Are you a cyber security expert ready to make an impact? We’re seeking a dynamic and innovative Threat & Adversary Mitigation Analyst to join our elite team. In this role you’ll design and build advanced measures and countermeasures to mitigate the threats we are faced with today and the ones we will face tomorrow. It’s a role for people who love researching adversaries, building solutions and making red teams cry.

If you are passionate about participating in a data led, threat informed, cyber security program surrounded by team members focused on collaboration and fun, we want to hear from you.

• We are obsessed about our customers and stakeholders as much as we are about foosball.
• You’ll Join a team that is laser focused on taking things to the next level, with complete executive sponsorship and a mature vision.
• More than a career - work flexible hours, partly remote, with close mentorship and travel/conference/training allocations.

As Analyst, Threat & Adversary Mitigation, you will

• Develop and maintain the threat and countermeasures framework, including attack surfaces, attack vectors, attack paths, TTP mapping, mitigating controls and countermeasures, control capability, and mitigation metrics.
• Identify, implement and report on mitigation strategies for tracked Adversaries and tradecraft. 
• Ensure a defensible architecture by influencing and driving key stakeholders, including Senior Management, Strategy & Architecture, Support Teams, Third Parties and Vendors.
• Stay abreast of industry best practices and emerging threats to ensure defensive capabilities are optimal. 
• Produce reporting on countermeasure effectiveness, ineffectiveness, and ROI. 
• Perform deep dive investigations into potential high-risk exposure areas.
• Periodically review countermeasure detailed configuration to ensure optimal defensive posture. 
• Actively drive improvement in countermeasures to prevent successful attack and exploitation.
• Work with Cyber Response, Red Team and Threat Detection teams to automate adversary simulation and test countermeasure effectiveness.
• Provide regular reporting on key operational and delivery measures.
• Influence and drive maturity improvements in the NIST IDENTIFY, PROTECT and DETECT domains and across Risk Scenarios.

What you’ll bring

• A unique combination of engineering acumen, CTI and Offensive Security experience and a Cyber Defence mindset.
• Extensive experience in CTI/SOC in large complex enterprise environments
• Proven experience in consulting roles
• Appropriate tertiary or industry qualifications in cyber security
• Excellent leadership, communication, stakeholder management and influencing skills.
• Expertise in intelligence, SOC/IR, Threat/Risk analysis, Penetration testing/ Red Team is preferred.
• Extensive experience in software, tools and cloud engineering (AWS, Azure, GCP and common modern backend/scripting development frameworks/languages such as Python and NodeJS)
• Familiarity with common security and threat frameworks such as NIST CSF, NIST SPs, CKC, MITRE ATT&CK)

A diverse and inclusive workplace works better for everyone 

We know that our people make us who we are. That's why we have built a culture of equity and respect – where everyone feels valued and appreciated for being their authentic selves. In partnership with our multiple Employee Resource Groups (ERGs) we continue to foster an inclusive environment, where all NAB colleagues’ unique backgrounds and identities are understood, respected and celebrated. We are committed to providing an environment where you can work your way.  

For details on the recruitment process, and accessibility, please visit www.nab.com.au/about-us/careers/apply-for-job.  To discuss adjustment requirements, please contact the NAB Careers team, via nab.careers@nab.com.au (please reference job number) or visit our Careers page through the link above for other contact options. 

Join NAB

If you think this role is the right fit for you, we would love to hear from you. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert. Unsolicited CVs from agencies will not be accepted. 

#LI-DNI