About this role
Australia’s largest public museum organisation is seeking a Cyber Security Operations Analyst at Museums Victoria.
ABOUT MUSEUMS VICTORIA:
Ever dreamed of working in a place where dinosaurs roam, stars explode, and the world’s most intriguing stories come to life? Welcome to Museums Victoria (MV)—where every day is a new opportunity to create unforgettable experiences. As one of the southern hemisphere’s largest and most iconic museum organisations, we’re not just about exhibits; we’re about engaging, immersive moments that spark curiosity, creativity, and connection.
Home to the awe-inspiring Melbourne Museum, the culturally rich Immigration Museum, the mind-expanding Scienceworks, and the World Heritage – listed Royal Exhibition Building, MV is a place where events transform spaces and stories into something truly unmissable. Join a passionate team that brings ideas to life and makes discovery part of everyday experience.
ABOUT THE POSITION:
The Cyber Security Operations Analyst supports the ongoing protection, monitoring and continuous improvement of Museums Victoria’s cyber security posture. Working closely with the Infrastructure and Cyber Security Manager, the role contributes to the implementation and operation of security controls, processes and technologies across the organisation’s digital environment, including on-premises infrastructure, cloud platforms and end-user services. The position plays a key role in detecting, investigating and responding to cyber threats, while supporting security monitoring, incident response, vulnerability management and secure configuration to reduce cyber risk, strengthen resilience and ensure compliance with Victorian Government security standards.
Some of the key duties include:
- Contribute to the continuous uplift of Museums Victoria’s cyber security posture by implementing audit recommendations and strengthening controls, standards and processes aligned with Victorian Government requirements (e.g. VPDSS, Essential Eight).
- Configure, optimise and operate enterprise security platforms including SIEM, endpoint protection, identity security, email security and cloud security tools.
- Monitor and investigate security alerts and incidents, coordinating technical response activities to ensure timely containment, remediation and reporting.
- Perform vulnerability management activities, including scanning, analysis, remediation tracking and risk reporting across on-premises and cloud environments.
- Support secure configuration and hardening of servers, networks, cloud services and end-user devices in line with secure-by-design and Zero Trust principles.
- Administer Microsoft 365 security capabilities including Defender, Conditional Access, cloud app security and identity protection controls.
- Contribute to cyber risk assessments, threat modelling and security reviews for new and existing systems and projects.
- Provide specialist cyber security advice to ICT teams and business stakeholders to promote secure practices and informed decision-making.
The successful applicant will have:
- Strong understanding of contemporary cyber security principles, frameworks and Victorian Government security requirements (e.g. VPDSS, Essential Eight)
- Hands-on experience operating enterprise security technologies, including SIEM, endpoint protection, Microsoft 365 security, identity and access management, email security, cloud security and vulnerability management tools
- Proven capability in security monitoring, incident investigation and coordinated response activities
- Experience securing and hardening infrastructure across on-premises and cloud environments.
- Demonstrated ability to assess cyber risk, interpret audit findings and implement practical mitigation strategies
- Strong analytical and problem-solving skills, with sound judgement in escalation and risk prioritisation
- Ability to manage competing priorities and deliver outcomes with a high degree of autonomy
- Clear and effective communication skills, with the ability to translate technical issues into practical advice for stakeholders
OTHER INFORMATION
The successful applicant is required to undergo a National Police Records Check and Working with Children Check and be assessed as suitable (new employees are required to meet this cost).