Lead Cyber Security Specialist (PROJ-4613)
Job Description
Remote is seeking a Lead Cyber Security Specialist who will have expert knowledge in technical components of cyber security, and will be able to expand those skills to a wide range of situations in ASD. They will engage with diverse Critical Infrastructure entities and apply specialist skills in multiple areas of operational technology and cyber security. The Lead Cyber Security Specialist will conduct security assessments of complex IT and operational systems, evaluate the effectiveness of security controls, and provide clear, actionable advice to strengthen cyber resilience, including through technical analysis, documentation review, stakeholder engagement and participation in security risk governance processes. (LH-05346 )
Role Description
Job Duties and Responsibilities
- Perform cyber security assessments of complex information and operational technology systems,
- Assess the effectiveness of security controls,
- Contribute to, and produce, meaningful and actionable cyber security advice to improve cyber resilience of critical infrastructure,
- Verify cyber security posture of critical systems through the use of technical tooling, document review, and stakeholder workshops, and
- Participate in Risk Governance processes to provide security risk, mitigations and input on other technical risk.
Essential criteria
- Minimum 3-5 years demonstrated experience in a cyber-security role.
- Demonstrated strong understanding of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilising standards-based concepts and capabilities.
- Demonstrated broad knowledge of the unique attributes and requirements of operational technology systems used within critical infrastructure, and the cyber security controls applicable to such systems.
- Demonstrated broad knowledge of cyber security and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data.
- Demonstrated broad knowledge of cyber threats and vulnerabilities; and critical Information systems with information communication technology that were designed without security considerations.
- Demonstrated experience preparing and presenting briefings, and engaging stakeholders at all levels, utilising excellent communication skills.
Desirable criteria
- Demonstrated skills in performing risk assessments and review of systems.
- Demonstrated skills in technical writing, including developing and editing assessment products.
- Demonstrated skills in interpreting the output of assessment tooling to identify cyber posture strengths and weaknesses.
- Demonstrated commitment to continuous improvement and innovation in cyber security practices, and holds relevant industry certifications.