Python Job: Consultant, IT Security

Role - Specialist, Cyber Security Engineering

Location - New Zealand or Australia

Opportunity - Permanent

READY FOR ANYTHING

At IAG, we live and work by our purpose to make your world a safer place. We are motivated by a unique culture that celebrates honesty, creativity, empathy, equality and collaboration. We call it the IAG way, and it means we all share a ‘ready for anything’ mindset that sets the tone for positive actions and positive outcomes. We put heart into everything we do which guides us to create amazing things for our customers, our people and our communities.

We’re brimming with ideas, ambition and a readiness to apply bold thinking and risk awareness to make a difference where it matters most.

As the largest general insurance group in Australia and New Zealand, we own some of the region’s most trusted brands, including AMI, State, NZI, Lantern, Swann and NAC. We are ready for anything.

The Role:

The purpose of the role and your unique contribution is to be a Specialist in the Cyber Security Engineering function, working on the conception, operation and delivery of the continuous deployment and logic enhancement for Cyber Threat Emulation & Defence (CTED) services to the IAG group. This will involve continually improving offensive and defensive toolchains using automation and orchestration, as well as designing, building, and operating the core technologies such as SIEM, DLP, EDR, VM and CC which are used by the wider CTED team.

Key Responsibilities:

• Develop, maintain, and enhance the continuous integration, delivery, and deployment of methodologies for CTED attack emulation, detection, and response logic.
• Develop and implement security incident automation and orchestration within Service Management platform and SIEM.
• Develop automations and API integrations using ServiceNow and other tools.
• Assist developing processes, procedures, and documentation
• Deliver CTED BAU uplift activities and ensure they are to scope, time, and quality.
• Support CTED reporting by streamlining processes for collating reporting information.
• Monitor, create, maintain, and resolve tickets utilising agile methodologies and automation to drive CTED workload management.
• Identify and deliver innovative enhancements in CTED services to create value.
• Develop, tune, and review cyber security use cases in SIEM & SOAR platforms.
• Threat model applications and onboard new log sources.
• Maintain existing security control platforms including, SIEM, DLP, EDR, VM and CC.
• Ensure end-to-end reliability and integrity of security offensive and defensive toolchains.
• Work in collaboration with the Threat Analytic Cell to implement tactical detection capabilities from real-time threat intelligence and perform threat hunting.
• Proactively raise risks when identified
• Assist coordinating and engineering breach and attack simulation activities to ensure controls are effective and/or remediated
• Awareness and compliance with the Group Delegations & Authorities Policy

Skills & Experience:

• 3-7 years of experience in large and complex organisations, with 2-5 years of experience working in a threat management, SOC or Threat Intel capability.
• Lateral thinker / curious / positive mind set / systematic approach to troubleshooting
• Competent with SIEM solutions and log file analysis
• Competent developing Cyber Security Use Cases, Incident Response Playbooks, and security orchestration and automation
• Competent networking skills and comfortable reading / working at the network layer.
• Competent in software development using one or more of the following languages: JavaScript, Python, Bash, PowerShell. And experience with REST APIs.
• Competent engineering automation and integration
• Competent working with middleware and database technologies.
• Competent ability to troubleshoot and diagnose issues within mixed software, hardware and network environments.
• Competent understanding of Cloud and other Security Standards / Frameworks e.g. CSA CCM, NIST CSF, ISO 27001, PCI-DSS.
• Competent understanding of security capabilities and security incident response activities.
• Good relationship management skills to liaise with IT service providers and integrators.
• Tertiary qualification in Information Technology, Engineering, Computer Science, or equivalent experience and 1 or more industry standard certifications

Ideally have: -

• Experience developing ServiceNow automations in JavaScript
• Experience with operating and maintaining Servers and services on Windows and Linux
• Exposure to (or an active interest in) conducting security incident investigations
• Exposure to (or an active interest in) conducting Vulnerability Assessment and Penetration testing of Web Applications, API, Mobile and Network Infrastructure hosted on-premise and within cloud environments (e.g. AWS/Azure etc.).
• High level understanding of Infrastructure and Web application security testing methodologies / frameworks e.g. OWASP, PTES, OSSTMM, ISSAF.
• ISECOM OPST & OPSA, SANS GSEC and above, other cyber defensive and offensive security certifications.

Ready for anything? Let’s talk.

IAG rewards and recognises its people with generous benefits, career development opportunities and real work-life balance. Employees also enjoy up to 50% insurance discounts, flexible work and leave options, various corporate partner discounts and a people-focused culture that celebrates achievements big and small.

Creating a workforce that actively embraces diversity, inclusion and a sense of belonging is key to our success. We encourage applications from all backgrounds and communities. IAG Culture story The IAG way