17 Security Analyst jobs in Australia

Description
Amazon Web Services (AWS) is the leading cloud service provider, providing virtualised infrastructure, storage, networking, messaging, and many other services to customers all over the world, including government customers. AWS runs a globally distributed environment, operating at massive levels of scale. Businesses, from start-ups to enterprises to large government customers, run their operations and applications on AWS' highly secure infrastructure.
AWS Security is looking for a highly talented and motivated Physical Security Analyst to work with our team, designing the secure facilities to maximize the effectiveness of the physical security program. The duties include extra-low voltage system design and engineering, working with the architectural and engineering teams to assure security best practices are observed, drafting new systems into the design teams build plans, and coordinating with physical security leaders to understand the new build and security system designs, adhering to an approved products list. A successful candidate will be responsible for interpretation of Risk Assessments and Threat Analysis and Physical Security Standards to assure the proper security technologies are selected to meet the unique challenges to be found in a sensitive security program.
Key job responsibilities
This role will be expected to provide in-depth security advice on the physical security architecture for the organisation. You will draw upon your strong knowledge as well as invent and innovate in the course of your duties. Key responsibilities may include:
* Lead the physical security architecture elements on a sensitive program.
* Create and communicate detailed physical security system designs and guidance to ensure compliance with government policies and frameworks.
* Subject matter expertise to support the AWS Security leadership and other security teams, with a focus on physical security.
* Physical / Protective Security Risk, Threat, and Vulnerability Management.
* Management and implement Physical security risk, threat, and vulnerability deliverables - e.g. internal and external audit items, security deliverables annual PSPF Self-assessment and ASD Cyber Survey.
* Preparation of executive level presentation packs, briefings, papers and reports to various internal and external governance bodies and stakeholders.
* Develop, oversee, and review protective security policies, procedures, processes, guidelines, forms and templates relating to protective security and day to day protective security operations.
* Identify vulnerable processes and systems and provide advice and support for the remediation of security risk and reduce exposure to security threats to support the rollout of new assets.
* Engage with and work collaboratively with stakeholders across AWS and externally, in relation to compliance obligations, e.g. PSPF and ISM.
Hold or be able to attain an Australian Government Security Vetting Agency clearance (see day in the life
Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Conflicts should be addressed by listening, finding the best way forward and persuading one's colleagues. Successful engineers in this role will regularly analyze their own performance with a critical eye. A broad understanding of the AWS business and its interconnections is required. This position will also provide training, advice, and mentorship to other engineers throughout AWS.
About the team
Diverse Experiences
AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
The team is comprised of security professionals with a cross section of national security and private sector experience, providing a range of perspectives required for creative problem solving. We value diversity of thought, creativity, and a strong Bias for Action and Earn Trust. We believe that there are no "perfect" security solutions and we develop and iterate using a continuous improvement process.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do.
Mentorship & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
* Degree in Architectural, Electrical Engineering, or Physical Security or equivalent experience in a related security field.
* 2+ years' experience in physical security system design and engineering.
* Proficient with government security frameworks, policies and standards (e.g. PSPF, ISM, DSPF. ASD Essential Eight)
Preferred Qualifications
* Physical Security Design experience in corrections, military, government, or museum environments.
* PSP, CPP, PMP Certification
* CPTED Certification
* Proven ability to not only influence but lead business partners and supporting teams
Acknowledgement of country:
In the spirit of reconciliation Amazon acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.
IDE statement:
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

**Description**
+ Develop your leadership potential within the cyber domain as a shift lead.
+ Mentor your fellow team members in technical and professional skill.
+ Build and shape security tooling to defend critical national security infrastructure.
+ Challenge yourself by sinking your teeth into some wicked problem sets.
+ Help build the team culture that you have always wanted to work in.
+ Due to the nature of the role, **you must be an Australian Citizen and hold either a NV-1 or NV-2 Security Clearance.**
**Do Work That Matters**
Leidos Australia delivers IT and airborne solutions that protect and advance the Australian way of life. Our 2000 local experts, backed by our global experience and network of partners, are working to solve the world's toughest challenges in government, intelligence, defence, aviation, border protection and health markets.
Leidos Australia is expanding our 24x7x365 Central Processing Cyber Security Operations Centre (CP SOC) capability with the Department of Defence. CP SOC works collaboratively with the Defence Security Operations Centre (DSOC) to assist in defending one of the largest and most complex ICT networks in the southern hemisphere.
**Your New Role and Responsibilities**
We seek an experienced Senior Cyber Security Analyst to inspire, motivate, and mentor team members in achieving Defence mission outcomes.
This permanent role requires the successful applicant to work on a rotating shift roster (typically 12-hour shifts) onsite at HMAS Harman in Canberra.
**The roles and responsibilities extend to:**
+ Demonstrating leadership as the shift lead and within the broader team to meet mission and contractual outcomes.
+ Working collaboratively with stakeholders to triage, manage and report on security incidents.
+ Actively developing SOC tactics, techniques and procedures (TTPs) and security toolsets.
+ Develop custom signatures to Identify, Detect, Protect, Respond and Recover from adversaries' attacks.
+ Assist in threat hunt operations using known adversary TTPs and Indicators of Compromise (IOCs) to detect advanced threats.
+ Develop security operational documentation and Incident reportwriting.
+ Undertake management Service Level Reporting in line withcontractual requirements and emerging business needs on the security of theenvironment.
+ Identify and evaluate new sources of intelligence and integrate numerous types of cyber security data sources into cyber threat analysis products.
**What You'll Bring to Make an Impact**
This role is suited to a Senior Cyber Security Analyst who holds:
+ Industry ICT Security qualifications such as CompTIA Sec+, CISSP, GIAC, GCIHetc. (are desired but not essential).
+ Tertiary education (Bachelor's degree in Engineering, Computer Science or equivalent) desired, but not essential (equivalent work experience highly preferred).
+ Current NV-1 or NV-2 Security Clearance.
Additionally, you would also be able to demonstrate experience in:
+ Developing, maintaining and monitoring SIEM (Splunk) apps, rulesets, dashboards and workflows.
+ Intermediate to advanced Windows, Linux and Networking skills.
+ Intermediate to advanced Incident Response professional skills.
+ Trellix EPO, Tenable and Palo Alto platforms, or similar.
+ Scripting and automation technologies.
To be successful in this role, you will need:
+ Self-starting individual with the right attitude, aptitude and zeal to identify, take ownership of and solve challenging problems.
+ Interest in continual learning and development of the team and themselves.
+ Be prepared to upskill yourself and the team to respond to adversaries rapidly.
+ Strong communication and stakeholder management skills.
+ Clear working understanding of industry and government cyber security frameworks.
Don't worry if you don't tick all the boxes - if you meet most of them, we encourage you to submit your application. We're most interested in your strengths, what you want to learn and how far you want to go.
_Due to the nature of the role, you must be an Australian Citizen and hold and active NV-1 or NV-2 security clearance._
**Diverse Team Members, Shared Values and a Common Purpose**
_Providing our customers with smarter solutions takes an incredible team with diversity of thought, experience and perspectives driving innovation. Inclusion is at the heart of our culture and is one of our core values. It's about creating a workplace where everyone can do important work, feels welcome, valued, and respected, and has equal access to opportunities to thrive. Paul Chase - Chief Executive, Leidos Australia._
Leidos Australia is an equal opportunities organisation and is committed to creating a truly inclusive workplace. We welcome and encourage applications from Aboriginal and Torres Strait Islanders, culturally and linguistically diverse people, people with disabilities, veterans, neurodiverse people, and people of all genders, sexualities, and age groups.
Our five Advocacy Groups (Women and Allies Network,Young Professionals, Defence & Emergency Services, Action for Accessibility and Abilities and Pride+) provide an opportunity for team members to connect and collaborate on shared interests, and work to support and celebrate our diverse community.
**Next Steps**
+ To apply for this role, follow the links or apply via our Careers page.
+ Recruitment process - 1 virtual interview and/or 1 face-to-face & background checks.
+ Applicants may also need to meet International Traffic in Arms Regulations (ITAR) requirements. In certain circumstances this can place limitations on persons who hold dual nationality, permanent residency or are former nationals of certain countries as per ITAR 126.1.
+ We are committed to making our recruitment process accessible to all candidates. Please get in touch with our Careers team if you'd like to discuss any additional support during your application or throughout the recruitment process.
**Original Posting:**
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
**Pay Range:**
The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
REQNUMBER: R-00156415
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an equal opportunity employer/disability/vet.

**Description**
+ Gain hands on work experience whilst completing your studies
+ Support Federal Government security frameworks
+ Excellent career development in a culture that embraces flexible work arrangements
Our team feel Leidos is a great place to work. Learn more about our culture and benefits by visiting us here Work That Matters**
Leidos Australia delivers IT and airborne solutions that protect and advance the Australian way of life. Our 2000 local experts, backed by our global experience and network of partners, are working to solve the world's toughest challenges in government, intelligence, defence, aviation, border protection and health markets.
**Your New Role and Responsibilities**
This opportunity is for students currently studying an IT related degree, diploma or certification.
We are looking for an entry level Security Operations Admin to support a range of tasks in a new program within our Digital Modernisation Division. If you are considering a role in IT security - this is the role for you!
This role will involve helping to understand the current system, identifying areas that need improvement, and working on plans to achieve the desired changes. You will assist with evaluating, designing, planning, and carrying out updates to the system. Additionally, you will help maintain both the current system and the new system after changes are made, ensuring everything meets Australian standards and best practices.
An average week for an Intern Security Operations Analyst could incorporate wide range of activities, including:
+ Support Federal Government security frameworks.
+ Help create and update important security documents to reflect changes in the environment.
+ Contribute to auditing Leidos Managed systems against the Essential Eight framework, ensuring compliance with security standards.
+ Support the development of Access Management designs, security policies, procedures, and practices for event logging and auditing.
+ Assist in security design reviews, manage risks proactively, ensure software patching and security updates, enforce security during operations, and support ongoing security testing and accreditation processes.
**What You'll Bring to Make An Impact**
Along with your education and any practical experience, Leidos values individuals who use their initiative and seek to understand the business and develop relationships based on respect.
+ Currently studying IT related Degree or Certification.
+ Strong communication and teamwork skills, with a user-focused approach?
+ Willingness to learn and assist across diverse support functions
+ Proactive problem-solving skills and a commitment to continuous learning
Don't worry if you don't tick all the boxes - if you meet most of them, we encourage you to submit your application. We're most interested in your strengths, what you want to learn and how far you want to go.
_This role does require the successful applicant to be an Australian Citizen and be_ ? _willing to obtain and hold a NV-1 or greater security clearance._
**Diverse Team Members, Shared Values and a Common Purpose**
_Providing our customers with smarter solutions takes an incredible team with diversity of thought, experience and perspectives driving innovation. Inclusion is at the heart of our culture and is one of our core values. It's about creating a workplace where everyone can do important work, feels welcome, valued, and respected, and has equal access to opportunities to thrive. Paul Chase - Chief Executive, Leidos Australia._
Leidos Australia is an equal opportunities organisation and is committed to creating a truly inclusive workplace. We welcome and encourage applications from Aboriginal and Torres Strait Islanders, culturally and linguistically diverse people, people with disabilities, veterans, neurodiverse people, and people of all genders, sexualities, and age groups.
Our five Advocacy Groups (Women and Allies Network,Young Professionals, Defence & Emergency Services, Action for Accessibility and Abilities and Pride+) provide an opportunity for team members to connect and collaborate on shared interests, and work to support and celebrate our diverse community.
**Next Steps**
+ To apply for this role, follow the links or apply via our Careers page.
+ Recruitment process - application screening, interview, and background checks.
+ Applicants may also need to meet International Traffic in Arms Regulations (ITAR) requirements. In certain circumstances this can place limitations on persons who hold dual nationality, permanent residency or are former nationals of certain countries as per ITAR 126.1.
+ We are committed to making our recruitment process accessible to all candidates. Please contact our Careers team if you'd like to discuss any additional support during your application or throughout the recruitment process.
Come break things (in a good way). Then build them smarter.
We're the tech company everyone calls when things get weird. We don't wear capes (they're a safety hazard), but we do solve high-stakes problems with code, caffeine, and a healthy disregard for "how it's always been done."
**Original Posting:**
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
**Pay Range:**
The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
REQNUMBER: R-00163295
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an equal opportunity employer/disability/vet.

Azure Cloud Security Operations Sr Analyst, Global Information Security
Sydney, Australia
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge
Refer a friend
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge ( Description:**
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.
Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being a diverse and inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.
At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
**Job Description:**
As an Azure Senior Cloud Operations Specialist, you will play a pivotal role in our organization's growth and evolution. You will be responsible for modernizing our existing and future cloud operations workflows to simplify, optimize and ensure consistency in quality and urgency of investigations within our organization and a well-defined decision matrix for escalations to our partner organizations. You will also collaborate with partner teams to continually identify opportunities to reduce event volume, to increase event fidelity, and to engineer detections for new threats and risks.
Additionally, you will support development and maintenance of innovate training programs to quickly upskill existing cybersecurity operations professionals to operate in an Azure cloud operations environment as well as to be a representative for the organization on cloud related operations in any audit or regulatory examinations.
**Key Responsibilities:**
+ Investigate security events and incidents within cloud environments, utilizing advanced tools and techniques to identify threats and vulnerabilities.
+ Design and implement comprehensive workflows for handling security events, ensuring timely and effective response procedures.
+ Collaborate with cross-functional teams to develop and refine security policies, procedures, and best practices tailored to Azure cloud security operations.
+ Provide guidance and mentorship to junior team members, fostering their professional development and enhancing overall team capabilities.
+ Stay abreast of emerging threats, vulnerabilities, and industry trends, continually updating skills and knowledge to maintain expertise in cloud security.
**Qualifications:**
+ Extensive experience (7+ years) in cybersecurity operations, with a focus on Azure.
+ Proven expertise in investigating security events and incidents within cloud environments, demonstrating strong analytical and problem-solving skills.
+ Solid understanding of regulatory compliance requirements, particularly in highly regulated industries (e.g., healthcare, finance, government).
+ Experience in designing and implementing workflows for security event investigation and response.
+ Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and mentor junior team members.
+ Ability to thrive in a fast-paced environment, managing multiple priorities and deadlines effectively.
**Required Skills:**
+ Understanding of Azure and its associated technologies, both from Security and Cloud Ops perspective.
+ 8+ years relevant Cyber Security experience with at least five (5) years in Cloud SOC and/or Purple Team roles.
+ Experience designing and implementing technical solutions to enhance visibility, alerting capabilities, and reduce risk within Cloud IaaS, PaaS, and M365 environments.
+ Experience reviewing applications, infrastructure, and architectural designs to identify threats and vulnerabilities.
+ Experience with a range of Azure native services and tools.
+ Experience writing and modifying Analytic Rules.
+ Experience designing and implementing SOAR capabilities within Azure.
+ Deep understanding of Cyber Security control environments and their relationship to zero-trust networks.
+ Understanding of Terraform.
+ Understanding of threat frameworks, such as MITRE ATT&CK for Cloud and D3FEND.
+ Understanding of Risk Management principles.
+ Experience in building, configuring, operating and/or securing cloud infrastructure and applications in Azure with either native cloud service provider capabilities or 3rd party vendor tools.
+ Proven ability to leverage Azure native capabilities to build custom reports and dashboards.
+ Ability to independently assess risks and identify vulnerabilities in infrastructure with an eagerness to suggest new processes, policies, and overall improvements to internal security controls.
+ Ability to perform root cause analyses.
+ Experience partnering with incident response teams, threat intelligence researchers, Red/Purple teams, and/or HUNT researchers.
+ Ability to support 24x7x365 global support through rotational on-call.
+ Highly organized and motivated self-starter who can deliver results with minimal direction.
+ Ability to navigate and collaborate effectively within a geographically complex and dispersed global corporation.
+ Excellent verbal and written communication skills with ability to distill key data points and effectively present information.
**Preferable Certifications:**
+ AZ-500: Azure Security Engineer Associate
+ CISSP
+ CISM
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "Know your Rights" poster, CLICK HERE ( .
View the LA County Fair Chance Ordinance ( .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
To view Bank of America's Drug-free Workplace and Alcohol Policy, CLICK HERE .
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work.
This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

Title:
Senior Information Security Officer - Defence Sector
Your KBR future - delivering solutions and changing the world
About KBR:
We are a company of innovators, thinkers, creators, explorers, volunteers and dreamers who all share one goal - to improve the world.
KBR delivers science, technology and engineering solutions to governments and companies around the world. KBR employs approximately 34,000 people performing diverse, complex, and mission-critical roles in 33 countries.
For 65 years, KBR and its heritage companies are proud to have delivered some of Australia's largest and most complex projects.
With around 2,000 employees in 6 primary offices throughout Australia, we are committed to social and environmental sustainability and delivering projects with a digital mindset driving innovation within our business and for our customers.
We help ensure mission success on land, in the air, at sea, in space and cyberspace for our Defence customers. From individual technologies and services to comprehensive project delivery and mission execution, no other company can match the breadth and depth of KBR.
KBR comprises a talented team who provide a broad spectrum of capabilities across Australia and the Asia Pacific. Our proven project teams readily address complex and multi-disciplinary activities, providing low-risk and cost-effective solutions to the Defence force.
The Opportunity:
KBR is inviting expressions of interest from highly skilled and experienced Senior Information Security Officers to support critical Defence programs based in Brisbane or Canberra.
As a Senior Information Security Officer, you will play a vital role in ensuring the protection of Defence systems, information, and assets, supporting the ongoing delivery of secure, reliable, and compliant Defence capabilities. This is an exciting opportunity to contribute to national security outcomes and work with a diverse team of experts on high-impact Defence projects.
The key responsibilities of the role will include, but is not limited to:
+ Lead the development, implementation, and maintenance of Information Security Management Systems (ISMS) to ensure Defence compliance with ISO 27001, ACSC Essential 8, and Defence Security requirements.
+ Conduct risk assessments and vulnerability management, ensuring appropriate information security controls are in place to protect Defence systems and data across their lifecycle.
+ Develop and enforce information security policies, procedures, and best practices, ensuring Defence IT infrastructure and systems are protected against cyber threats and vulnerabilities.
+ Support the implementation and maintenance of cybersecurity frameworks and ensure compliance with national and international information security standards.
+ Provide expert advice to Defence stakeholders and project teams on information security best practices, emerging threats, and mitigation strategies.
+ Collaborate with cross-functional teams, including Defence security, engineering, and project management, to ensure robust security governance for all Defence programs.
+ Conduct security audits, assessments, and incident response activities to ensure the availability, integrity, and confidentiality of Defence information assets.
+ Maintain awareness of current cybersecurity trends and emerging threats, and continuously update security practices to protect Defence information systems.
As the ideal candidate you will bring:
+ Tertiary qualifications in Information Security, Computer Science, Information Technology, or a related discipline.
+ Minimum 5 years of experience in an Information Security role, ideally within Defence, Government, or similarly regulated industries.
+ Expertise in implementing and managing Information Security Management Systems (ISMS) and conducting security risk assessments.
+ Strong knowledge of Defence security policies, standards, and frameworks, including ISO 27001, NIST, ACSC Essential 8, and DEF(AUST) 3000.
+ Experience with security tools, such as SIEM, firewalls, endpoint protection, and vulnerability scanning tools.
+ Proven ability to communicate effectively with senior stakeholders, providing expert guidance on complex security issues.
+ Australian Citizenship is essential due to security clearance requirements.
+ NV1 security clearance (or the ability to obtain) is highly desirable.
Benefits of KBR
+ A workplace culture certified as a Great Place To Work (Aus, India, UK & US)
+ Flexible working conditions
+ Competitive salary (including annual reviews)
+ Paid Parental leave
+ Paid Reservist leave
+ Income protection
+ Corporate rewards
+ Salary packaging/Novated leasing
+ Discounted employee stock purchase plans
+ Flu shots, skin checks and private health insurance discounts
+ Career development: Online learning, mentorship and career pathways
If you're ready to shape tomorrow, let's get started. Apply Now!
KBR acknowledges the Traditional Custodians of Country throughout Australia and their continuing connections to land, sea, community and culture. We pay our respects to Elders past and present.
As a Major Service Provider of the Australian Defence Force, an AGSVA security clearance will be required and compliance to International Traffic in Arms Regulations (ITAR). As such, our hiring decisions are based on the key requirements of each role and candidates are selected based on their unique strengths and experiences.
#LI-JAW1

Title:
Senior Information Security Officer - Defence Sector
Your KBR future - delivering solutions and changing the world
About KBR:
We are a company of innovators, thinkers, creators, explorers, volunteers and dreamers who all share one goal - to improve the world.
KBR delivers science, technology and engineering solutions to governments and companies around the world. KBR employs approximately 34,000 people performing diverse, complex, and mission-critical roles in 33 countries.
For 65 years, KBR and its heritage companies are proud to have delivered some of Australia's largest and most complex projects.
With around 2,000 employees in 6 primary offices throughout Australia, we are committed to social and environmental sustainability and delivering projects with a digital mindset driving innovation within our business and for our customers.
We help ensure mission success on land, in the air, at sea, in space and cyberspace for our Defence customers. From individual technologies and services to comprehensive project delivery and mission execution, no other company can match the breadth and depth of KBR.
KBR comprises a talented team who provide a broad spectrum of capabilities across Australia and the Asia Pacific. Our proven project teams readily address complex and multi-disciplinary activities, providing low-risk and cost-effective solutions to the Defence force.
The Opportunity:
KBR is inviting expressions of interest from highly skilled and experienced Senior Information Security Officers to support critical Defence programs based in Brisbane or Canberra.
As a Senior Information Security Officer, you will play a vital role in ensuring the protection of Defence systems, information, and assets, supporting the ongoing delivery of secure, reliable, and compliant Defence capabilities. This is an exciting opportunity to contribute to national security outcomes and work with a diverse team of experts on high-impact Defence projects.
The key responsibilities of the role will include, but is not limited to:
+ Lead the development, implementation, and maintenance of Information Security Management Systems (ISMS) to ensure Defence compliance with ISO 27001, ACSC Essential 8, and Defence Security requirements.
+ Conduct risk assessments and vulnerability management, ensuring appropriate information security controls are in place to protect Defence systems and data across their lifecycle.
+ Develop and enforce information security policies, procedures, and best practices, ensuring Defence IT infrastructure and systems are protected against cyber threats and vulnerabilities.
+ Support the implementation and maintenance of cybersecurity frameworks and ensure compliance with national and international information security standards.
+ Provide expert advice to Defence stakeholders and project teams on information security best practices, emerging threats, and mitigation strategies.
+ Collaborate with cross-functional teams, including Defence security, engineering, and project management, to ensure robust security governance for all Defence programs.
+ Conduct security audits, assessments, and incident response activities to ensure the availability, integrity, and confidentiality of Defence information assets.
+ Maintain awareness of current cybersecurity trends and emerging threats, and continuously update security practices to protect Defence information systems.
As the ideal candidate you will bring:
+ Tertiary qualifications in Information Security, Computer Science, Information Technology, or a related discipline.
+ Minimum 5 years of experience in an Information Security role, ideally within Defence, Government, or similarly regulated industries.
+ Expertise in implementing and managing Information Security Management Systems (ISMS) and conducting security risk assessments.
+ Strong knowledge of Defence security policies, standards, and frameworks, including ISO 27001, NIST, ACSC Essential 8, and DEF(AUST) 3000.
+ Experience with security tools, such as SIEM, firewalls, endpoint protection, and vulnerability scanning tools.
+ Proven ability to communicate effectively with senior stakeholders, providing expert guidance on complex security issues.
+ Australian Citizenship is essential due to security clearance requirements.
+ NV1 security clearance (or the ability to obtain) is highly desirable.
Benefits of KBR
+ A workplace culture certified as a Great Place To Work (Aus, India, UK & US)
+ Flexible working conditions
+ Competitive salary (including annual reviews)
+ Paid Parental leave
+ Paid Reservist leave
+ Income protection
+ Corporate rewards
+ Salary packaging/Novated leasing
+ Discounted employee stock purchase plans
+ Flu shots, skin checks and private health insurance discounts
+ Career development: Online learning, mentorship and career pathways
If you're ready to shape tomorrow, let's get started. Apply Now!
KBR acknowledges the Traditional Custodians of Country throughout Australia and their continuing connections to land, sea, community and culture. We pay our respects to Elders past and present.
As a Major Service Provider of the Australian Defence Force, an AGSVA security clearance will be required and compliance to International Traffic in Arms Regulations (ITAR). As such, our hiring decisions are based on the key requirements of each role and candidates are selected based on their unique strengths and experiences.
#LI-JAW1

Vice President, Incident Response Manager, Global Information Security, Australia
Sydney, Australia
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge
Refer a friend
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge ( Description:**
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.
Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.
At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
**Your background**
+ Proven experience handling Information Security related events and incidents.
+ Experience in an operations focused role with an emphasis on cyber incident response.
+ Demonstrable experience in the coordination of containment activities related to cyber security incidents.
+ Familiarity with security vulnerabilities exploits and APT tools, techniques, and procedures.
+ Familiarity with network security vulnerabilities, exploits, malware, and digital forensics desirable.
+ An excellent verbal and written communicator who can adapt to their audience.
+ Decisive and can make difficult decisions in what can be a high-pressure environment.
+ Exercise independent judgment in methods, techniques, and evaluation criteria for obtaining results.
+ Able to handle multiple competing priorities in a fast-paced environment and act without causing an undue delay.
+ Supportive and can work well as part of a team as well as independently.
+ Ability to remain calm under pressure.
+ Ability to work in a strong team-orientated environment with a sense of urgency and resilience.
+ Must be able to think outside the box and develop solutions to accomplish seemingly impossible tasks whilst remaining risk and objective focused, with an investigative mindset.
+ Security+ or equivalent certification.
+ GCIH or equivalent certification required within six months of employment.
**What you can expect**
Cyber Incident Response and Management is part of the Cyber Response & Recovery division who provides a globally coordinated and managed response capability for information security events and incidents that may impact the confidentiality, integrity, and/or availability of the Bank's information and information systems or has privacy implications.
The role of the Senior Incident Manager is to coordinate the response and recovery activities from information security incidents. This includes collaboration with appropriate response, assist with determining the root cause of incidents and work with stakeholders and responsible parties to remediate any identified control gaps or failures; Escalate issues to management in a timely manner with appropriate information regarding severity, exposure, and action items; this role requires critical thinking and investigative mindset coupled effective written, and verbal communication skills.
This is a senior role on the team with high visibility at the global level including interacting with and providing direct updates to executives and senior leadership stakeholders. A Senior Incident Manager provides their knowledge and expertise in incident response to lead, mentor, and challenge associates on the team. The team conducts follow-the-sun (FTS) operations which you will work closely with AMRS and APAC regions.
**What you will do**
+ Establish oversight of information security events and cyber incidents and communicate analysis, containment and remediation efforts to all business partners.
+ Cyber incident response and recovery plans will be available to use and should be maintained by the team. Any issues that require management escalation will be expected to be completed in a timely manner including all appropriate information in relation to risk and action times.
+ The Cyber Incident Manager will be expected to provide status updates and post-incident findings for executives and stakeholders in non-technical terms encompassing risk, impact, likelihood, containment and remediation activities and threat actors.
+ Risk management including briefing and recommending actions to executive leadership within Global Information Security and other business partners on events and incidents.
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "Know your Rights" poster, CLICK HERE ( .
View the LA County Fair Chance Ordinance ( .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
To view Bank of America's Drug-free Workplace and Alcohol Policy, CLICK HERE .
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work.
This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

Vice President, Insider Threat Investigations, Global Information Security, Australia
Sydney, Australia;#02-01, Singapore
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge
Refer a friend
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge ( Description:**
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.
Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being a diverse and inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.
At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
**What you can expect**
The Cyber Security Operations (CSO) function within Global Information Security enables the various businesses of Bank of America to conduct operations in a secure, trusted, and safe manner by defending the organization and our customers from cyberattacks. Insider Threat Investigators (ITI) within CSO investigates risks and protects against threats posed to the bank by insiders and works closely with peer teams across the enterprise to ensure comprehensive and proactive controls and monitoring are in place to detect and mitigate insider risks.
Insider Threat Investigator is responsible for conducting data analysis of insider threat auditing and monitoring software resources to detect and identify insider risk activities. In addition, they will be required to complete investigations by analyzing and verifying information through various investigative techniques, internal resources, and conversations/interviews with persons of interest. The role will also require regular collaboration with experts in and out of the team, both in country and in other regions, where excellent communication skills will also be necessary.
**What you will do**
+ Conduct investigations by analyzing and verifying information through various investigative techniques, internal resources, and conversations/interviews with persons of interest;
+ Complete written reports in compliance with current reporting procedures and policies. Must have the ability to write detailed, concise, and accurate reports;
+ Ability to manage high risk regional information security incidents by working in conjunction with response partners and other risk teams;?
+ Utilizing next generation tools and technology to conduct deep behavioral analytics assessments/ investigations with a focus on mitigating information security related insider threats;
+ Ability to collect and analyze data from various applications to fulfill an investigation/support request(s)
+ Document each stage of the investigation with clear & concise notes
+ Effectively pivot communication style & verbiage based on audience (i.e. non-technical)
+ Ability to collaborate well with other teams to drive resolution to an investigation, across multiple regions/countries
+ Ability to effectively multi-task between several competing efforts
+ Maintain an awareness of industry challenges and advancements to add value to enhancing processes & technologies
**Your background**
+ 5+ years' work experience with an insider threat focus or technical background that could be applied to understand key insider risk components
+ Curiosity, diversity of thought, critical thinking, willingness to learn, and persistence to identify risk
+ Methodical and systematical approach to utilizing technical tools, applications, etc.
+ Familiarity with Splunk, ENCASE, CrowdStrike and other similar investigative and/or monitoring tools
+ Exceptional written and verbal communication skills to various audiences
+ Mindset of curiosity: not afraid to learn new things
+ Excellent organizational skills to manage caseload, projects and ad hoc requests
+ Experience in conducting complex investigations with an Insider Threat emphasis
+ Knowledge in how to conduct computer forensics
+ Familiarity with participating/driving incident response events
**Desired Skills**
+ An understanding of human behavior / human psychology or investigative background
+ Technical experience with information security / data loss prevention tools or controls such as Intrusion Detection & Prevention technologies (IDS/IPS) and/or SIEM systems and other data correlation engines.
+ Extensive experience in Splunk, ENCASE, CrowdStrike and other similar investigative and/or monitoring tools
+ Certifications - Security+, Network+, CEH, CISSP, CCNA, CCNP, EnCE other cyber security related certifications
+ Familiarity with sleuthing in OSINT
+ Familiarity with working in cloud
+ Networking/System administration experience
+ Experience in scripting languages for databases
+ Bachelor's in computer science or related fields
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "Know your Rights" poster, CLICK HERE ( .
View the LA County Fair Chance Ordinance ( .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
To view Bank of America's Drug-free Workplace and Alcohol Policy, CLICK HERE .
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work.
This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

**Information Systems Security Office?** **| Alice Springs, NT**
Amentum is a leader in global engineering, project management and solutions integration, trusted to modernize the most critical missions anywhere in the world. Driven to create a safer, smarter, cleaner world, we innovate as a team of inventive doers passionate about making a difference. Underpinned by a strong culture of ethics, safety and inclusivity. Amentum is fiercely committed to operational excellence and successful execution.
Are you seeking a career that offers a healthy work-life balance, a friendly company culture, and engagement with a supportive community?
Amentum has an exciting opportunity for a **full-time** **Information Systems Security Office** to join their team in **Alice Springs, NT - Australia.**
**Applicants must be an USA citizen who have a TS/SCI and can retain the appropriate level of security clearance and medical clearance, applicable to each role.**
**THE ROLE**
**PURPOSE AND SCOPE**
The Information Systems Security Officer (ISSO) reports directly to the Information Systems security Manager and provides support to the ISSM in the development and management of operational information systems security implementation policy, procedures, and guidelines.
The ISSO is responsible for the preparation, review, and update of authorization packages. The ISSO ensures approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media.
**ESSENTIAL RESPONSIBILITIES**
**Responsibilities/Duties**
+ Conduct periodic reviews of information systems to ensure compliance with the security authorization package, notify ISSM when changes occur that might affect the authorization determination of the information system(s)
+ Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change
+ Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly
+ Ensure all IS security-related documentation is current and accessible to properly authorized individuals, ensure audit records are collected, reviewed, and documented (to include any anomalies)
+ Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties
+ Execute the cyber security portion of the self-inspection, to include provide security coordination and review of all system assessment plans
+ Identify cyber security vulnerabilities and assist with the implementation of the countermeasures for them
+ Prepare reports on the status of security safeguards applied to computer systems
+ Ensure compliance with all site's environmental health and safety requirements
+ Any other reasonable duties as requested
**QUALIFICATIONS**
**Minimum Essential**
+ Bachelor's degree in a related field
+ CISSP, Security + or equivalent
+ MCSA or equivalent
**Desirable**
+ Drivers License
**EXPERIENCE AND SKILLS - Minimum Essential**
+ Minimum 2 years' experience - extensive work experience in a current ISSO role with IA Certifications may suffice for degree
+ Experience in Intelligence Community Directive 503 (ICD 503) and Risk Management Framework (RMF)
+ Meets DoD 8570.1 Certification Requirements as an Information Assurance Technical Category II (IAT II) minimum (for system and network administrators)
+ Linux experience preferred
+ Prior experience in roles such as System, Network Administrator or ISSO
+ Knowledge of databases, spreadsheets and technical report writing
+ Excellent communication skills and ability to brief at all levels to include Senior Leadership
+ Demonstrated ability to work as a member of a team
+ Ability to adapt to change and contribute to continuous improvement
+ Positive outlook and willingness to collaborate with others to achieve business outcomes
+ Demonstrated customer focus
+ Ability to demonstrate an understanding and commitment to the principles of workplace diversity and equity, and EH&S
**WORK ENVIRONMENT, PHYSICAL DEMANDS, AND MENTAL DEMANDS**
+ The ability to lift items up to 10kgs independently
+ The employee is frequently required to walk, sit, use hands to handle, or feel; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl; and talk or hear. The employee is occasionally required to stand.
**SECURITY CLEARANCE REQUIREMENT**
It is a condition of employment that employees obtain and retain the appropriate level of security clearance and medical clearance applicable to each role. The employee must be a US citizen and will require a minimum TS/SCI with poly (U.S.) clearance.
**STATEMENT OF WORK REQUIREMENTS**
All personnel assigned shall be:
+ At least 18 years of age.
+ Able to fluently read, write and speak English
**EHS REQUIREMENT**
All Amentum personnel are responsible for understanding and complying with all site environmental, health and safety requirements. While Amentum is responsible for providing a safe workplace and is responsible for ensuring compliance with requirements of the EHS Handbook, each person is responsible for:
+ Completing work tasks in a safe manner
+ Reporting any unsafe acts or conditions to their supervisor and/or PMO/EHS Manager
+ Continuous adherence to the environmental, health and safety procedures outlined in the EHS Handbook during the performance of their work
+ Red-Carding a Job - Employee right and responsibility to "STOP WORK" if a job is unsafe or possess a danger to the environment
**QUALITY REQUIREMENT**
Quality is the foundation for the management of our business and the keystone to our goal of customer satisfaction. It is our policy to consistently provide services that meet customer expectations. Accordingly, each employee must conform to the Amentum Quality Program and carry out job activities in compliance with the Quality System documents and customer contracts. Each employee must read and understand their Quality Management and Customer Satisfaction responsibilities.
**PROCEDURE COMPLIANCE**
Each employee must read, understand and implement the general and specific operational, safety, quality and environmental requirements of all plans, procedures and policies pertaining to their job.
For further information contact
**Applicants will be required to undertake pre-employment checks which include referee checks, criminal History checks, a pre-employment medical assessment and drug test.**
Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed, marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters ( .