Australian Citizens With NV1 Clearance residing in Australia only respond 

The ITS Section is looking for an experienced security specialist who will be able to join our team and help us deliver key outcomes for the agency. As part of the specialist security engagement, the successful specialist will be asked to perform a review, make recommendations, implement and document selected recommendations in relation to some or all of the following ISM (Essential 8) and PSPF areas:

• Privileged Identity Management/Role-based access control.
• Cloud Security Posture Management.
• Information Protection/Data Loss Prevention.
• Administrative host configuration and hardening.
• General Microsoft Office 365 and Azure hardening and security monitoring.
• Insider risk policy and controls.
• Treatment planning activities outlined in various security documents.
• Standard Operating Procedure development for security operations staff.
• General security documentation updates.
• Assessment and development of security documentation for 3rd party applications.
• Physical security management understanding and meeting ASIO Zone requirements
• Other relevant system security related matters.

The supplier must be able to demonstrate the following skills and experience:

• Demonstrated experience with implementing security controls in Microsoft solutions and platforms (such as Microsoft Azure, Office 365, Sentinel etc.).
• Demonstrated work experience in developing and updating security policies, plans and procedures for government entities.
• Excellent working knowledge of relevant information security standards and their applicability, including but not limited to, the PSPF and ISM controls.
• Strong communication and personal management skills including ability to influence others, and an ability to work with significant autonomy as part of a small team.

Proposed Personnel should have a NV1 level AGSVA Security Clearance from the commencement and duration of any subsequent arrangement.

Every application requires to address selection criteria as part of application submission

Essential Criteria

1. Demonstrate a minimum of 5 years of technical Cyber Security experience. 30 %

2. Experience with the ACSC Information Security Manual (ISM) and the Protective Security Policy Framework (PSPF) or similar information security control frameworks. 30 %

3. Demonstrated experience working with a security focus on system design, development and engineering. 20 %

4. Demonstrated experience working with Cloud systems, such as AWS or Azure. 10 %

5. Demonstrated experience in information security threat modelling and secure development lifecycles. 10 %