The Australian Bureau of Statistics (ABS) is looking to fill the following Cyber & Information Security Officer roles within our Cyber Security and Cyber Operations teams within the Security and Information Assurance Branch:

Cyber Security roles

• Governance, Risk and Compliance (GRC) Officer with E8 experience
• Cyber Security Architect specialising in Cloud technologies
• Penetration Tester for applications and/or infrastructure networks

Cyber Operations roles

• Cyber Security Systems Engineer specialising SIEM platform, application performance management, event stream processing in hybrid environments
• Development Security Engineer familiar with DevSecOps architecture, infrastructure and processes
• Identity and Access Management (IAM) Developer with Java experience and familiarity with DevSecOps processes.

As a Cyber & Information Security Officer within the Cyber Security team, you may undertake some, or all of the following duties (with varying levels of complexity according to your role and classification level):

• assessment of governance, risks and compliances in new platforms and applications
• providing security architecture advice and guidance to ABS technical team on security by design principles
• production and publishing of security standards, guidelines, education and awareness materials
• providing specialist cyber security services, security architecture and penetration testing, and responding to security incidents
• identification and mitigation of systems and applications vulnerabilities.

As a Cyber & Information Security Officer within the Cyber Operations team, you may undertake some, or all of the following duties (with varying levels of complexity according to your role and classification level):

• administering ABS security platforms and applications and providing secure system integration and configuration utilising DevOps tools and CI/CD pipelines
• deploying, managing and scaling the infrastructure supporting cyber operations across a hybrid ICT footprint encompassing both on premise and cloud environments ensuring security best practice
• developing technical and support documentation, user education guides and self-help knowledge articles
• maintaining awareness of the external environment and recommending opportunities to enhance capabilities through the introduction of new products or features
• liaising with clients and vendors to troubleshoot issues, identify root cause, resolve and document problems and implement preventative measures.

What we are looking for (selection criteria)

To be suitable you should have most, or all of the following skills, qualities and experience:

All roles

• ability to cultivate positive working relationships with team members and manage stakeholder expectations
• proficiency in professional writing and oral presentation to convey complex information clearly.

Cyber Security Team roles

• strong technical capabilities in at least one of the following technology areas:

o cloud security with knowledge of AWS and/or Azure

o penetration testing applications and/or infrastructure networks

o security architecture frameworks, standards, and secure by design patterns

• comprehensive understanding of security standards and frameworks, including PSPF, ISM, Essential 8, NIST, ISO27001, CIS, and OWASP
• awareness of fundamental cyber security principles and strong analytical skills with the ability to provide security advice and guidance to stakeholders
• proven experience in cyber security risk identification and mitigation strategies and/or security architecture with in-depth knowledge in one or more the following areas: cloud security, infrastructure security, API security, and Application security.

Cyber Operations Team roles

• demonstrated experience in managing and maintaining infrastructure that incorporates process, technology and security elements, by working with commercial-off-the-shelf platforms and/or infrastructure as code deployments
• demonstrated experience in secure CI/CD pipeline deployments and familiarity with DevSecOps architecture, infrastructure and processes
• analytical and/or technical troubleshooting skills with the ability to establish, participate and maintain relationships with stakeholders and vendors, including escalating and managing resolution of issues
• demonstrated experience and proficiency in one or many of the following technologies including but not limited to: SailpointIIQ, Splunk, Sentinel, Dtex, InsightVM, Dynatrace, Cribl, Gitlab, Terraform, Java Script, Checkmarx, Aqua, Jfrog Xray or equivalent products.

How to apply

You need to be an Australian citizen to be eligible to apply.

To apply, you will need to upload your current resume, provide referee details and a statement of claims demonstrating how you meet the selection criteria. Word limit is 750 words.

Applications close at 11:30 p.m. AEDT on Wednesday 19th March 2025.