Security Analyst
Quick Overview
Job Description
Location: Melbourne - CBD and Inner Metro suburbs
Reference: VG/DE/FPIS/
OverviewThe Security Analyst role is responsible for monitoring, detecting, investigating, and responding to cybersecurity threats across the organisation in alignment with the Department's Cyber Security Incident Response Plan (CSIRP) using Microsoft security technologies, primarily Microsoft Sentinel (SIEM/SOAR) and Microsoft Defender. The position plays a key role in proactive threat hunting, vulnerability management and working on threat intelligence inputs for the continuous enhancement of the organisation security posture, including the protection of departmental systems and schools.
About the DepartmentThe department provides a wide range of learning and development support and services. It provides policy leadership, plans for the future of education in Victoria, and leads key cross sector collaboration. The department plays an important system steward role by providing support, guidance, oversight and assurance across early childhood and school education systems, as well as directly providing school education and 50 new early learning centres.
Key Responsibilities- Respond to cybersecurity incidents across the full lifecycle: detection, containment, eradication, and recovery.
- Use security tooling deployed at the department, along with host based and network analysis to investigate incidents determining impact and support remediation efforts.
- Perform threat hunting, threat intelligence analysis and reporting, and trend forecasting.
- Provide cybersecurity specialist advice as a member of Cybersecurity Incident Response Team (CSIRT), lead response activities and provide regular updates and liaise with stakeholders.
- Provide technical remediations and control recommendations while determining risk impacts.
- Collaborate with external incident response teams and partners as required.
- Collect and preserve digital evidence while maintaining proper chain of custody.
- Develop reporting including situational reports and data insights on incidents, threats, vulnerabilities, and response effectiveness.
- Support the Security Operations team in strengthening the organisation's cybersecurity posture through platform enhancements and project contributions.
- Proven experience leading cyber incident response activities in a large, complex environment.
- Strong stakeholder engagement skills with the ability to communicate technical issues clearly.
- Expertise in writing situational and executive level incident reports.
- Experience analysing security events to determine criticality, impact, and appropriate response using a wide array of tools not limited to SIEM, XDRs, vulnerability platforms, etc.
- Strong aptitude for investigations, threat intelligence, hunting, and analysis.
- Ability to correlate events and alerts to identify emerging or active threats.
- Hands on expertise with Microsoft Sentinel, Microsoft Defender suite, ServiceNow, vulnerability management tool Tenable.
- Strong knowledge of security operations, incident response, and threat detection.
- Proficiency in KQL and log analysis across various operating systems and network infrastructure.
- Familiarity with SIEM/SOAR concepts and automation.
- Experience with cloud security (Azure experience highly desirable).
- Strong knowledge of attack tactics, techniques, and procedures using the MITRE ATT&CK framework.
- Understanding of NIST Cybersecurity Framework, incident response frameworks, and threat modelling.
- Bachelor's degree or Diploma in Cyber Security or a related field.
- Minimum 3-4 years demonstrated experience in cyber incident response, investigations and threat hunting within a large and complex environment.
- Experience leading cyber incident response activities.
- Demonstrated expertise in threat investigations and hunting on Microsoft Sentinel and other Microsoft security technologies.
- Demonstrated expertise in administration of Microsoft Sentinel and Defender.
- Experience in performing basic digital forensics.
- Experience using Security Co Pilot and developing automations.
- Experience in administration of one or more platforms like Tenable, Splunk, Cylance, Armis.
- CISSP, CEH, Security+, SANS Digital Forensics or Incident Response certifications.
The department values diversity and inclusion in all forms - gender, religion, ethnicity, LGBTIQ+, disability and neurodiversity. Aboriginal and Torres Strait Islander candidates are strongly encouraged to apply.
Applicants requiring adjustments can contact the nominated contact person.
Preferred applicants may be required to complete a police check and may be subject to other pre employment checks. Information provided to the Department of Education will be treated in the strictest confidence.
Applications close 11:59pm on 09 July 2026.
Similar jobs
Journeyman Cyber Security Engineer (Splunk/SIPR) - USSOCOM EDAT Zero Trust
Kentro · Tampa, United States
9 minutes agoProduct Security Analyst (Mid-Senior) with Security Clearance
Boeing · Seattle, United States
41 minutes ago$148.8k - $201.3k/yrSenior Splunk Cyber Security Engineer
MANTECH · Chantilly, United States
1 hour agoCyber Security Engineer
DCV Technologies · Stenigot, United Kingdom
1 hour agoInformation Security Analyst, Vulnerability Management
Bet365 · Manchester, United Kingdom
1 hour agoSAP Security Analyst
SAIC · Arlington, United States
1 hour ago$120.0k - $160k/yr