Cyber Security Engineer
Cyber Security Engineer RFQ ID
- Listed 26/5/23
- Contract or Temp
DM-18930 RFQ closing date
Monday, 05 June 2023 • 4pm, Canberra time Client:
Department of Employment and Workplace Relations Requirements
The department requires an experienced cyber security engineer to assist with the following deliverables:
Estimated start date 3rd
- Develop and maintain of SIEM alerts and dashboards to aid with threat detection.
- Work with Security Analysts to understand, develop and maintain automatic detection and response capabilities using available SOAR capabilities.
- Utilise available threat intelligence to enrich alerts.
- Develop and maintain team SOPs and playbooks for SIEM management and configuration, including, alert exclusions and alert tuning.
- Assist with the upkeep of the SecOps environment where needed.
July 2023 or earlier Initial contract duration
Until 30 June 2024 Extension term
12 months Number of extensions
2 Location of work
ACT Working arrangements
Full Time Requirement: Onsite, standard 8 hours per day, and 40 hours per week in total. Flexible Working Arrangements (including remote working arrangements): Requests will be considered on a case-by-case basis against the business requirements of the department and the needs of the immediate work area. Reduced Activity Period - A reduced activity period may apply where the specified personnel will not work unless the buyer has provided pre-approval in writing, which includes: • public holidays; and • Christmas shutdown, from 12:30 pm on the last working day before Christmas Day and reopening the first working day following the first day of January each year. Security clearance
Must be able to obtain Negative Vetting Level 1 Criteria Essential criteria 1.
Demonstrated experience managing/maintaining logging and SIEM technologies 2.
Demonstrated knowledge of cyber security principles and processes in a defensive context 3.
Demonstrated ability to develop alerting rules and dashboards to assist with threat detection and incident response. 4.
Ability to learn and understand how the operating environment functions normally and effectively identify anomalies when they occur 5.
Demonstrated experience with development practices and DevOps pipelines. Desirable criteria 1.
Experience with Azure Sentinel, Kusto Query Language (KQL) and Azure logging mechanisms 2.
Experience with Microsoft’s suite of security tools, including Azure Security Centre, Microsoft 365, and Microsoft ‘Defender for’ tools (Endpoint, Identity, etc.) 3.
Experience managing a Windows environment, including patching, Active Directory and Group Policy management. 4.
Experience utilising threat intelligence services and tools such as MISP to enrich data and alerts that originate from SIEM and logging tools such as Syslog-ng. What to submit As per client instructions, you MUST include:
Without all the above, we cannot load your application into the client’s portal!
- start date or availability/notice period
- desired hourly rate and state either ABN or PAYG
- responses to selection criteria – max 500 words per criteria
- resumés – word format only
- references x 2 (no need for contact details – name/title/company)
If you would like some notes on “what is the best way” to submit your application, please send me an email asking for “how best to apply document”