Haystack
← Back to Jobs
Full time
Administrative

Security Analyst

State Government of Victoria, AustraliaMelbourne, Victoria🇦🇺AustraliaPosted 15 Jul 2026

Quick Overview

Work Type
Hybrid
Schedule
Full Time
Level
Mid Senior

Job Description

Location: Melbourne - CBD and Inner Metro suburbs

Reference: VG/DE/FPIS/

Overview

The Security Analyst role is responsible for monitoring, detecting, investigating, and responding to cybersecurity threats across the organisation in alignment with the Department's Cyber Security Incident Response Plan (CSIRP) using Microsoft security technologies, primarily Microsoft Sentinel (SIEM/SOAR) and Microsoft Defender. The position plays a key role in proactive threat hunting, vulnerability management and working on threat intelligence inputs for the continuous enhancement of the organisation security posture, including the protection of departmental systems and schools.

About the Department

The department provides a wide range of learning and development support and services. It provides policy leadership, plans for the future of education in Victoria, and leads key cross sector collaboration. The department plays an important system steward role by providing support, guidance, oversight and assurance across early childhood and school education systems, as well as directly providing school education and 50 new early learning centres.

Key Responsibilities
  • Respond to cybersecurity incidents across the full lifecycle: detection, containment, eradication, and recovery.
  • Use security tooling deployed at the department, along with host based and network analysis to investigate incidents determining impact and support remediation efforts.
  • Perform threat hunting, threat intelligence analysis and reporting, and trend forecasting.
  • Provide cybersecurity specialist advice as a member of Cybersecurity Incident Response Team (CSIRT), lead response activities and provide regular updates and liaise with stakeholders.
  • Provide technical remediations and control recommendations while determining risk impacts.
  • Collaborate with external incident response teams and partners as required.
  • Collect and preserve digital evidence while maintaining proper chain of custody.
  • Develop reporting including situational reports and data insights on incidents, threats, vulnerabilities, and response effectiveness.
  • Support the Security Operations team in strengthening the organisation's cybersecurity posture through platform enhancements and project contributions.
Incident Detection & Response
  • Proven experience leading cyber incident response activities in a large, complex environment.
  • Strong stakeholder engagement skills with the ability to communicate technical issues clearly.
  • Expertise in writing situational and executive level incident reports.
Threat Analysis & Investigation
  • Experience analysing security events to determine criticality, impact, and appropriate response using a wide array of tools not limited to SIEM, XDRs, vulnerability platforms, etc.
  • Strong aptitude for investigations, threat intelligence, hunting, and analysis.
  • Ability to correlate events and alerts to identify emerging or active threats.
Technical Expertise
  • Hands on expertise with Microsoft Sentinel, Microsoft Defender suite, ServiceNow, vulnerability management tool Tenable.
  • Strong knowledge of security operations, incident response, and threat detection.
  • Proficiency in KQL and log analysis across various operating systems and network infrastructure.
  • Familiarity with SIEM/SOAR concepts and automation.
  • Experience with cloud security (Azure experience highly desirable).
  • Strong knowledge of attack tactics, techniques, and procedures using the MITRE ATT&CK framework.
  • Understanding of NIST Cybersecurity Framework, incident response frameworks, and threat modelling.
Qualifications and Experience
  • Bachelor's degree or Diploma in Cyber Security or a related field.
  • Minimum 3-4 years demonstrated experience in cyber incident response, investigations and threat hunting within a large and complex environment.
  • Experience leading cyber incident response activities.
  • Demonstrated expertise in threat investigations and hunting on Microsoft Sentinel and other Microsoft security technologies.
  • Demonstrated expertise in administration of Microsoft Sentinel and Defender.
Desirable
  • Experience in performing basic digital forensics.
  • Experience using Security Co Pilot and developing automations.
  • Experience in administration of one or more platforms like Tenable, Splunk, Cylance, Armis.
  • CISSP, CEH, Security+, SANS Digital Forensics or Incident Response certifications.

The department values diversity and inclusion in all forms - gender, religion, ethnicity, LGBTIQ+, disability and neurodiversity. Aboriginal and Torres Strait Islander candidates are strongly encouraged to apply.

Applicants requiring adjustments can contact the nominated contact person.

Preferred applicants may be required to complete a police check and may be subject to other pre employment checks. Information provided to the Department of Education will be treated in the strictest confidence.

Applications close 11:59pm on 09 July 2026.

Similar jobs