About the Department
The department provides a wide range of learning and development support and services. The department provides policy leadership, plans for the future of education in Victoria and leads key cross-sector collaboration. The department plays an important system steward role by providing support, guidance, oversight and assurance across early childhood and school education systems, as well as directly providing school education and 50 new early learning centres.
About the Role
The Security Analyst role is responsible for monitoring, detecting, investigating, and responding to cybersecurity threats across the organisation in alignment with the Department's Cyber Security Incident Response Plan (CSIRP) using Microsoft security technologies, primarily Microsoft Sentinel (SIEM/SOAR) and Microsoft Defender. The position plays a key role in proactive threat hunting, vulnerability management and working on threat intelligence inputs for the continuous enhancement of the organisation security posture, including the protection of departmental systems and schools.
The role also supports investigations and threat hunting activities using additional security tools such as Splunk, Tenable, Armis, Cylance, and other security tooling deployed at the department. Operating within a fast-paced, complex, and high-volume environment, the role will analyse cyber threat intelligence, provide technical expertise, and administer enterprise security platforms. By leveraging a range of security tools and intelligence sources, the role will actively respond to incidents and deliver actionable insights to strengthen the organisation's overall security posture.
Additionally, the role is responsible for producing high-quality reports and data-driven insights for both internal and external stakeholders on cyber incidents, threats, and vulnerabilities. These outputs support performance monitoring, recovery efforts, and remediation activities. You will collaborate closely with multidisciplinary ICT teams, school technical teams, internal divisions, and external agencies, including the Victorian Government Cyber Incident Response Service (CIRS), the Australian Signals Directorate (ASD), and the Office of the Victorian Information Commissioner (OVIC).
Key Responsibilities
- Respond to cybersecurity incidents across the full lifecycle: detection, containment, eradication, and recovery.
- Use security tooling deployed at the department, along with host-based and network analysis to investigate incidents determining impact and support remediation efforts.
- Perform threat hunting, threat intelligence analysis and reporting, and trend forecasting.
- Provide cybersecurity specialist advise as a member of Cybersecurity Incident Response Team (CSIRT), lead the assigned response activities and provide regular updates and liaise with a wide array of stakeholders.
- Provide technical remediations and control recommendations while determining risk impacts
- Collaborate with external incident response teams and partners as required.
- Collect and preserve digital evidence while maintaining proper chain of custody.
- Develop reporting including situational reports and data insights on incidents, threats, vulnerabilities, and response effectiveness.
- Support the Security Operations team in strengthening the organisation's cybersecurity posture through platform enhancements and project contributions.
Skills & Capabilities
Incident Detection & Response
- Proven experience leading cyber incident response activities in a large, complex environment
- Strong stakeholder engagement skills with the ability to communicate technical issues clearly
- Expertise in writing situational and executive-level incident reports
Threat Analysis & Investigation
- Experience analysing security events to determine criticality, impact, and appropriate response using a wide array of tools not limited to SIEM, XDRs, Vulnerability platforms etc.
- Strong aptitude for investigations, threat intelligence, hunting, and analysis
- Ability to correlate events and alerts to identify emerging or active threats
Technical Expertise
- Hands-on expertise with - Microsoft Sentinel, Microsoft Defender suite, ServiceNow, Vulnerability Management tool Tenable
- Strong knowledge of security operations, incident response, and threat detection
- Proficiency in KQL and log analysis across various operating systems and network infrastructure
- Familiarity with SIEM/SOAR concepts and automation
- Experience with cloud security (Azure experience highly desirable)
- Strong knowledge of attack tactics, techniques, and procedures using the MITRE ATT&CK framework
- Understanding of NIST Cybersecurity Framework, incident response frameworks, and threat modelling
Qualifications and Experience
- Bachelor's degree or Diploma in Cyber Security or a related field.
- Minimum 3-4 years demonstrated experience in cyber incident response, investigations and threat hunting within a large and complex environment.
- Experience leading cyber incident response activities.
- Demonstrated expertise in threat investigations and hunting on Microsoft Sentinel and other Microsoft security technologies.
- Demonstrated expertise in administration of Microsoft Sentinel and Defender.
Desirable:
- Experience in performing basic digital forensics
- Experience using Security Co-Pilot and developing automations
- Experience in administration of one or more of platforms like Tenable, Splunk, Cylance, Armis
- CISSP, CEH, Security+, SANS Digital Forensics or Incident Response certifications
Further Information
For more details regarding this position please see attached position description for the capabilities to address in application.
The department values diversity and inclusion in all forms - gender, religion, ethnicity, LGBTIQ+, disability and neurodiversity. Aboriginal and Torres Strait Islander candidates are strongly encouraged to apply. For more information about our work, working for the Department, diversity and inclusion, and our employment conditions visit the Department website and our Diversity and Inclusion page
Applicants requiring adjustments can contact the nominated contact person.
Information about the Department of Education's operations and employment conditions can be located at www.education.vic.gov.au.
For further information pertaining to the role, please contact Ashok Sangra - Manager Security Operations via [email protected]
Preferred applicants may be required to complete a police check and may be subject to other pre-employment checks. Information provided to the Department of Education will be treated in the strictest confidence.
Please let us know via phone or email if you require any adjustments to ensure your full participation in the recruitment process or if you need the ad or any attachments in an accessible format (e.g large print) due to any viewing difficulties or other accessibility requirements.
Applications close 11:59pm on 09 July 2026
