stakeholders to achieve work area goals

Systems Designer (Security Logging and Monitoring)

Essential:
·       Tertiary qualifications (e.g. Bachelor) in Computer Science, Cyber Systems Engineer, or a related discipline.
·       Microsoft Role-Based certifications (MCSE: Core Infrastructure)

Experience
Essential:
·       An in depth understanding of current cyber security logging and monitoring techniques, alongside high level ability to provide advice, guidance and recommendations to stakeholders regarding SIEM logging and monitoring requirements
·       Demonstrated strong understanding of Defence and Australian Government ICT Policy, with emphasis on DSPF and ISM Controls, and ability to translate these controls into system design and engineering tasks.
·       Demonstrated Experience with SIEM technologies such as Splunk, coupled with the ability to utilise system administration or scripting experience to address cyber security requirements.
·       Demonstrated experience with hyper-converged infrastructure across hypervisor, network, compute and storage installations.
·       Strong background as a Cyber Systems Engineer on medium to large size projects.
·       High level documentation experience and skills to achieve and attain Authority to Operate for active use systems at various classifications.
·       Demonstrated high-level skills in open communication, problem-solving, and deep analytical concepts used in collaboration with a broad range of audiences.

Desirable:
·       Experience in defensive and/or offensive cyber operations, with a focus on detection engineering.
·       Hold vendor certifications (Broadcom VMware, Microsoft Windows, Enterprise Linux, Splunk).
·       Scripting experience using PowerShell and/or Python.
·       Australian government and/or Defence experience.
·       Systems and software testing experience
·       Experience with agile development processes.

Responsibilities
·       Plan, design, prototype and implement system components that meet organisational and engineering requirements.
·       Ensure system designs achieve efficiency, security, and scalability by selecting appropriate architecture, hardware, software, and applied configurations.
·       Configuring security logging and monitoring aspects of a range of software and hardware products.
·       Documenting system infrastructure and processes, including producing diagrams, capturing as built configurations, and defining troubleshooting and/or recovery actions.
·       Investigate systems engineering concepts, identify, and understand the different components within engineered systems such as software, hardware and building IT infrastructure.
·       Authoring requirements and design documentation for large IT systems based on high- level guidance and engineering process.
·       Investigate, analyse and report on the IT systems engineering defects and requirements, develop and implement recommendations and advice to address issues.
·       Engage with multiple stakeholders to deliver and manage IT systems engineering specifications and resources in support of the Defence materiel capability lifecycle.
·       In-depth knowledge of and compliance with legislative frameworks, government decision- making and Defence’s mission and policy requirements.
·       Evaluation of delivered materiel against requirements and legislative, policy and regulatory frameworks, provide recommendations and contribute to the implementation of actions.
·       Monitor and ensure safety aspects of Defence materiel systems are considered and incorporated into systems engineering activities.
·       Accountable for exercising assigned engineering authorities and any Technical Regulatory Authority delegations.
·       Assess technical and design packages including scoping, planning, reviewing, providing recommendations and contributing to the implementation of actions.
·       Installing new software, hardware and equipment necessary to optimize output and providing ongoing maintenance and technical support.

Systems Development & Test Environment  System Engineer

Qualifications
Essential:
·       Tertiary qualifications (e.g. Bachelor) in Computer Science, Software Engineering, or a related discipline
·       Experience as a system architect, developers or systems engineer in large, complex environments.
·       Experience in DevSecOps systems development.
·       Experience in requirements definition and management
·       Certified SAFe® Practitioner (mandatory for all COSPO personnel - can be completed upon engagement).

Experience
Essential:
·       Strong background as in IT architecture or systems engineering on medium to large size projects.
·       Experience in DevSecOps development.
·       Experience creating high level/detailed level designs and reference architecture
·       Demonstrated knowledge of Commonwealth Cybersecurity frameworks (e.g. ISM, PSPF, and ASD Essential 8)
·       Understanding and awareness of security best practice.
·       Understanding and awareness of Application and Service hardening and limitations.
·       Strong communication skills - with the ability to translate/transfer business and technical terminology.
 
Desirable:
·       Australian Government, Defence, or Defence Industry experience
·       Authoring and reviewing DODAF artefacts.
·       Experience in defensive and/or offensive cyber operations
·       Experience with VMWare virtualisation
·       Experience with software engineering.
·       High level communication skills
·       Experience with Ansible, Terraform or other automation tools.
·       Experience with Continuous Integration and Continuous Delivery Pipelines.
·       Experience with agile development processes.
·       Experience with Docker and related containerisation software

Responsibilities
·       Elicit and analysing functional, non-functional and security requirements.
·       Ensure customer requirements, priorities and acceptance criteria are accurately captured and validated
·       Organise and prioritising requirements using techniques such as, but not limited to, product roadmaps, epics, user stories and backlogs
·       specify and validate requirements, constraints and acceptance criteria to a level that enables effective development and operations of new or changed software, systems, processes, products or services
·       Establish requirements baselines or backlogs, obtain appropriate agreement torequirements and ensure traceability to source.
·       Select and adapt appropriate requirements definition and management methods, tools and techniques. Contributes to the development of organisational methods and standards for requirements management.
·       Maintain SDTE Operational Concept Document and Function Performance Specifications
·       Design system components using appropriate modelling techniques following agreed architectures, design standards, patterns and methodology.
·       Produces detailed design specifications to form the basis for the construction of systems. Reviews, verifies and improves own designs against specifications.
·       Create and maintains roadmaps to guide the execution of business strategy and capability improvements, including roadmaps to migrate components to cloud services
·       Liaise with other Solution Architects and the Designers from the JP9131-1 Projects to align architecture roadmaps and blueprints.


Must hold NV1 security clearance or higher

Australian government and/or Defence experience is desirable

If interested, please apply directly through the links provided.

Alternately, please feel free to contact Luci for more information – luci.cortez@callleo.com.au

Follow Calleo on LinkedIn and visit our website to keep up to date on all our current job vacancies:

www.linkedin.com/company/calleoresourcing
www.calleo.com.au


Calleo is an equal opportunity employer and we encourage applications from all people including Aboriginal and Torres Strait Islander peoples .