Senior Security Operations Specialist (APS6)

The Security Operations Engineer will provide hands-on operational capability to actively monitor, detect, and respond to cyber threats, leveraging platforms such Microsoft Sentinel and Defender. This role will develop detection use cases, investigate alerts, and continuously improve the branch’s ability to prevent, detect, and respond to cyber incidents during both the planning and design phases and once the system is operational.

Note: This is a strongly hands-on technical capability role rather than a primarily operational or coordination-focused function.

The client’s Digital ID System is a key component of Australia’s broader digital transformation and is designed to strengthen the growing digital economy in two main ways:

1.   It enables secure, convenient, voluntary, and inclusive methods of verifying identity in online transactions across both public and private sectors, while protecting the privacy and security of personal information.

2.   It helps build trust in digital identity services, streamlines access to online services, and supports continued growth of the digital sector.

The Digital ID System regulator is responsible for:

• accrediting providers of digital identity services
• approving participation in the Australian Government Digital ID System
• conducting compliance monitoring and enforcement activities relating to non-privacy aspects of the system

Estimated start date Monday, 15 June 2026

Initial contract duration 12 months

Extension term 12 months

Number of extensions 2

Experience level Senior APS6 equivalent

Location of work QLD, WA, ACT, VIC, NSW, NT, SA, TAS

Working arrangements Hybrid. The client has a requirement to attend the office for 2 days each week

Security clearance Must be an Australian Citizen and able to obtain Baseline

Key responsibilities include:

• Security Monitoring & Detection Engineering: Configure, manage and optimise security monitoring platforms including development and tuning of analytics rules, dashboards and alerting use cases to detect malicious activity.
• Threat Hunting: Plan, execute and manage proactive threat hunting activities using available telemetry and threat intelligence. Continuously improve detection capabilities based on findings and emerging threats.
• Incident Response: Lead and support the response to cyber security incidents, including investigation, containment, eradication and recovery. Conduct root cause analysis and implement remediation actions to prevent recurrence.
• Security Operations & Investigation: Perform detailed analysis of security events, logs and alerts across cloud and enterprise environments. Triage and prioritise incidents based on risk and business impact.
• Security Automation & Orchestration: Develop and maintain automation playbooks and scripts to improve response times and reduce manual effort in security operations.
• Vulnerability Management: Identify, assess and prioritise vulnerabilities across systems, applications and infrastructure. Work with DevOps and development teams to ensure timely remediation.
• Threat Intelligence & Use Case Development: Manage and utilise threat intelligence feeds, incorporating intelligence into detection use cases, analytics rules and threat hunting activities.
• Security Tool Management: Configure, maintain and optimise security tools and platforms, identifying opportunities for improvement, integration and automation.
• Collaboration and Continuous Improvement: Work closely with DevOps, developers and security teams to improve detection coverage and feed operational learnings into system design and control implementation.
• Governance Support & Documentation: Maintain operational documentation, incident records and runbooks. Support alignment with WoAG policies through implementation and evidence collection.

Please prepare a statement of claims (less than 500 words) addressing the selection criteria. When preparing your statement of claims, please take into consideration the role and duties, and detail instances from your past that demonstrate how you meet the selection criteria.

Essential Criteria

• Hands-on cyber security operations, including security monitoring, incident response, threat analysis, and investigation in enterprise or cloud environments.

• Working with SIEM/SOAR platforms, preferably Microsoft Sentinel, including development of analytics rules, KQL queries, alert tuning and dashboards.

• Incident detection and response, including triaging alerts, investigating security events and performing root cause analysis.

• Security automation and scripting, using tools to support orchestration and response activities.

• Working in cloud environments (preferably Microsoft Azure), with understanding of logging, monitoring and security controls.

• Applying cyber security frameworks and best practices, including familiarity with Whole-of-Australian-Government (WoAG) policies such as ISM and Essential Eight