4 Lead Cyber Threat Analyst Cyber Threat Analysts
RFQ type
DMP2 - ICT Labour Hire
RFQ ID
LH-03398
RFQ published date
Monday, 26 May 2025
Deadline for asking questions
Friday, 06 June 2025 • 11:59pm, Canberra time
RFQ closing date
Monday, 09 June 2025 • 11:59pm, Canberra time
Buyer
Department of Agriculture, Fisheries and Forestry
Buyer contact
[email protected]
Estimated start date
Tuesday, 01 July 2025
Initial contract duration
12 months
Extension term
12 months
Number of extensions
2
Maximum number of candidates per seller
2
Experience level
Lead - EL1 equivalent
Location of work
ACT
Working arrangements
Onsite
Flexible working arrangement can be arranged however resource must be Canberra based.
Maximum hours
40 hours per week
Security clearance
Must be able to obtain Negative Vetting Level 1Job detailsThe Senior Cyber Security Analyst roles covers several aspects of Cyber Operations within the department and maintains a frontline position on developing and uplifting cyber capability within the Cyber Operations team.

The successful candidate is expected work within a technical cyber team an ability to work unsupervised and able to act as a mentor to other cyber analysts within the team.

Demonstrated experience in (but not limited to) the following disciplines and toolsets is expected –

Ability to produce and uplift the existing SOAR capability within the department’s SIEM
Azure DevOps, specifically Infrastructure as Code (IAC) for Azure Security platforms
Producing detailed alerts (KQL/SPL) for systems specific to the departments environment.
Log onboarding activities including log transformation to maintain ingestion levels
Ability to build and maintain a strong working relationship with vendors and technical business areas.
Producing playbooks for common cyber incidents and maintaining the playbook wiki
Incident investigation and response within the designated SIEM, escalating tickets to incident response manager where required.
Demonstrated experience in –
Azure Devops
Azure Sentinel (KQL, SOAR, incident response)
Log onboarding
Log transformation
Defender XDR
Scripting
Splunk
Key duties and responsibilitiesWill be responsible for cyber capability development across the following tools/platforms –
Azure Stack (DevOps, Sentinel, Monitor, EntraID, Azure ARC, Defender for Cloud, Conditional Access)
Defender XDR
Splunk

Infrastructure as Code (IAC) experience within the Azure security stack
Producing documentation for in-use security systems and standard operating procedures (SOPs) for incident scenarios
Producing playbooks for common cyber incidents and maintaining the playbook wiki
Change control and representation
Knowledge transfer to Cyber staff within the team

Technical skills
Minimum 5 years technical Cyber Security experience across the following toolsets and disciplines – Incident Response Azure Stack (DevOps, Sentinel, Monitor, EntraID, Azure ARC, Defender for Cloud, Conditional Access) Infrastructure as Code (IAC) Scripting Defender XDR Splunk Active Directory Ticket management / case management systemsCriteria
The buyer has specified that each candidate must provide a response to each criterion. Each response is limited to 3000 characters.Essential criteria
1. Flexible working arrangement can be arranged however resource must be Canberra based.
2. Demonstrated experience with the toolsets and platforms noted under the technical skills section
3. Demonstrated experience using Azure Infrastructure as Code (IAC) within a DevOps environment.
4. Must have up to NV1 clearance and be Canberra based.