Afilias (www.afilias.info) is the leader in providing global Internet infrastructure solutions, powering key pieces of the Internet’s infrastructure. In fact, you are most likely using our DNS infrastructure on a daily basis, just by accessing .org, .info, .mobi., .me, and many other websites. With our second-to-none reputation for performance, we currently support many Top Level Domains with over 22 million domains – that’s 10% of all the domain names globally, making us the second largest registry services provider in the world. We are growing too and we are set to support .au ccTLD in the next few months.
As a Security Specialist, you will make an impact by directly reducing the amount of spam, malware, and other malicious content in the .au ccTLD, resulting in fewer cases of cybercrime and helping maintain reputation of the TLD. You will assist in protecting the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. Afilias’ Security team has made key contributions in various cyber security initiatives over the years, collaborating with other key players in the Internet industry to limit cyber-threats including spam, phishing, malware distribution or other domain name abuse.
The everyday challenge for a Security Specialist at Afilias is a multi-faceted adversary, who is watching, adapting, and responding to the analysts’ efforts. Your job will consist of actively analyzing external and internal data sources for patterns and inconsistencies. You will identify trends and relationships in data related to domain and cyber security threats. In addition, you will contribute to our internal business intelligence to establish, monitor and maintain security controls to adhere to standards being followed and participate in security audits and risk analysis. You will also have the opportunity to collaborate with other organizations (e.g. CERT Australia) and individuals within the Internet security community as well as law enforcement involved in combating cyber-security threats. You will prepare cyber threat profiles and assessments based on extensive research work.
Requirements and qualifications:
- Bachelor's degree (in Computer Science, Intelligence, information Security), or other relevant field highly desired
- 2-5 years of experience working in security analysis, fraud/abuse desk, compliance, audit, risk management, a Security Operations Center (SOC), or a Computer Emergency Response Team (CERT),; or equivalent
- Analyzes information security systems and applications and finds the vulnerabilities
- Work with technical and business teams to respond to identified vulnerabilities and follow up on patching activities
- Strong understanding and knowledge in risk assessment processes, threat modeling, link and gap analysis and methodologies
- Participates in security and privacy impact assessments
- Designs, implements, and enforces security policies in accordance with the established standards to protect confidentiality, integrity and availability of systems and data
- Audit controls related to information systems, platforms, and operating procedures to ensure compliance with security standards
- Investigates security violations and suggest modifications to tools and procedures
- Experience distilling and correlating raw information from multiple data sources into actionable intelligence, validating accuracy and reliability of information
- Strong data analytics and research skills to identify unexpected patterns and occurrences
- Excellent research skills to keep abreast of latest security issues and trends
- Help with process documentation and training to internal and external users related to domain anti-abuse program and other security services
- Ensure timely customer outreach and follow-up on abuse mitigation efforts
- Prepare customer and management reports as required
- Research and investigate regulatory compliance requirements and assist in resolving compliance, audit and regulatory issues
- Collaborate with other team members to provide guidance in security related areas
- Recognize and deal appropriately with confidential and sensitive information
- Perform day to day tasks as it relates to Information Security
Interpersonal Skills Required:
- Good judgment and independent decision making skills
- Originality and creativity in problem solving
- Ability to deal effectively with constant change and conflicting priorities
- Self-motivated and enthusiastic team player
- Outstanding written and oral communication skills
Desired Skill Sets:
- Familiarity with registry and domain business an asset
- Familiarity with NIST and ISO standards like 27001, 27002 and 22301 highly desired
- Familiarity with Australian governments cyber security strategy and information security manual along with security guidance provided by Australian Signals Directorate (ASD) for example: Strategies to mitigate cyber security, Essential Eight, highly desired
- Detail oriented with strong analytical skills
- Forensic analysis and familiarity with cyber-crime and techniques
- Familiarity with data analysis tools and methods
- Knowledge of Linux and scripting (Shell, PERL or similar) an asset
- Familiarity with OWASP Top 10
- Familiarity with tools like Nessus, Burp, Splunk, SIEM systems an asset
- Knowledge of security controls for network, database, application and operating systems an asset.
- Recognized security certification an asset – CISSP, CEH, CISA, ISO 27001 LI or similar
This position will be based in our Melbourne office. Some travel and after hours on-call support may be required.
To apply for this position please email your CV and cover letter to email@example.com.