Connecting...

Location
Sydney
Salary
$190000 per annum
Job Type
Permanent
Ref
BH-175326
Contact
Matthew Canning
Posted
over 1 year ago
We are looking for an Technical Security Cyber Security Lead to join the Security Information and Event Management (SIEM) team of our banking client. This person will be a technical lead for their critical security monitoring services. Developing and continuously improving logic to detect threats and expanding SIEM coverage over critical feeds.

Key responsibilities:
  • Maintain an up-to-date knowledge of Information Security trends and threats.
  • Define and develop Security Use Cases to threat models using SIEM technologies. Including, but not limited, to complex correlation rules and various forms of visualisations.
  • Provide input into defining and continually improving architecture and design of the detection and response capabilities such as but not limited to SIEM, log management, and SOC operations.
  • Integrate dynamic and static data feeds such as network device, operating system, middleware, database and application logs, and contextual data such as STIX/TAXI compliant intelligence sources, enterprise network and asset information.
  • Support the SIEM’s toolset including but not limited to Splunk and Azure Sentinel.
What do I need?
  • Minimum of 5 years’ experience in information security, SIEM engineering, cybersecurity incident response or equivalent.
  • Experience with SIEM and other types of data analytics solutions, on-boarding processes, and use case development. Strong Splunk skills including Enterprise Security with certifications to Power User, Advance Power User, and Developer preferred.
  • In depth knowledge and experience in using and developing regular expressions, SQL, Python, JavaScript, and custom parsing.
  • Experience in UEBA, SOAR and CI/CD stack.
  • Experience in information technology infrastructure, application administration and support, and/or information technology service management.
  • Demonstrable understanding and experience of information security incident analysis, triage, and response techniques.
  • Experience with security controls typically used as part of Defence in Depth.
  • Solid knowledge and an understanding of international security and risk-related standards or frameworks, including SABSA, ISO-27000 series, ISO 31000, SOX.
  • Formal education or certification in information security, information technology, risk management, service management, audit or equivalent discipline is essential.
  • Industry certifications (CISSP, CISM, SABSA, ITIL) desirable.