JOB
Cyber Security Assessor (multiple roles) SFIA SCTY Level 4 and SFIA METL Level 3
Apply before 6PM (AEDT) on: Tuesday, February 1, 2022
Australian Capital Territory
Agency / Department
Australian Cyber Security Centre
Experience Level
Senior
Employment Type
Contract
Expected Rate (inc. Super)
$130 per hour***
Overview and Responsibilities
The Morrison Government is further boosting Australia’s cyber defences to ensure our essential networks are even more secure and reliable. The CESAR package ensures we can identify more cyber threats, disrupt more cybercriminals offshore, build more partnerships with industry and government and protect more Australians.
These additional measures will enhance cyber protections for critical infrastructure facilities, strengthen our partnerships with industry and boost the provision of cyber security advice to families, older Australians and small businesses.
This will be achieved by working with critical infrastructure owners and operators to uplift their cyber security and working with Australian Government agencies to strengthen their cyber security and implement the ACSC’s Essential Eight mitigation strategies. The work will be informed and supported by the ACSC’s ongoing technical cyber security advice and guidance.
Candidates will report to CESAR Project Managers. There is an expectation that successful candidates will work 5 days per week (estimated 40 hour week). On boarding is in Canberra, noting there may be a requirement for short term occasional travel within Australia.
The Cyber Security Assessor conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls.
The person will possess broad knowledge in:
•Current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilising standards-based concepts and capabilities
•Cyber security and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data
•Cyber threats and vulnerabilities
•Critical Information systems with information communication technology that were designed without security considerations
The person will possess skills in:
•In performing risk assessments and review of systems
•In technical writing, including developing and editing assessment products
•In interpreting vulnerability scanner results to identify vulnerabilities
•In interfacing with customers
•In preparing and presenting briefings
The Cyber Security Assessor’s major responsibilities include:
•Develop security compliance processes and/or audits for external services
•Assess the effectiveness of security controls
•Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk management strategy
•Verify that application software/network/ system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations
•Participate in Risk Governance processes to provide security risk, mitigations and input on other technical risk
An ASD Psychological Assessment (PA) may be required as a condition of engagement and before a contract is signed. This requirement applies to all categories of employees.
Psychological Assessment - to be eligible for this role, the preferred applicant may be required to undergo a Psychological Assessment (PA). If the applicant is found unsuitable as part of the PA, they will not be able to commence in the role, even if they are found suitable in every other respect.
Psychological Assessments are conducted to determine suitability to work in a high security environment.
The assessment is administered in a manner which ensures informed consent, fair dealing with all applicants and employees, and with the greatest possible degree of privacy and transparency of process. Before you submit an application, you should consider your own preparedness for questions that may include the following topics: personal relationships; living circumstances; personal values; financial situation; physical and mental health history, including substance abuse, and any civil and/or military records.
In the event that the PA assessment is essential before a formal offer can be made, please note that the candidate is unable to commence in the role until the PA assessment is completed and the candidate has a suitable outcome.
Essential Criteria
1. Demonstrated understanding in current industry methods for evaluating, implementing and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilising standards-based concepts and capabilities.
2. Experienced in the development of security compliance processes/ and or audits of external services.
3. Experienced in performing security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk management strategy.
4. Experienced in assessing the effectiveness of security controls.
5. Demonstrated knowledge of cyber security and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data.
6. Demonstrated knowledge of cyber threats and vulnerabilities.
Desired Criteria
1. Experienced in technical writing, including developing and editing of assessment products.
2. Experienced in interpreting vulnerability scanner results to identify vulnerabilities.
3. Knowledge Critical Information Systems with information communication technology that were designed without security considerations.
4. High attention to detail with solid documentation skills and good communication skills with various stakeholders.
5. Experience in interfacing with customers.
6. Ability to manage concurrent tasks with competing priorities.
7. Demonstrates ability to adapt to and accommodate changes, at both the project level and solution level.
Security Clearance
Must Have current negative vetting level 1 clearancecurrent nv1 clearance
Contract Extensions
12 months - subject to an Organisational Suitability Assessment and funds availability.