Title:  Cyber Security Analyst

About Us

 
The Department of Transport & Planning brings together all transport modes to design, plan, build and operate Victoria's transport system. Our job is to further integrate the transport network and improve the delivery of services to Victorians for simpler, quicker and safer journeys that connect people and places and support Victoria's prosperity and liveability. 

Mobility and Insights is a division the Department of Transport & Planning and is responsible for the delivery of better outcomes for users of the transport system through developing and coordinating customer and transport system insights, strategy and innovation.  

We’re focused on outcomes that deliver more choice, connections and confidence in our travel, ensuring the whole transport network works as one to deliver better services and outcomes.

The department is committed to building a culture where we say 'yes' to flexible work arrangements, provide personal and professional development programs and support ways of working that help employees balance work and life.

The department is an equal opportunity employer and welcomes applicants from a diverse range of backgrounds, including veterans, people who identify as Aboriginal and Torres Strait Islander, have a disability, are from varied cultural backgrounds and those who identify as LGBTIQ+.  The department provides workplace adjustments for applicants with disabilities. 

Enterprise Technology (ET) is a branch of the Investment and Technology group which defines investment strategy and deliver commercial and information technology services to drive high performance and improved commercial outcomes within the department. 

About the Role

Full Time Fixed Term until 30/06/2026 

The Cyber Security Analyst is a position that sits within the Hybrid Security Operations Centre(SOC) in Enterprise Information Security Branch and provides operational support to DTP to identify, detect, respond, and recover from cyber incidents. The role is pivotal to the organisation's cybersecurity resilience and part of the Security Operations responsible for responsible for security incident and alert investigations, threat intelligence management, threat hunting and reporting. 

Other functions include investigations into live threat intelligence for applicability to DTP, risk assessment of vulnerability alert bulletins, forensic investigations and completing daily checks across monitoring tools to identify noisy, high volume, or false positive alert rules and provide improvement suggestions.

To access the Position Description, please click here.

We are seeking a strategic and collaborative professional with strong skills in critical thinking, digital literacy, stakeholder engagement, and co-creation. The ideal candidate demonstrates resilience, outcome-driven thinking, and the ability to influence, persuade, and foster cross-functional teamwork to deliver impactful community-focused results.

Position Outcomes / Accountabilities 

• As a member of a small team, the cyber security analyst is responsible for security incident and alert investigations, threat intelligence management, threat hunting and reporting.
• Undertake investigations into reported vulnerabilities and emerging threat intelligence and initiate appropriate remediation and escalations.
• Clear Documentation and Reporting : Ability to document incidents thoroughly and communicate risks or findings to non-technical stakeholders.
• Complete daily checks and initial triage and prioritisation of alerts feeding into the DTP SIEM
• Work with a MSSP on daily SIEM alerts and incidents and drive resolution activities.
• Identifying noisy, high volume, or false positive alert rules and provide improvement suggestions.
• Contribute to creation of cyber security use cases and rules to detect potential anomalous ICT activity.
• Maintain incident management tickets to ensure progress is achieved and closed in a timely fashion.
• Drive containment and remediation activities by liaising with different resolver groups.
• Contribute to the development, review and update of the Security Incident Response Plans and playbooks.
• Investigate, document, and report on information security issues and emerging trends.
• Coordinate incident response and critical patching tasks with both internal DTP teams and outsourced providers.
• Manage and mitigate ongoing data, cyber, and information security risks for our organizations.
• This role will require occasional ‘non-office-hours’ work to manage active cyber security incidents and may require ‘on call’ arrangements.
• Promote and support safe, inclusive, and flexible team operations.
• In line with Section 31A of the Public Administration Act 2004 (Vic) other duties may be assigned consistent with employment classification, skills, and capabilities

Qualifications and Experience

Mandatory
• Proven experience working in a Security Operations Centre (SOC) environment
• Working knowledge of ITIL Incident Management.
• Experience working in incident response, threat intelligence and vulnerability management.
• Hands-on experience with Microsoft Sentinel SIEM and Incident Management tools.
• Skillsets: Log Analysis, Threat Hunting, Incident Handling, Process documentation
• Availability for ad-hoc after-hours escalations

Desirable
• Degree or diploma in a relevant field, preferably cyber security.
• 2+ years in cybersecurity experience in Security Operations Centre, preferably in a SOC Analyst role.
• Sound knowledge of, or practical experience working with security standards and models such as VPDSS, ISM, Essential 8, NIST CSF, NIST 800-61r2, Cyber Kill Chain, and MITRE ATT&CK.
• Proficiency in Threat Detection and Incident Response : Ability to identify and respond to indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by threat actors.
• Security certifications such as Microsoft Scurity Operations Analyst,CompTIA Security+ etc.
• GIAC Certified Incident Handler Certification
• Understanding of or experience with OT security controls
• Foundational skills in Digital Forensics and Incident Response

ROLE SPECIFIC REQUIREMENTS
• This position will require on-call availability after business hours, with the responsibility to escalate issues to the emergency management team as necessary.

What we offer
 
•    Meaningful work making Victorian communities more accessible and liveable 
•    Professional growth and development opportunities across the department and the wider Victorian Public Services
•    A hybrid working model focused on collaboration and teamwork
•    Optimal work-life balance initiatives including flexible working arrangements
•    Opportunity to work across multiple urban and suburban hubs
•    We prioritise the development of a safe and inclusive culture

Culture Value

We are an equal opportunity employer, embracing a diverse range of applicants such as veterans, and people who identify as Aboriginal and/or Torres Strait Islander, LGBTQIA community members, individuals with disabilities and/or health conditions, as well as those from varied faith and cultural backgrounds. At our department, we prioritize the development of a safe, inclusive, and high-performance culture through shared actions and behaviours that align with our strategy and direction. This empowers our employees to effectively contribute to our goals.

How to Apply

Click the ‘Apply’ button and you'll be redirected to a new platform and create an account.

If have any issues, click here for Quick Reference Guide on how to apply.

Applications close 9pm on Tuesday, the 13th of May 2025. 

Please include a resume and cover letter. All applications must be submitted through the online portal. We’re unable to consider email or manual applications at this time.

For further information about the role please contact Abhishek Chanana, Cyber Security Manager via Abhishek.Chanana@transport.vic.gov.au. 

Preferred applicants may be required to complete a police check and may be subject to other pre-employment checks. Information provided to the Department of Transport and Planning will be treated in the strictest confidence.

Please let us know by phone or email if you need any adjustments to fully participate in the recruitment process. If you require the ad or any attachments in an accessible format (e.g., large print) due to viewing difficulties or other accessibility needs, we are happy to accommodate.