Senior Security Operations Analyst

An exciting opportunity for an experienced Analyst
A collaborative and innovative work environment
Ongoing professional development and career building opportunities
Your Mission

The mission of Cyber Defence - Security Operations squad is to protect the bank from cyber threats and to ensure that our systems remain secure and available. We want our customers to feel secure keeping their data and banking with us.

As an Analyst within this squad, you will have a strong technical focus with broad coverage and deep in certain areas. The most critical aspect of this role is being able to investigate major cyber compromise end-to-end, as the last point of escalation. However, between incidents you will be continuously uplifting capability to strengthen ANZ’s ability to protect, defend and respond to cyber compromise. Capability uplift will involve both hands-on development as well as strategic input.

You will work closely with the squads in the broader Cyber Defence area including red teaming, cyber intelligence, cyber analytics, penetration testing, vulnerability scanning, cyber tools and platform support, capability delivery and governance.

**Key priorities include**:
Providing strategic input to drive capability uplift for the ANZ Security Operations Centre (SOC).
Investigating major security compromises end-to-end and coordinating a cohesive response involving multiple teams across ANZ.
Developing tools and techniques to proactively detect and prevent new cyber threats to ANZ employees and systems. This includes developing advanced early threat detections within the ANZ’s advanced cyber data-lake by writing new advanced detections from threat research and red team findings.
Performing hunting for unknown cyber threats using profiling techniques to find unusual or anomalous activity which has not been detected by vendor signatures.
Mentor junior analysts to build the capability in the team.
Overseeing and providing direction to ensure objectives are met by projects delivering new tools and capability into the security operations squad.

**Role Type**: Permanent, Full-Time

Who are you?
A team player - You know we only win if we all win. You recognise and value the different perspectives and skills your colleagues bring. It is not about being a hero but jumping in and contributing to the successful delivery of the team’s mission
The customer’s biggest fan - You demonstrate a thirst for better understanding the customer and define the problem and develop solutions through their eyes
Comfortable being uncomfortable - You are comfortable with uncertainty and have the ability to effectively manage yourself through ambiguity and change
Continuous improvement junkie - You constructively challenge the status quo, look for better ways to do things and passionately advocate continuous improvement
Committed to your own and other’s growth - You strive to stretch and grow yourself and others by identifying your own development areas, seeking feedback and providing feedback to others to help them learn and grow everyday
A problem solver - You are energised by tackling complex problems and use critical thinking, your network, skills, knowledge, and available data to drive better outcomes for our customers and the bank
Risk savvy - You build sustainable solutions that protect customers, stakeholders and the community
What you bring to the team
Minimum 5 years’ experience in security incident response.
Understanding of best practices in network security, security operations, systems security, policy, and incident response.
Ability to perform root-cause analysis and engage with stakeholders at various levels.
Strong written and verbal communication and presentation skills.
A desire to continuously develop your knowledge and skills to keep up with a rapidly changing threat landscape and bring innovative ideas into the squad.
A track record of execution to deliver tangible outcomes.

**Must have**:
Deep understanding of how security vulnerabilities are exploited by attackers, the post compromise life cycle of an attacker and experience in developing novel methods for detecting and remediating compromise at different stages of an attack.
Scripting skills (e.g., Python, C, C++, Java, Ruby or PowerShell) to write ad-hoc detection signatures, hunting collection and analysis scripts, plugins for tools, fill gaps of vendor tools, etc.

**Desired**:
Knowledge of security in the cloud
Experience in developing cyber analytics using Scala / Spark
Relevant industry certifications (GCIH, GCFA, etc.,)
Strong Unix/Linux and/or macOS forensics skills.
About ANZ

Our purpose is to shape a world where people and communities thrive. That’s why we strive to create a balanced, sustainable economy in which everyone can take part and build a better life. By helping people make the most of what they have, we transform ideas, hard work and ambition into reality.

The ANZ values are the foundation of how we work and support our customer