Data entry

The Department of Industry, Science and Resources (DISR) strives to encourage the sustainable growth of Australian industries including the delivery of a national innovation system to drive knowledge creation, international competitiveness and greater productivity. Our staff are committed to developing policies and delivering programs, in partnership with stakeholders, to provide lasting economic benefits based on principles of social justice and equity for all Australians.

The CIO Group provides a range of enabling services and operational delivery support to the Department and to Australian businesses, and is seeking to engage a Threat Detection Engineer (TDE) to drive the detection engineering practice in its Security Operations Centre (SOC).

The TDE will be responsible for the research, development, testing and maintenance of use cases and detection rules, including manual threat hunts. They are to co-ordinate with Cyber Defence Analysts in developing situational awareness through the integration and maintenance of the SIEM, SOAR and EDR. As part of the detection engineering lifecycle the TDE is expected to work in an ITIL and Agile environment. The Threat Detection Engineer is also responsible for providing high-level technical assistance to infrastructure and architecture staff on risk and vulnerability reduction by means of the detection capability of the SOC.

Key Responsibilities:

• Create threat models and preform threat hunts to inform the detection engineering strategy
  
• Develop use cases based off threat models, system risks, vulnerabilities, intelligence, incident reports and industry frameworks
  
• Develop the detection rule syntax associated with use cases within the SIEM and EDR technologies
  
• Develop playbooks for alert validation by understanding the context in which the detection rule is designed
  
• Collaborate with Cyber Defence Analysts for detection rule tuning
  
• Maintain the threat intelligence integrations across the SOC technology stack
  
• Assist in the identification of content shortfalls across the detection engineering practice
  
• Assist with incident response at that direction of the incident manager
  
• Conduct in-depth research and analysis for new detection content
  
• Assist in the onboarding of new data sources to meet requirements of use cases
  
• Provide evaluation and feedback necessary for improving intelligence production and reporting
  
• Provide support to designated exercises, planning activities, and time sensitive operations
  

Requirements

• Demonstrated experience in content development with at least 2 SIEM technologies (Splunk, Elastic, Q-Radar, MS Sentinel)
  
• Experience in a detection engineering practice
  
• Understanding of the sigma detection rule syntax
  
• Experience with SOAR (Security Orchestration, Automation, and Response) technologies and playbook development
  
• Experience with EDR (Endpoint Detection and Response) technologies (Carbon Black, CrowdStrike, Defender ATP)
  
• Thorough understanding of the cyber threat intelligence lifecycle
  
• Knowledge of scripting languages (Bash, Python)
  
• Strong organizational and teamwork skills
  
• Professional Certifications, such as GIAC
  
• Minimum 5 years of cyber security operations experience