IT Security Officer - Military Veterans

The Opportunity

Do you aspire to help build something better? Would you like to work for a company that employs the best talent to develop and deliver world class capabilities and systems to protect Australia and its national interests? Would you like to work on cutting edge projects? Then we would like to talk to you.

As an equal opportunity employer that promotes a diverse and safe workplace environment, one of the country's leading and preferred defence partners, Boeing Defence Australia (BDA) is seeking an Information Technology Security Officer (ITSO) based in Brisbane to join and existing team of ITSOs and Cyber Product Security specialists the MQ-28 Program.

Our ITSOs are an integral part of the Cyber Security team within the program. On the program, they act as information security advisors in locality, working closely with our engineering teams, system administration staff and the Commonwealth of Australia on cutting edge next generation systems. In addition to performing an advisory role, ITSOs also have an operational focus that includes ensuring the continuous monitoring and information assurance of our systems while keeping key stakeholders informed of the Program's security posture.

ITSOs are directly responsible for maintaining the confidentiality, integrity and availability of Program systems. Other responsibilities will include designing, implementing and maintaining the security enforcing functions and capabilities of Information Technology (IT) and Operational Technology (OT) environments for the Program. This role and some of its expectations of routine work will be performed in accordance with the Commonwealth Information Security Manual (ISM), Protective Security Policy Framework (PSPF) and Defence Security Principles Framework (DSPF).

This role will report into the MQ-28 Manager for Cyber and Secure Networks, under guidance from the BDA Chief Information Security Officer (CISO) and MQ-28 System Owners.

This role is based in Brisbanebut will require regular travel to Woomera, SA to support the Program.

Responsibilities

• Act as a security champion and advisor in all localities the systems operate within, interfacing at various levels across the MQ-28 Program, BDA, Supplier and Commonwealth organizations.
• Conduct continuous monitoring and system level assurance auditing on program systems, including further engineering implementation and maturity uplift including but not limited to:Communicate complex security risk, engineering and posture related information to a wide range of stakeholders from individual contributors and team leads through to senior leadership other senior risk owners.
  • Identity and access management of all accounts on the system.
  • Event logging, collection and aggregation activities.
  • Security Incident Event Monitoring (SIEM) configuration, tuning and troubleshooting.
  • System assurance during implementation, along with risk reporting into the program Cyber Team for system deficiencies.
  • System performance monitoring and system capability reporting.
  • Endpoint security and hardening.
  • Patch management verification.
  • Vulnerability scanning.
  • Secure data transfer monitoring and assurance
  • Familiarity with COMSEC and other government security or high assurance equipment.
  • Incident response and digital forensics.
  • Creation and maintenance of documentation of the system's configuration and operational processes.
• Assist in the design, verification and validation of security enforcing functions within MQ-28 IT and OT Systems.
• Develop and facilitate on the job training (OTJ) and deliver briefings on system and security related topics as needed.
• Deliver solution-oriented outcomes—balancing the needs of the program while remaining complaint with system authorization requirements.
• Contribute to risk working groups on risks raised at both System or Program level as required.
• Empower a culture of safety, security and compliance across the Program.

To be successful in this role, you will have:

• A highly organized, task oriented, self-directed approach that demonstrates a high degree of initiative.
• Ability to make and/or change plans, goals and actions in response to an evolving business environment with the awareness to operate as a focal for incident response across the program.
• Ability to perform planned or unplanned travel regularly within or outside assigned region.

It would also be desirable if you had the following additional experience and qualifications:

• Experience with deployed / OT Systems as an ITSO or System Administrator.
• Familiarity with Digital Forensics and Incident Response (DFIR) operations within the Australian Government context, with a good working knowledge of the ISM, PSPF, DSPF.
• Industry recognized qualification such as CCOA, CISSP, CRISC, CISM, SANS certification, 27001k Lead Auditor or Implementer certification or exposure, formal DFIR training (highly regarded) and/or other cyber security certifications.
• An active Australian Security Clearance at the NV1 Level with the ability to upgrade to NV2.

Ability to obtain a Security Clearance - The preferred applicant will be required to successfully undergo the security clearance vetting process for NEGATIVE VETTING level 2. The preferred applicant MUST be willing to disclose all relevant and required information and MUST have lived in Australia, or have a checkable background, for at least the precedingTen years.