Canberra, ACT, Australia

Threat Detection Engineer

 Job Description:

Please respond to the job if you are an Australian Citizen and residing in Australia.

  • Contract start 01 April 2023 To 12 months, 2 x 12 months extensions.
  • Australian Citizen, ability to obtain Baseline Clearance, Canberra role.

Send your responses to jobs@softtestpays.com

Overview

The Department of Industry, Science and Resources (DISR) strives to encourage the sustainable growth of Australian industries including the delivery of a national innovation system to drive knowledge creation, international competitiveness and greater productivity. Our staff are committed to developing policies and delivering programs, in partnership with stakeholders, to provide lasting economic benefits based on principles of social justice and equity for all Australians.

The CIO Group provides a range of enabling services and operational delivery support to the Department and to Australian businesses, and is seeking to engage a Threat Detection Engineer (TDE) to drive the detection engineering practice in its Security Operations Centre (SOC).

The TDE will be responsible for the research, development, testing and maintenance of use cases and detection rules, including manual threat hunts. They are to co-ordinate with Cyber Defence Analysts in developing situational awareness through the integration and maintenance of the SIEM, SOAR and EDR. As part of the detection engineering lifecycle the TDE is expected to work in an ITIL and Agile environment. The Threat Detection Engineer is also responsible for providing high-level technical assistance to infrastructure and architecture staff on risk and vulnerability reduction by means of the detection capability of the SOC.

Key Responsibilities:

  • Create threat models and preform threat hunts to inform the detection engineering strategy
  • Develop use cases based off threat models, system risks, vulnerabilities, intelligence, incident reports and industry frameworks
  • Develop the detection rule syntax associated with use cases within the SIEM and EDR technologies
  • Develop playbooks for alert validation by understanding the context in which the detection rule is designed
  • Collaborate with Cyber Defence Analysts for detection rule tuning
  • Maintain the threat intelligence integrations across the SOC technology stack
  • Assist in the identification of content shortfalls across the detection engineering practice
  • Assist with incident response at that direction of the incident manager
  • Conduct in-depth research and analysis for new detection content
  • Assist in the onboarding of new data sources to meet requirements of use cases
  • Provide evaluation and feedback necessary for improving intelligence production and reporting
  • Provide support to designated exercises, planning activities, and time sensitive operations

Every application requires to address selection criteria as part of application submission

Essential Criteria

Demonstratable experience in content development with at least 2 SIEM technologies (Splunk, Elastic, Q-Radar, MS Sentinel)

Experience in a detection engineering practice

An understanding of the sigma detection rule syntax

Experience with SOAR technologies and playbook development

Experience with EDR technologies (Carbon Black, CrowdStrike, Defender ATP)

A thorough understanding of the cyber threat intelligence lifecycle

Knowledge of scripting languages (Bash, Python)

Strong organisational and teamwork skills.

Professional Certifications, such as GIAC

Minimum 5 years of cyber security operations experience

  Required Skills:

Splunk Analysts Intelligence Technical Assistance Onboarding Analysis Bash ITIL Validation Architecture Infrastructure Integration Strategy Security Teamwork Python Research Testing Maintenance Planning Engineering Science