$74,795.76 - $133,534.34 (plus 15.4% super)
Brisbane - QLD

About The Role

Technical Threats and Visibility Branch is seeking Malware, Intrusion and Threat Hunt Analysts to join teams responsible for analysing network traffic and host activity to identify anomalous behaviours, and reverse engineering malware. 

The teams develop and mature detection capabilities and analytical tradecraft to further the ACSC’s understanding of cyber adversaries targeting Australia. We want you to join our team to assist the ACSC to defend against advanced threats.

These are technical roles, requiring an aptitude for complex problem solving and a curiosity for understanding the functionality, origin and potential impacts of malware. We want you to reverse-engineer malware, and develop analytic automation and tools to defend Australian networks against malicious threats. 

While formal experience in incident management/response, malware or intrusion analysis is desirable, the ACSC is also interested in applicants looking at getting into this field with demonstrable experience in software development, programming, mathematics, or computer sciences, and interest in solving interesting technical problems/challenges. 

About our Team

Are you an experienced Incident Responder looking to take your career further? The ACSC invites you to take the next step in your career.

We are looking for individuals with a passion for understanding, discovering and countering cyber threats impacting Australia and its interests.

The Technical Threats and Visibility Branch in the Australian Cyber Security Centre (ACSC) detects adversaries targeting or exploiting Australian networks, and analysing the technical tools and tradecraft they employ. The ACSC uses this deep understanding to defend and disrupt malicious threats from cyber threat actors. 

We have vacancies in specialist teams who:

• Reverse engineer malware and develop their own sophisticated tools to do so

• Hunt for cyber intrusions on priority Australian networks, using cutting-edge tools and detections

These teams are located across Brisbane, Canberra & Melbourne. 

Further enquiries about the position can be made to the Contact Officer on 02 5130 0214.

Our Ideal Candidate

We are looking for individuals who can demonstrate skills in one or more of the following areas:

Intrusion Analysts and Cyber Threat Hunters

Experienced Incident Responders, EDR/XDR analysts and SOC analysts looking to take their careers further would be well suited to these roles.

• Understanding and experience with network traffic and protocol analysis; and ability to analyse network traffic and identify anomalous behaviour.
• Understanding of application layer technologies that underpin the Internet e.g HTTP, DNS, SMTP and how they are used and manipulated for malicious purposes.
• Understanding of operating systems principles (such as Windows and Linux) and the underlying features such as file systems, memory, processes and threads, registry and scripting engines.
• Understanding of, and experience with, extraction and analysis of host information to determine entity behaviours such as system or user interactions, malware infection and unauthorised behaviours.
• Understanding and experience in analysing large volumes of host and network data to draw conclusions.
• The ability to communicate technical knowledge in a concise manner to a non-technical audience.
• The ability to provide deep subject matter expertise, insights and advice around evolving trends including, but not limited to:
  • An understanding of malware, how to identify, triage and perform dynamic analysis.
  • An understanding of how an adversary would manipulate operating system features for malicious purposes.
  • An understanding of obfuscation techniques, how an adversary would disguise data, behaviour or activity.

Malware Analysis

• Familiarity with Microsoft OS internals and APIs.
• Experience with assembly (in particular x86 and x64 instruction sets) or low level programming languages such as C.
• Experience in high-level programming and scripting languages (Python preferred).
• Proficiency with reverse engineering tools (disassemblers, debuggers, decompilers and Yara). 
• Understanding of malware reverse engineering processes including unpacking, deobfuscation and code reconstruction.
• Ability to develop and enhance automation tools to assist the malware analysis process.
• Ability to develop and modify signatures to detect and hunt for malware at scale.

We are looking for people who are keen to tackle very hard, but interesting problems. You need to work well in a team, exercise high levels of initiative, enthusiasm for reverse engineering, and demonstrate a resolve to protecting Australia.

In return, we will invest in your career with rewarding opportunities, excellent training, and a competitive employment package to retain skilled employees.

It is highly desirable that you have computer science related tertiary qualifications, or on-the-job experience within the industry – incident response, security operations, reverse engineering, or coding roles.

At the ASD 4 level, you must demonstrate exposure to the above areas or related fields, and be progressing efforts to attain technical skills.

At the ASD 5 level, you must demonstrate experience in the above areas or related fields, and possess relevant technical skills. 

At the ASD 6 level, you must demonstrate significant experience in the above areas or related fields, and possess well-developed technical skills. It is expected that you will lead bodies of work.

Application Closing Date: Sunday, 24 September 2023

For further information please review the job information pack, reference ASD/08545/23 on https://www.asd.gov.au/careers