(Cyber) Incident Response Specialist
Macquarie University (Sydney, Australia) Wallumattagal Campus, North Ryde
Dates
- Opening Date: 10-Sep-2024
- Closing Date: 16-Sep-2024
Location
- Wallumattagal Campus, North Ryde
Salary
- From $108,391 to $117,519 gross per annum (HEW Level 7), plus 17% employer's superannuation and annual leave loading.
Responsibilities
- Manage first and second level cyber security incident response activities, including understanding the root cause of an incident to investigate and provide effective resolutions, in line with MQ Cyber Security incident response processes, escalating as required.
- Manage penetration testing and auditing using commonly known tools and techniques as well as build scripts to identify weaknesses within the MQ IT environment, analyse and interpret the output to make recommendations for continuous improvement.
- Provide support to the CISO with conducting reviews, analysis and documentation of architecture and design documents from MQ IT to investigate and address security concerns with stakeholders.
- Partner with stakeholders to understand and resolve cyber security concerns, ensuring the gathering of facts and information from relevant sources to appropriately diagnose issues and present resolutions.
- Prepare documents, reports, presentations for the CISO, including providing support with senior management, Council and committees reporting.
- Provide cyber security knowledge and expertise to support projects across the University and entities to ensure compliance with industry and MQ IT security standards.
- Coordinate, support and contribute to continuous improvement of MQ IT security systems and processes.
- Build and maintain effective relationships with internal and external stakeholders, including the ability to communicate effectively with a wide range of audiences with various levels of understanding of cyber security.
Requirements
- Experience in investigating and identifying the root cause of cyber security incidents.
- Experience managing penetration testing into systems and web applications.
- Excellent coding skills across multiple coding languages.
- Ability to communicate effectively with a wide range of audiences and translate technical jargon into simple terms.
- Experience with managing cyber security incident response activities and identifying the root cause for appropriate remediation.
- Experience writing code in various scripting and programming languages, e.g. Bash, Powershell, Python.
- Demonstrated experience with penetration testing and using auditing tools, e.g. NMAP, Cloud auditing tools, Nikto, Dirbuster, Nuclei, Netcat, DNS interrogation tools, Tenable io, Burpsuite.
- Experience of cloud environments and managing security incidents in hybrid clouds.
- Excellent interpersonal and communications skills (written and verbal).
- Tertiary qualification or certificate in IT or relevant discipline (desirable).
Benefits
- 17% employer's superannuation and annual leave loading.
- Hybrid working arrangement.
- Opportunity to work in a highly specialised and busy role.
Notes
- This position requires a criminal record check. AGSVA security clearance may be required.
- General Enquiries: Orlagh Morgan, HR Administrator via orlagh.morgan@mq.edu.au.
Cyber Security Assurance Analyst
The University of New South Wales (UNSW Sydney) UNSW Kensington Campus, Sydney, NSW
Dates
- Opening Date: 25-Sep-2024
- Closing Date: 08-Oct-2024
Location
- UNSW Kensington Campus, Sydney, NSW
Salary
- Starting Salary $110,073 plus generous superannuation
Responsibilities
- Support the maintenance and operational delivery of cyber security controls assurance services designed to assess whether minimum defensible and enhanced controls are operating effectively and consistently.
- Conduct regular reviews, audits and assessments to evaluate the design and operational effectiveness of internal cyber security controls defined in scope of controls assurance.
- Ensure controls effectiveness tests are performed, such as vulnerability scanning, penetration testing, and control testing, etc., to validate the effectiveness of controls.
- Identify and analyse potential vulnerabilities, threats, and risks to UNSW's assets and determine if the controls are in place to adequately address them.
- Engage with key stakeholders in responding to queries associated with controls stipulated in Cyber Security Standard.
- Ensure the registration (on Cyber Security GRC platform) of the risks identified from controls assurance activities.
- Ensure that the identified risks, threats, and control effectiveness ratings are entered into UNSW’s Cyber Security TRA (Threat and Risk Assessment) platform.
- Support the reporting of assurance to management and stakeholders that the implemented controls are appropriately designed, implemented, and operating effectively to protect UNSW's information assets.
- Administer, and support the operational delivery of metrics reporting using metrics dashboard.
- Maintain accurate records of control assessments, findings, and remediation actions.
- Any other duties commensurate with this position and as required by the Cyber Security Assurance Manager.
- Align with and actively demonstrate the UNSW Values in Action: Our Behaviours and the UNSW Code of Conduct.
- Cooperate with all health and safety policies and procedures of the university and take all reasonable care to ensure that your actions or omissions do not impact on the health and safety of yourself or others.
Requirements
- A relevant tertiary qualification with subsequent relevant experience or an equivalent level of knowledge gained through any other combination of education, training and/or experience.
- A minimum of 1-3 years of experience in cyber security governance, compliance, risk management or cyber security operations within major organisations.
- Foundational understanding of control assurance testing/auditing/identity and access management principles and knowledge of cybersecurity principles and practices.
- Knowledge of industry-wide security standards and compliance frameworks such as ISO/IEC 27001, NIST CSF, COBIT 5 etc.
- Relevant industry certification(s) such as CSX, CRISC, ISO/IEC 27001 Lead Implementer/Auditor, AWS, Google, Microsoft Technology (highly desirable).
- Ability to present with credibility and translate technical and complex information concisely for diverse audiences using strong analytical and problem-solving skills.
- Strong negotiation and influencing skills to effectively manage key stakeholders, build robust relationships and work with a diverse set of business and technology people across the university and third-party vendors.
- Demonstrated high level of personal motivation, resilience, and ability to work effectively individually or in teams.
- An understanding of and commitment to UNSW’s aims, objectives and values in action, together with relevant policies and guidelines.
- Knowledge of health and safety responsibilities and commitment to attending relevant health and safety training.
Benefits
- Flexible hybrid working
- Additional 3 days of leave over the Christmas Period
- Access to lifelong learning and career development
- Progressive HR practices
- Discounts and entitlements
Notes
- The University reserves the right not to proceed with any appointment.